---

ldap_object.cc

Go to the documentation of this file.

/*************************************************************************/
/*  LDAPCONF - Linuxconf module for LDAP operation.
    
    Copyright (C) 1999,2000,2001 Stein Vråle <stein@terminator.net>

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the
    GNU General Public License for more details.
    
**************************************************************************/
/*!  LDAP_OBJECT.cc
  
    #Specification: Manage ldap data entries and directory access.
    This class will store all information for one LDAP object, when it is 
    retrived from the directory.
    The class provides methods to retrive data from directory, manipulate
    it, export and import to other formats, and write it back to the 
    directory again.
    
    TODO: The class should probably be splittet into two or maybe three
    classes, as the current object has grown so big, and contain methods
    which are totally unrelated to each other. Should not be to hard to
    split it, but we need a good design for a new class structure first.

**************************************************************************/
#pragma implementation
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <subsys.h>
#include <confdb.h>
#include <ctype.h>
#include "ldapconf_defs.h"

/*~PROTOBEG~ LDAPOBJECT */

/*!

  Create and initialize a new object.

*/
PUBLIC LDAPOBJECT::LDAPOBJECT ()
{
    D(debugf(4,">>>LDAPOBJECT::CREATE:"));
    
    init();
}

/*!

  Create and initialize a new object.
  Load named directory profile.

*/
PUBLIC LDAPOBJECT::LDAPOBJECT (const char *profile_name)
{
    D(debugf(4,">>>LDAPOBJECT::CREATE(%s)",profile_name));

    init();
    load_profile(profile_name);
}

/*

  Init new object.

*/
PUBLIC void LDAPOBJECT::init ()
{
    D(debugf(4,"---LDAPOBJECT::init"));

    // We assemble a unique name for the temporary ldif file
    static int instance=0;
    char buf[PATH_MAX];
    snprintf (buf,PATH_MAX-1,"/var/run/ldapconf.entry.%d.%d",getpid(),instance++);
    ldapconf_entry = strdup(buf);
    this->form = NULL;
    reset();
}

/*!

  Destroy object and free allocations.

*/
PUBLIC LDAPOBJECT::~LDAPOBJECT ()
{
    free (ldapconf_entry);
    if (this->form != NULL) delete this->form;

    D(debugf(4,"<<<LDAPOBJECT::DESTROY:"));
}

/*****************************

  LDAPOBJECT directory methods

*****************************/

/*!

    LDAPOBJECT.reset 
    Empty the local object

*/
PUBLIC int LDAPOBJECT::reset ()
{
    D(debugf(4,"---LDAPOBJECT::reset:"));
    reset_data();

    filter = "";
    attr = "";
    base = "";
    binddn = "";
    bindpw = "";
    host = "";
    port = "";

    ldif_format = 0;

    return 0;
}

/*!

    LDAPOBJECT.reset_data 
    Empty all attributes and objectclasses

*/
PUBLIC int LDAPOBJECT::reset_data ()
{
    D(debugf(4,"---LDAPOBJECT::reset_data:"));

    atlist.remove_all();
    oclist.remove_all();
//  command_line.setfrom("");

    return 0;
}

/*!
    LDABOBJECT.command
    
    Build commandline from standard, common, and custom settings.
    Run the command, and return the results.
*/
PUBLIC int LDAPOBJECT::command(const char *command, SSTRINGS&resmsg)
{
    D(debugf(4,"-->LDAPOBJECT::ldap_command: %s",command));
    SSTRING parameters;
    const char *args;
    int ret;    
    
    /* Directory config */
    if (!binddn.is_empty())
        parameters.appendf(" -D %s",binddn.get());
    if (!bindpw.is_empty()) 
        parameters.appendf(" -w %s",bindpw.get());
    if (!host.is_empty()) 
        parameters.appendf(" -h %s",host.get());
    if (!port.is_empty()) 
        parameters.appendf(" -p %s",port.get());
    
    /* Standard args */
    parameters.appendf(" %s",mode_openldap_params.get());

    if (!strcmp(command,"ldapsearch")) {
        parameters.append(" -LLL"); // Removes comment and version indication (OpenLdap 2.x)
        if (!base.is_empty())
            parameters.appendf(" -b %s",base.get());
    }

    /* OpenLDAP version depended parameters */
    if (!mode_openldap_version.cmp("2")) { 
        // This is for 2.x
        if (command != "ldappasswd"){
            // Add LDAP protocol version for this directory
            if (this->c_profile->getval("profile","protocol")){
                // User defined
                parameters.appendf(" -P %s",this->c_profile->getval("profile","protocol",mode_ldap_protocol.get()));
            }
            else{
                // Use default
                parameters.appendf(" -P %s",mode_ldap_protocol.get());
            }
        }
        // Add option to disable SASL with OL-2.x
        parameters.append(" -x");
    }
    
    /* Custom args */
    if (!command_line.is_empty())
        parameters.appendf(" %s",command_line.get());
    
    /* Filter */
    if (!filter.is_empty() && command == "ldapsearch")
        parameters.appendf(" %s",filter.get());

    /* Attr */
    if (!attr.is_empty() && command == "ldapsearch" )
        parameters.appendf(" %s",attr.get());

    args = parameters.get();
        

    /* Run command*/
    ret = sys_command (command,args,resmsg);

    D(debugf(4,"<--LDAPOBJECT::ldap_command:"));
    return ret;
}

/*!
    LDAPOBJECT.add 

    Add object to directory.
*/
PUBLIC int LDAPOBJECT::add ()
{
    D(debugf(4,"-->LDAPOBJECT::ADD"));
    int ret=0;
    SSTRINGS resmsg;

    export_ldif(ldapconf_entry);

    command_line.setfrom(" -a"); // Add
    command_line.appendf(" -f %s",ldapconf_entry); // Entry

    /* Run command*/
    ret = command ("ldapmodify",resmsg);
    
    /* Remove tmp entry file */
    unlink(ldapconf_entry);

    D(debugf(4,"<--LDAPOBJECT::ADD"));
    return ret;
}

/*!

    LDAPOBJECT.modify
    Update object to database

*/
PUBLIC int LDAPOBJECT::modify ()
{
    D(debugf(4,"-->LDAPOBJECT::MODIFY"));
    int ret=0;
    SSTRINGS resmsg;

    export_ldif(ldapconf_entry);

    command_line.setfrom(" -r");
    command_line.appendf(" -f %s",ldapconf_entry);

    /* Run command*/
    ret = command ("ldapmodify",resmsg); 
    
    /* Remove tmp entry file */
    unlink(ldapconf_entry);

    D(debugf(4,"<--LDAPOBJECT::MODIFY"));
    return ret;
}

/*!

  LDAPOBJECT.export_ldif
  Write object data to file in ldif format

*/
PUBLIC int LDAPOBJECT::export_ldif(const char *path)
{
    int ret=0;

    /* Remove creator/modifier stamps */
    at_del("modifytimestamp");
    at_del("modifiersname");
    at_del("createtimestamp");
    at_del("creatorsname");

    // Remove duplicates
    // \bug : Doing this will bypass the problem with duplicates of some entries (eg mail2),
    // but it will also hide the cause of the real problem - why/where do the duplicates come from?
    // it does not work , I think the problem is the file modify just add things but never tell openldap to remove attributes so they become duplicates !
    atlist.remove_dups();
    oclist.remove_dups();

    /* Build dataentry */
    FILE *fout = fopen (path,"w");
    if (fout != NULL){
        fprintf (fout,"%s\n",dn.get());
        D(debugf(4,"LDIF: %s",dn.get()));
//write objectclass before attributes

        for (int i=0; i<oclist.getnb(); i++){
            fprintf (fout,"%s\n",oclist.getitem(i)->get());
            D(debugf(4,"LDIF: %s",oclist.getitem(i)->get()));
        }

        for (int i=0; i<atlist.getnb(); i++){
            fprintf (fout,"%s\n",atlist.getitem(i)->get());
            D(debugf(4,"LDIF: %s",atlist.getitem(i)->get()));
        }

        fclose (fout);
    }

    return ret;
}

/*!

    LDAPOBJECT.del
    Delete object from database

*/
PUBLIC int LDAPOBJECT::del ()
{
    D(debugf(4,"---LDAPOBJECT::DEL"));
    int ret=0;  

    SSTRINGS resmsg;

    command_line.setfrom(dn.get());

    /* Run command*/
    ret = command ("ldapdelete",resmsg);

    return ret;
}

/*!

    LDAPOBJECT.search
    Search uniq object

*/
PUBLIC int LDAPOBJECT::search ()
{
    D(debugf(4,"-->LDAPOBJECT::SEARCH"));
    SSTRINGS data;
    char name[ATTR_NAME_MAX];
    char val[ATTR_VAL_MAX];

    D(debugf(4,"search filter: %s\n",filter.get()));
    reset_data();

    /* Run ldapsearch command*/
    command("ldapsearch",data);

    /* Split the objects */

    int c = 1;  /* Line counter */ 
    int d;      /* Number of lines */
    int idx = 0;    /* Object index number */   
    int i = 1; /* Object internal count */
    
    d = data.getnb();
    c = 0;
    c++; /* Skip command message */

    while (c < d ) {
        SSTRING *s = data.getitem(c);
        s->strip_end();

        const char *a = str_skip(s->get());

        if (s->is_empty()) { // Empty line is object seperator
            i=0;
        } else if (s->strstr("dn:") != 0) { // DN line found
            dn.setfrom(s->get());
            idx++;
            i=1;
            D(debugf(6,"search line=%d found %s\n",dn.get()));
        } else if (ldif_splitline(a,name,val)==0) {
            if (strncasecmp(name,"objectClass",11) == 0) {
                oc_add(val);
            }
            else{
                at_add(name,val);
            }
        } else { // Should not happen
            D(debugf(4,"search Warning - undecoded ldif line %s\n",s->get()));
        }
        c++;
    }
    return idx;
}

/*!

    LDAPOBJECT.search_list
    Search and return resultlist

*/
PUBLIC int LDAPOBJECT::search_list (SSTRINGS &lst)
{
    D(debugf(4,"-->LDAPOBJECT::SEARCH_LIST"));
    int ret=0;
    SSTRINGS data;  

    reset_data();

    attr.setfrom("dn");

    ret = command ("ldapsearch",data);

    int c = 0;  /* Line counter */ 
    int d = 0;      /* Number of lines */
    int idx = 0;    /* Object index number */   
    int i = 0; /* Object internal count */

    d = data.getnb();
    
    c++; // Skip the first line, its the ldapsearch commandline

    while (c < d ) {
        SSTRING *s = data.getitem(c);
        s->strip_end();

        const char *a = str_skip(s->get());

        if (s->is_empty()) { // Empty line is object seperator
            i=0;
        } else if (s->strstr("dn:") != NULL) { // DN line found
            lst.add(new SSTRING(a));
            idx++;
            i=1;
        } // Skip the rest of this object
        c++;
    }
    return idx;
}

/*!

    LDAPOBJECT.search_list_val
    Search and return resultlist, where entries are the values of the key attribute only.

*/
PUBLIC int LDAPOBJECT::search_list_val (SSTRINGS &lst,const char *key)
{
    D(debugf(4,"-->LDAPOBJECT::SEARCH_LIST_VAL (%s)",key));
    int ret=0;
    SSTRINGS data;
    char name[ATTR_NAME_MAX];
    char val[ATTR_VAL_MAX];

    reset_data();

    attr.setfrom(key);

    ret = command ("ldapsearch",data);

    int c = 0;  /* Line counter */ 
    int d = 0;      /* Number of lines */
    int idx = 0;    /* Object index number */   
    int i = 0; /* Object internal count */

    d = data.getnb();

    c++; // Skip the first line, its the ldapsearch commandline

    while (c < d ) {
        SSTRING *s = data.getitem(c);
        s->strip_end();

        const char *a = str_skip(s->get());

        if (s->is_empty()) { // Empty line is object seperator
            i=0;
        } else if (s->strstr("dn:") != NULL) { // DN line found
            idx++;
            i=1;
        } else if (i==1 && ldif_splitline(a,name,val)==0) {
            lst.add(new SSTRING(val));
            i++;
        }
        c++;
    }
    return idx;
}

/*!

    LDAPOBJECT.search_list_vals
    Search and return resultlist, where entries are the values of the specified attributes.
    The key attribute must always be specified.

*/
PUBLIC int LDAPOBJECT::search_list_vals (SSTRINGS &lst,const char *key,const char *at_name[])
{
    D(debugf(4,"-->LDAPOBJECT::SEARCH_LIST_VALS (%s)(%s)",key,at_name));
    int ret=0;
    SSTRINGS data;  
    char name[ATTR_NAME_MAX];
    char val[ATTR_VAL_MAX];

    reset_data();

    attr.setfrom(key);

    int atc = 0;
    while (at_name[atc] != NULL){
        attr.appendf(" %s",at_name[atc]);
        atc++;
    } 
    
    ret = command ("ldapsearch",data);

    int c = 0;  /* Line counter */ 
    int d = 0;      /* Number of lines */
    int idx = 0;    /* Object index number */   
    int i = 0; /* Object internal count */

    d = data.getnb();

    c++; // Skip the first line, its the ldapsearch commandline

    while (c < d ) {
        SSTRING *s = data.getitem(c);
        s->strip_end();

        const char *a = str_skip(s->get());

        if (s->is_empty()) { // Empty line is object seperator
            i=0;
        } else if (s->strstr("dn:") != NULL) { // DN line found
            idx++;
            i=1;
        } else if (i==1 && ldif_splitline(a,name,val)==0) {
            lst.add(new SSTRING(a));
            i++;
        } else if (ldif_splitline(a,name,val)==0) {
            lst.getitem(idx-1)->appendf("\t%s",a);
            i++;
        }

        c++;
    }
    return idx;
}

/**********************************************************************

  LDAPOBJECT datamanipulation

  The object data will be stored internally using SSTRING objects.
  Each SSTRING object will hold one attribute name and value, using 
  the same format as the one used in LDIF data:
  
  attrname: attrvalue

  The SSTRINGS object will be used to hold lists of related LDAP data.

  Following is a set of small methods to handle the internal datastorage.
  
  External functions should if possible try to use these methods when 
  dealing with the data, so it will be easy to change the internal data
  storage system later.

  This interface is not yet completed, but most of the current functions
  in ldapconf make use of it already.

***********************************************************************/

/*!
    LDAPOBJECT.dn_set

    Set dn.
*/
PUBLIC int LDAPOBJECT::dn_set (const char *val)
{   
    int ret=0;

    dn.setfromf("dn: %s",val);
    
    D(debugf(4,"---LDAPOBJECT::dn_set (%s)",val));
    return ret;
}

/************** 

    Attributes 

**************/

/*!
    LDAPOBJECT.at_list
    Copy all attribute names to the list.
    Return number of attributes.
*/
PUBLIC int LDAPOBJECT::at_list (SSTRINGS &lst)
{
    int n = atlist.getnb();
    D(debugf(4,"at_list number of attr=%d\n",n));

    for (int i=0; i<n; i++){
        SSTRINGS tb;
        if (SSTRING *it = atlist.getitem(i)){
            str_splitline(it->get(),':',tb);
            if (tb.getitem(0)) {
                lst.add (new SSTRING( tb.getitem(0)->get()) );
                D(debugf(6,"LDAPOBJECT::at_list found attr %s\n",tb.getitem(0)->get()));
            }
        }
    }
    return n;
}

/*!
    LDAPOBJECT.at_get
    
    Locate the value of the named attribute.
    Return NULL if the name is not defined.
    Eventual quote surrounding the value are removed.
*/
PUBLIC const char* LDAPOBJECT::at_get (const char *name)
{
    return LDAPOBJECT::at_get(name,1);
}

/*!
    LDAPOBJECT.at_get
    
    Locate the value of the k named attribute.
    Return NULL if the name is not defined.
    Eventual quote surrounding the value are removed.
*/
PUBLIC const char* LDAPOBJECT::at_get (const char *name, int k)
{
    char tmp[1000];
    const char *ret = NULL;
    SSTRING *it = locateassign(name,k);

    if (it != NULL){
        const char *pt = it->strchr(':');
        if (pt != NULL){
            ret = pt+2;
            if (ret[0] == '"'){
                ret++;
                strncpy (tmp,ret,sizeof(tmp));
                strip_end (tmp);
                int len = strlen(tmp)-1;
                if (len >= 0 && tmp[len] == '"') tmp[len] = '\0';
                ret = tmp;
            }
        }
    }

    D(debugf(6,"LDAPOBJECT::at_get %s: %s\n",name,ret));
    return ret;
}

/*!
    LDAPOBJECT.at_getall

    Copy multiple attribute values from the named attribute to the list.
    Return number of values found.
*/
PUBLIC int LDAPOBJECT::at_getall (const char *name,SSTRINGS &lst)
{
    int num = 0;

    num = locate(name,lst);

    D(debugf(6,"LDAPOBJECT::at_getall name=%s num=$d \n",name,num));
    return num;
}

/*!
    LDAPOBJECT.at_getname

    Return the name of attribute n.
    Return NULL if not found.
*/
PUBLIC const char* LDAPOBJECT::at_getname (int num)
{
    char name[ATTR_NAME_MAX];
    const char *ret = NULL;

    SSTRING *it = atlist.getitem(num);

    if (it != NULL){        
        SSTRINGS tb;
        str_splitline(it->get(),':',tb); // 2.0
        strncpy(name,tb.getitem(0)->get(),ATTR_NAME_MAX);
        strip_end(name);
        ret = name;
    }

    D(debugf(6,"LDAPOBJECT::at_getname %d=%s\n",num,name));
    return ret;
}

/*!
    LDAPOBJECT.at_getval

    Return the value of attribute n.
    Return NULL if not found.
*/
PUBLIC const char* LDAPOBJECT::at_getval (int num)
{
    char val[ATTR_VAL_MAX];
    const char *ret = NULL;

    SSTRING *it = atlist.getitem(num);

    if (it != NULL){        
        SSTRINGS tb;
        str_splitline(it->get(),':',tb); // 2.0
        strncpy(val,tb.getitem(1)->get(),ATTR_VAL_MAX);
        strip_end(val);
        ret = val;
    }

    D(debugf(6,"LDAPOBJECT::at_getval %d=%s\n",num,val));
    return ret;
}

/*!
    LDAPOBJECT.at_set

    Update or add an attribute STR value.
    It will replace any existing value.
*/
PUBLIC int LDAPOBJECT::at_set (const char *name ,const char *val)
{
    D(debugf(4,"-->LDAPOBJECT::at_set:str (%s,%s)",name,val));
    int ret=0;
    
    // Don't save empty attributes.
    // \bug  - sometimes it should be saved as empty in directroy, sometimes not - 
    // we need something to handle both situations  
    if (strlen(val) == 0) {
        D(debugf(4,"<--LDAPOBJECT::at_set:str NULL value - not saved"));
        return 0;
    }

    // we must remove extra numbers at the end 
    // to manage multi attribute values 
    // ie we want to add mail not mail3 or mail5
    // The number must be removed before we can search 
    // for other dublicates

    char * basename=strdup(name);
    char * p=basename+strlen(basename)-1;   
    bool multivalue = false;
    D(debugf(4,"p=(%c)",*p));
    
    while (isdigit(*p)) {
        D(debugf(4,"at_set multiattribute value %c",*p));
        *p = '\0';
        p--;
        multivalue=true;
    }
    
    // Use at_add instead of at_set if this is multivalue and current index >= 2
    if (multivalue) {
        at_add(basename,val);
        return ret;
    }

    D(debugf(4,"str=(%s) p=(%c)",basename,*p));
    // Check for non-ascii char, if attr is not a password field. 
    // \bug : total rewrite when we find out how to handle this problem
    if (strncasecmp(name,"userpassword",ATTR_VAL_MAX)){ 
        str_conv_ascii(val);
    }

    // Got our real name, now search for duplicates 
    SSTRING *it = locateassign(basename);
    if (it == NULL){
        it = new SSTRING("");
        atlist.add (it);
    }

    it->setfrom (basename);

    // lowering attribute name only, not the value
    // we have to lower because comparing the values with strncasecmp 
    // is not enough as the attribute will be indexed by using its name 
    // so we would miss it sometimes
    it->to_lower();

    // \bug : temporary support for base64 passwords, just to see if it helps.
    if (!it->cmp("userpassword"))
        it->append(":");

    it->appendf(": %s",val);
    it->strip_end(); // Make sure it is clean

    D(debugf(4,"<--LDAPOBJECT::at_set:str (%s)",it->get()));
    return ret; 
}

/*!
    LDAPOBJECT.at_set

    Update or add an attribute NUM value.
    Will replace existing value.
*/
PUBLIC int LDAPOBJECT::at_set (const char *name ,int val)
{
    D(debugf(4,"-->LDAPOBJECT::at_set:num (%s,%i)",name,val));
    int ret=0;

    SSTRING *it = locateassign(name);
    if (it == NULL){
        it = new SSTRING("");
        atlist.add (it);
    }
    it->setfrom (name);
    // lowering attribute name only, not the value
    it->to_lower();

    it->appendf(": %d",val);    

    D(debugf(4,"<--LDAPOBJECT::at_set:num (%s)",it->get()));
    return ret;
}

/*!
    LDAPOBJECT.at_add

    Add attribute STR value.
    Should always add a new attr value, even if an attr with same name already exist,
    to support multivalue fields.
    (Use at_set to replace attributes.)
*/
PUBLIC int LDAPOBJECT::at_add (const char *name ,const char *val)
{
    D(debugf(4,"-->LDAPOBJECT::at_add:str (%s,%s)",name,val));
    int ret=0;

    if (strlen(val) == 0) {
        D(debugf(4,"<--LDAPOBJECT::at_add:str NULL value - not saved"));
        return ret;
    }
    
    // Check for non-ascii char, if attr is not a password field. 
    // \bug : total rewrite when we find out how to handle this problem
    if (strncasecmp(name,"userpassword",ATTR_VAL_MAX)){ 
        str_conv_ascii(val);
    }
    
    SSTRING *it = NULL;
    if (it == NULL){
        it = new SSTRING("");
        atlist.add (it);
    }
    it->setfrom (name);
    // lowering attribute name only, not the value
    it->to_lower();

    //! \bug : temporary support for base64 passwords, just to see if it helps.
    if (!it->cmp("userpassword"))
        it->append(":");
    
    it->appendf(": %s",val);

    D(debugf(4,"<--LDAPOBJECT::at_add:str (%s)",it->get()));
    return ret;
}

/*!
    LDAPOBJECT.at_add

    Add attribute NUM value.
    Will not replace existing values.
*/
PUBLIC int LDAPOBJECT::at_add (const char *name ,int val)
{
    D(debugf(4,"-->LDAPOBJECT::at_add:num (%s,%i)",name,val));
    int ret=0;

    SSTRING *it = locateassign(name);
    if (it == NULL){
        it = new SSTRING("");
        atlist.add (it);
    }

    it->setfrom (name);

    // lowering attribute name only, not the value
    it->to_lower();
    it->appendf(": %d",val);

    D(debugf(4,"<--LDAPOBJECT::at_set:num (%s)",it->get()));
    return ret;
}

/*!
    LDAPOBJECT.at_del

    Delete all instances of the named attribute.
*/
PUBLIC int LDAPOBJECT::at_del (const char *name)
{
    D(debugf(4,"-->LDAPOBJECT::at_del  (%s)",name));
    int ret=0;

    while (1){
        SSTRING *it = locateassign (name);
        if (it == NULL) break;
        ret = atlist.remove_del(it);
        D(debugf(3,":at_del: Deleting (%s)",name));
    }
    
    D(debugf(4,"<--LDAPOBJECT::at_del  (%s)",name));
    return ret;
}

/**************** 

    Objectclasses 

****************/

/*!
    LDAPOBJECT.oc_list

    Copy objectclass names to the list.
    Return number of items found.
*/
PUBLIC int LDAPOBJECT::oc_list (SSTRINGS&lst)
{
    int n =oclist.getnb();

    for (int i=0; i<n; i++){ 
        
        SSTRING *it = oclist.getitem(i);
        SSTRINGS tb;
        const char *name = NULL;

        str_splitline(it->get(),':',tb);
        name =  tb.getitem(1)->get();
        lst.add ( new SSTRING(name) );
        D(debugf(6,"LDAPOBJECT::oc_list %s",name));
    }   

    return n;
}

/*!
    LDAPOBJECT.oc_add

    Add named objectclass.
*/
PUBLIC int LDAPOBJECT::oc_add (const char *val)
{
    int ret=0;
    char buf[ATTR_VAL_MAX];

    snprintf(buf,sizeof(buf)-1,"objectClass: %s",val);
    oclist.add(new SSTRING (buf));

    // No objectclass need multivalues, 
    // so make sure there is only one of each
    oclist.remove_dups();

    D(debugf(4,"LDAPOBJECT::oc_add (%s)",buf));
    return ret;
}

/*!
    LDAPOBJECT.oc_del

    Delete named objectclass.
*/
PUBLIC int LDAPOBJECT::oc_del (const char *name)
{
    int ret=0;

    // Locate named class and remove it if found
    int n = oclist.lookup(name);
    if (n)
        ret = oclist.remove(oclist.getitem(n));
    else
        ret = -1;

    D(debugf(4,"---LDAPOBJECT::oc_del (%s)", name));
    return ret;
}

/*!
    LDAPOBJECT.oc_getval

    Return the name of objectclass n
    Return NULL if not found.
*/
PUBLIC const char* LDAPOBJECT::oc_getval (int num)
{
    SSTRINGS tb;
    const char *val = NULL;

    SSTRING *it = oclist.getitem(num);  

    if (it){        
        str_splitline(it->get(),':',tb);
        val = tb.getitem(1)->get();
    }

    // Remove frontspace
    str_skip(val);

    D(debugf(6,"LDAPOBJECT::oc_getval %s\n",val));
    return val;
}

/******************** 

    Utility functions 

********************/

/*! 
    LDAPOBJECT.locateassign
    
    Lookup attribute and return in "raw" SSTRING format (name: value)
    Return NULL if not found.
*/
PUBLIC SSTRING* LDAPOBJECT::locateassign (const char *key)
{
    return LDAPOBJECT::locateassign (key,1);
};

/*!  
    LDAPOBJECT.locateassign
    
    Lookup attribute number k and return in "raw" SSTRING format (name: value)
    Return NULL if not found.

    k is >=1 and is the number of the attribute we are looking for
    1 means the first
    3 means the third....
    usefull for example if many mail attributes for the same person
*/
PUBLIC SSTRING* LDAPOBJECT::locateassign (const char *key, int k)
{
    int lenkey = strlen(key);
    int k2=0;
    SSTRING  *ret = NULL;
    int n = atlist.getnb();
    for (int i=0; i<n; i++){
        SSTRING *it = atlist.getitem (i);
        const char *pt = it->get();
        pt = str_skip(pt);
        if (strncasecmp(pt,key,lenkey)==0 && pt[lenkey] == ':'){ // 2.0
            k2++;
            if (k==k2) {    // k th attribute of value key, this is the good one 
                ret = it;
                break;
            }
        }
    }
    return ret;
}

/*!  
    LDAPOBJECT.locate
    
    Locate all attributes with the given name.
    Return number found.
*/
PUBLIC int LDAPOBJECT::locate (const char *key, SSTRINGS &lst)
{
    int lenkey = strlen(key);
    int ret = 0;
    int n = atlist.getnb();
    for (int i=0; i<n; i++){
        SSTRING *it = atlist.getitem (i);
        const char *pt = it->get();
        pt = str_skip(pt);
        if (strncasecmp(pt,key,lenkey)==0 && pt[lenkey] == ':'){
            // Strip the key
            pt += strlen(key)+1;
            pt = str_skip (pt);
            lst.add(new SSTRING (pt));
            ret++;
        }
    }
    return ret;
}

/*!  
    LDAPOBJECT.ldif_splitline
    
    Split ldif formatted stringline into attribute and value components.
*/
PUBLIC int LDAPOBJECT::ldif_splitline (const char *ldif, char *name, char *val)
{ 
    char *pt;

    pt = strchr(ldif,':');

    if (pt != NULL) {
        // Extract name
        strncpy(name,ldif,ATTR_NAME_MAX);
        pt = strchr(name,':');
        *pt = '\0';
        strip_end(name);
        
        // Extract value
        pt = strchr(ldif,':');
        pt +=2;
        strncpy(val,pt,ATTR_VAL_MAX);
        strip_end(val);
        
        return 0;
    }
    else return -1;
}


/*************** 

   Utilities 

****************/

/*!

    Load LDAP configuration from CONFDB profile object 

*/
PUBLIC int LDAPOBJECT::load_profile(const char *profile_name)
{
    D(debugf(4,"LDAPOBJECT::load_profile(%s)",profile_name));

    int ret = -1;
    
    CONFDB c_ldapconf(f_ldapconf);

    char fpath[PATH_MAX]; 
    /* Load profile */
    sprintf(fpath,"%s/%s",PROFILE_DIR,profile_name);
    CONFIG_FILE f_profile (fpath,help_ldap
                           ,CONFIGF_MANAGED|CONFIGF_OPTIONAL
                           ,"root","root",0600
                           ,subsys_ldap);   
    c_profile = new CONFDB (f_profile);

    this->bindname = c_profile->getval ("profile","bind","formclient");
    this->formname = c_profile->getval ("profile","form","formclient");
    this->dn_prefix = c_profile->getval ("profile","prefix","ou=People");
    this->group_prefix = c_profile->getval ("profile","groupprefix","ou=Group");
    this->primary_key = c_profile->getval ("profile","primarykey","uid");
    this->crypt_hash = c_profile->getval ("profile","crypt_hash","");

    /* Load binding */
    sprintf (fpath,"%s/%s",DBBIND_DIR,this->bindname.get());
    CONFIG_FILE f_bind (fpath,help_ldap
                        ,CONFIGF_MANAGED|CONFIGF_OPTIONAL
                        ,"root","root",0600
                        ,subsys_ldap);
    CONFDB c_bind (f_bind); 

    /* Set default binding */
    this->host = c_bind.getval("ldap","host");
    this->base = c_bind.getval("ldap","base");
    this->binddn = c_bind.getval("ldap","binddn");
    this->bindpw = c_bind.getval("ldap","bindpw");

    /* Load form */
    sprintf (fpath,"%s/%s",DBFORM_DIR,this->formname.get());
    CONFIG_FILE f_form (fpath,help_ldap
                        ,CONFIGF_MANAGED|CONFIGF_OPTIONAL
                        ,"root","root",0600
                        ,subsys_ldap);  

    if (this->form != NULL) delete this->form;
    this->form = new CONFDB(f_form);

    ret = 0;
    return ret;
}

/*!

    Set new password for the named user.
    Return error message if update failed.
    (normally caused by denied access)

*/
PUBLIC int LDAPOBJECT::set_password (const char *username,const char *password)
{
    int ret=0;
    SSTRINGS resmsg;

    command_line.setfrom("");
    if (!mode_openldap_version.cmp("2")) { // OpenLDAP 2.x
        command_line.appendf(" -s %s",password); //2.0 1.0= -e
        command_line.appendf(" uid=%s,%s,%s",username,dn_prefix.get(),base.get());
    }
    else { // OpenLDAP 1.x
        if (!crypt_hash.is_empty()) 
            command_line.appendf(" -H %s",crypt_hash.get());
        command_line.appendf(" -e %s",password);
        command_line.appendf(" -t uid=%s,%s,%s",username,dn_prefix.get(),base.get());
    }

    ret = command ("ldappasswd",resmsg); 
    
    return ret;
}

/*!
    LDAPOBJECT.export_confdb
  
    Export data to CONFDB object. 
*/
PUBLIC int LDAPOBJECT::export_confdb(CONFDB *c_data)
{
    int ret = 0;
    const char *prefix;
    const char *attr;
    SSTRING attrk;
    const char *val;

    SSTRINGS at_names;

    prefix = at_get(primary_key.get());
    int n = at_list(at_names); // Get all attribute names

    D(debugf(4,"LDAPOBJECT::export_confdb prefix=%s attrcount=%d\n",prefix,n));

    for (int i=0; i<n; i++){
        if (at_names.getitem(i)==NULL) continue;  //uncorrect result , let's try the next one
        attr = at_names.getitem(i)->get(); // Get attribute key
        const char * save_attr=attr;
        int k=0;
        c_data->removeall(prefix,attr);   // Reset item
        while (k++<1000) { // avoid infinite loop (should not happen !) 
            attr=save_attr;
            val = at_get(attr,k);                  // Get k  attribute value
            if (!val) break ; //exit the loop if no more value for this attribute
            if (k>1) { // multivalue attribute
                // trick :
                // we will use mail2 mail3   instead of mail
                attrk.setfrom(attr);
                attrk.appendf("%d",k);
                attr=attrk.get(); // will be restored with save_attr
            }
            c_data->add(prefix,attr,val);     // Add item
            D(debugf(6,"LDAPOBJECT::export k=%d %s.%s=%s\n",k,prefix,attr,val));
        }
    }
    return ret;
}

/*! 
   LDAPOBJECT.import_confdb

   Import data from CONFDB object. 
*/
PUBLIC int LDAPOBJECT::import_confdb(CONFDB *c_data)
{
    D(debugf(4,"-->LDAPOBJECT::import_confdb"));
    int ret = 0;    
    const char *bkey;
    const char *key;
    const char *val;

    int n = c_data->getnb();

    // Reset/replace all existing attributes before import.
    atlist.remove_all();

    // Get all keys from confdb and register their data inside ldapobject 
    for (int i=0; i<n; i++){
        SSTRINGS tb;

        // Get the complet key
        const char *fullkey = c_data->getitem(i)->key.get(); // Get full key

        // Split key in minor and major
        str_splitline(fullkey,'.',tb);
        bkey = tb.getitem(0)->get();
        key = tb.getitem(1)->get();
        if (key == NULL)
            key = bkey;
        
        // Get the value
        val = c_data->getitem(i)->val.get(); 

        // Add attribute
        at_set(key,val); 

        D(debugf(4,":import_confdb: %s.%s=%s",bkey,key,val));
    }

    D(debugf(4,"<--LDAPOBJECT::import_confdb:"));
    return ret;
}

/*! 
    Return free uid to available for used by new object
*/
PUBLIC int LDAPOBJECT::get_free_uid()
{
    int uid = 999;

    return uid;
}

/*! 
    Return next free gid to be used by a new object
*/
PUBLIC int LDAPOBJECT::get_free_gid()
{
    int gid = 999;

    return gid;
}


/*~PROTOEND~ LDAPOBJECT */

---