Adding upstream version 2.5.13+dfsg.upstream/2.5.13+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

383 files changed, 124224 insertions, 0 deletions

diff --git a/contrib/ConfigOIDs b/contrib/ConfigOIDs
new file mode 100644
index 0000000..6dd4a9a
--- /dev/null
+++ b/contrib/ConfigOIDs
@@ -0,0 +1,8 @@
+List of OpenLDAP Configuration OIDs allocated to contrib modules
+
+OLcfgCt{Oc|At}:1	smbk5pwd
+OLcfgCt{Oc|At}:2	autogroup
+OLcfgCt{Oc|At}:3	nssov
+OLcfgCt{Oc|At}:4	cloak
+OLcfgCt{Oc|At}:5	lastbind
+OLcfgCt{Oc|At}:6	adremap
diff --git a/contrib/README b/contrib/README
new file mode 100644
index 0000000..7c3f203
--- /dev/null
+++ b/contrib/README
@@ -0,0 +1,32 @@
+OpenLDAP Contributed Software README
+
+OpenLDAP Project provides a number of freely-distributable LDAP
+software packages.  While distributed as part of OpenLDAP Software,
+they are not necessarily supported by the OpenLDAP Project.  Some
+packages may be out of date.  Each package in this directory has its
+own use and may have different redistribution restrictions than typical
+for OpenLDAP Software.
+
+Current contributions:
+	ldapc++
+		LDAP C++ API
+		Contributed by SuSE Gmbh.
+
+	ldaptcl
+		LDAP TCL API
+		Contributed by NeoSoft
+
+	slapd-modules
+		Native-API modules
+
+	slapd-tools
+		Tools to use with slapd
+
+	slapi-plugins
+		SLAPI plugins
+
+
+OpenLDAP Contributing Guidelines are available at:
+  <http://www.openldap.org/devel/contributing.html>.
+
+$OpenLDAP$
diff --git a/contrib/ldapc++/AUTHORS b/contrib/ldapc++/AUTHORS
new file mode 100644
index 0000000..aee9ec8
--- /dev/null
+++ b/contrib/ldapc++/AUTHORS
@@ -0,0 +1 @@
+Ralf Haferkamp <rhafer@suse.de>
diff --git a/contrib/ldapc++/COPYRIGHT b/contrib/ldapc++/COPYRIGHT
new file mode 100644
index 0000000..94dea5c
--- /dev/null
+++ b/contrib/ldapc++/COPYRIGHT
@@ -0,0 +1,6 @@
+Copyright 1998-2022 The OpenLDAP Foundation.  All rights reserved.
+
+COPYING RESTRICTIONS APPLY.
+
+See COPYRIGHT and LICENSE files in the top-level directory of this
+distribution (i.e., ../../COPYRIGHT and ../../LICENSE, respectively).
diff --git a/contrib/ldapc++/Makefile.am b/contrib/ldapc++/Makefile.am
new file mode 100644
index 0000000..679d84d
--- /dev/null
+++ b/contrib/ldapc++/Makefile.am
@@ -0,0 +1,10 @@
+# $OpenLDAP$
+
+##
+# Copyright 2000-2022 The OpenLDAP Foundation. All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+
+EXTRA_DIST=COPYRIGHT doxygen.rc LICENSE version.var version.sh
+SUBDIRS = src examples
+
diff --git a/contrib/ldapc++/Makefile.in b/contrib/ldapc++/Makefile.in
new file mode 100644
index 0000000..7e4edcb
--- /dev/null
+++ b/contrib/ldapc++/Makefile.in
@@ -0,0 +1,620 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $OpenLDAP$
+
+# Copyright 2000-2022 The OpenLDAP Foundation. All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS TODO \
+	config.guess config.sub depcomp install-sh ltmain.sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+	html-recursive info-recursive install-data-recursive \
+	install-dvi-recursive install-exec-recursive \
+	install-html-recursive install-info-recursive \
+	install-pdf-recursive install-ps-recursive install-recursive \
+	installcheck-recursive installdirs-recursive pdf-recursive \
+	ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
+  distclean-recursive maintainer-clean-recursive
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d $(distdir) \
+    || { find $(distdir) -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr $(distdir); }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+OPENLDAP_CPP_API_VERSION = @OPENLDAP_CPP_API_VERSION@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+EXTRA_DIST = COPYRIGHT doxygen.rc LICENSE version.var version.sh
+SUBDIRS = src examples
+all: all-recursive
+
+.SUFFIXES:
+am--refresh:
+	@:
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign '; \
+	      cd $(srcdir) && $(AUTOMAKE) --foreign  \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+distclean-libtool:
+	-rm -f libtool
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+#     (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	target=`echo $@ | sed s/-recursive//`; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    dot_seen=yes; \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done; \
+	if test "$$dot_seen" = "no"; then \
+	  $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+	fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+	@failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
+	dot_seen=no; \
+	case "$@" in \
+	  distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+	  *) list='$(SUBDIRS)' ;; \
+	esac; \
+	rev=''; for subdir in $$list; do \
+	  if test "$$subdir" = "."; then :; else \
+	    rev="$$subdir $$rev"; \
+	  fi; \
+	done; \
+	rev="$$rev ."; \
+	target=`echo $@ | sed s/-recursive//`; \
+	for subdir in $$rev; do \
+	  echo "Making $$target in $$subdir"; \
+	  if test "$$subdir" = "."; then \
+	    local_target="$$target-am"; \
+	  else \
+	    local_target="$$target"; \
+	  fi; \
+	  (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+	  || eval $$failcom; \
+	done && test -z "$$fail"
+tags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+	done
+ctags-recursive:
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  test "$$subdir" = . || (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+	  include_option=--etags-include; \
+	  empty_fix=.; \
+	else \
+	  include_option=--include; \
+	  empty_fix=; \
+	fi; \
+	list='$(SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test ! -f $$subdir/TAGS || \
+	      tags="$$tags $$include_option=$$here/$$subdir/TAGS"; \
+	  fi; \
+	done; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d $(distdir) || mkdir $(distdir)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+	list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+	  if test "$$subdir" = .; then :; else \
+	    test -d "$(distdir)/$$subdir" \
+	    || $(MKDIR_P) "$(distdir)/$$subdir" \
+	    || exit 1; \
+	    distdir=`$(am__cd) $(distdir) && pwd`; \
+	    top_distdir=`$(am__cd) $(top_distdir) && pwd`; \
+	    (cd $$subdir && \
+	      $(MAKE) $(AM_MAKEFLAGS) \
+	        top_distdir="$$top_distdir" \
+	        distdir="$$distdir/$$subdir" \
+		am__remove_distdir=: \
+		am__skip_length_check=: \
+	        distdir) \
+	      || exit 1; \
+	  fi; \
+	done
+	-find $(distdir) -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r $(distdir)
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && cd $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@cd $(distuninstallcheck_dir) \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-libtool \
+	distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-info: install-info-recursive
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-ps: install-ps-recursive
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
+	install-strip
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+	all all-am am--refresh check check-am clean clean-generic \
+	clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
+	dist-gzip dist-lzma dist-shar dist-tarZ dist-zip distcheck \
+	distclean distclean-generic distclean-libtool distclean-tags \
+	distcleancheck distdir distuninstallcheck dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am install-info \
+	install-info-am install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+	uninstall uninstall-am
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/ldapc++/README b/contrib/ldapc++/README
new file mode 100644
index 0000000..33a9135
--- /dev/null
+++ b/contrib/ldapc++/README
@@ -0,0 +1,37 @@
+This is an unstable development release of a LDAPv3 C++ Class Library.
+It was created as the diploma thesis (final project) of my computer 
+science studies.
+It is based upon the OpenLDAP C-API and so it needs the C-library and
+Headerfiles installed.
+
+Installation:
+=============
+Just run the "configure" script with the appropriate options. Especially
+these two options can be imported, if you didn't install the OpenLDAP-
+libraries in the default place:
+
+--with-libldap=<path to libldap> : To tell configure where the OpenLDAP
+        C-libraries are located.
+--with-ldap-includes=<path to ldap include files> : To tell configure
+        where the OpenLDAP include files are located.
+--enable-debug to enable compilation with debugging symbols and stderr
+        output
+(run "configure --help" to see all possible command line options)
+
+If configure finishes without problems. You can simply call "make" to 
+build the library and "make install" to install it.
+
+Documentation:
+==============
+Docs are very incomplete. You can either look in the source files for 
+the documentation comment of generate documentation  using "doxygen"
+or any other javadoc compatible documentation generator.
+
+Bugreports and other feedback:
+==============================
+If you find bugs please feel free to send me a detailed report. All 
+other kinds of feedback are welcomed as well.
+
+
+	Ralf Haferkamp <rhafer@suse.de>
+
diff --git a/contrib/ldapc++/TODO b/contrib/ldapc++/TODO
new file mode 100644
index 0000000..643d573
--- /dev/null
+++ b/contrib/ldapc++/TODO
@@ -0,0 +1,31 @@
+OpenLDAP C++ LDAP API ToDo items:
+=================================
+
+This is a list of projects that need getting done for the C++ API.  
+They are not listed in any specific order.  Contribute to projects 
+based upon your personal priorities.
+
+If you would like to work on any of these projects, please coordinate
+by posting to OpenLDAP-devel mailing list:
+  http://www.OpenLDAP.org/lists
+
+If you have a project you'd like added to the list, talk it up on
+Developer's list or just do it.
+
+Please read:
+        http://www.OpenLDAP.org/devel/programming.html
+        http://www.OpenLDAP.org/devel/contributing.html
+
+
+- Add SASL Authentication 
+- Add methods to the Data Classes (LDAPAttribute, LDAPEntry) for higher
+  usability. (e.g. LDAPAttributeList::getAttribute(name), ... )
+- implement some Controls/Extended Operations
+- LDIF im/export library
+- Rework the logging and debugging facilities
+- write some more documentation about the design and structure of the 
+  library.
+- example applications
+
+$ID$
+
diff --git a/contrib/ldapc++/aclocal.m4 b/contrib/ldapc++/aclocal.m4
new file mode 100644
index 0000000..8a9f08b
--- /dev/null
+++ b/contrib/ldapc++/aclocal.m4
@@ -0,0 +1,10228 @@
+# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
+
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],,
+[m4_warning([this file was generated for autoconf 2.69.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically 'autoreconf'.])])
+
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+#
+#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
+#   Written by Gordon Matzigkeit, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+m4_define([_LT_COPYING], [dnl
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program or library that is built
+# using GNU Libtool, you may include this file under the  same
+# distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+])
+
+# serial 58 LT_INIT
+
+
+# LT_PREREQ(VERSION)
+# ------------------
+# Complain and exit if this libtool version is less that VERSION.
+m4_defun([LT_PREREQ],
+[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
+       [m4_default([$3],
+		   [m4_fatal([Libtool version $1 or higher is required],
+		             63)])],
+       [$2])])
+
+
+# _LT_CHECK_BUILDDIR
+# ------------------
+# Complain if the absolute build directory name contains unusual characters
+m4_defun([_LT_CHECK_BUILDDIR],
+[case `pwd` in
+  *\ * | *\	*)
+    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
+esac
+])
+
+
+# LT_INIT([OPTIONS])
+# ------------------
+AC_DEFUN([LT_INIT],
+[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
+AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
+AC_BEFORE([$0], [LT_LANG])dnl
+AC_BEFORE([$0], [LT_OUTPUT])dnl
+AC_BEFORE([$0], [LTDL_INIT])dnl
+m4_require([_LT_CHECK_BUILDDIR])dnl
+
+dnl Autoconf doesn't catch unexpanded LT_ macros by default:
+m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
+m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
+dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
+dnl unless we require an AC_DEFUNed macro:
+AC_REQUIRE([LTOPTIONS_VERSION])dnl
+AC_REQUIRE([LTSUGAR_VERSION])dnl
+AC_REQUIRE([LTVERSION_VERSION])dnl
+AC_REQUIRE([LTOBSOLETE_VERSION])dnl
+m4_require([_LT_PROG_LTMAIN])dnl
+
+_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
+
+dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS=$ltmain
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+_LT_SETUP
+
+# Only expand once:
+m4_define([LT_INIT])
+])# LT_INIT
+
+# Old names:
+AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
+AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
+dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+
+
+# _LT_PREPARE_CC_BASENAME
+# -----------------------
+m4_defun([_LT_PREPARE_CC_BASENAME], [
+# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+    for cc_temp in @S|@*""; do
+      case $cc_temp in
+        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+        \-*) ;;
+        *) break;;
+      esac
+    done
+    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+])# _LT_PREPARE_CC_BASENAME
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
+# but that macro is also expanded into generated libtool script, which
+# arranges for $SED and $ECHO to be set by different means.
+m4_defun([_LT_CC_BASENAME],
+[m4_require([_LT_PREPARE_CC_BASENAME])dnl
+AC_REQUIRE([_LT_DECL_SED])dnl
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+func_cc_basename $1
+cc_basename=$func_cc_basename_result
+])
+
+
+# _LT_FILEUTILS_DEFAULTS
+# ----------------------
+# It is okay to use these file commands and assume they have been set
+# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
+m4_defun([_LT_FILEUTILS_DEFAULTS],
+[: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+])# _LT_FILEUTILS_DEFAULTS
+
+
+# _LT_SETUP
+# ---------
+m4_defun([_LT_SETUP],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
+
+_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
+dnl
+_LT_DECL([], [host_alias], [0], [The host system])dnl
+_LT_DECL([], [host], [0])dnl
+_LT_DECL([], [host_os], [0])dnl
+dnl
+_LT_DECL([], [build_alias], [0], [The build system])dnl
+_LT_DECL([], [build], [0])dnl
+_LT_DECL([], [build_os], [0])dnl
+dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+test -z "$LN_S" && LN_S="ln -s"
+_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
+dnl
+AC_REQUIRE([LT_CMD_MAX_LEN])dnl
+_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
+_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
+dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
+m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
+m4_require([_LT_CMD_OLD_ARCHIVE])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_WITH_SYSROOT])dnl
+m4_require([_LT_CMD_TRUNCATE])dnl
+
+_LT_CONFIG_LIBTOOL_INIT([
+# See if we are running on zsh, and set the options that allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}"; then
+   setopt NO_GLOB_SUBST
+fi
+])
+if test -n "${ZSH_VERSION+set}"; then
+   setopt NO_GLOB_SUBST
+fi
+
+_LT_CHECK_OBJDIR
+
+m4_require([_LT_TAG_COMPILER])dnl
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test set != "${COLLECT_NAMES+set}"; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a '.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+old_CC=$CC
+old_CFLAGS=$CFLAGS
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    _LT_PATH_MAGIC
+  fi
+  ;;
+esac
+
+# Use C for the default configuration in the libtool script
+LT_SUPPORTED_TAG([CC])
+_LT_LANG_C_CONFIG
+_LT_LANG_DEFAULT_CONFIG
+_LT_CONFIG_COMMANDS
+])# _LT_SETUP
+
+
+# _LT_PREPARE_SED_QUOTE_VARS
+# --------------------------
+# Define a few sed substitution that help us do robust quoting.
+m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
+[# Backslashify metacharacters that are still active within
+# double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+])
+
+# _LT_PROG_LTMAIN
+# ---------------
+# Note that this code is called both from 'configure', and 'config.status'
+# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
+# 'config.status' has no value for ac_aux_dir unless we are using Automake,
+# so we pass a copy along to make sure it has a sensible value anyway.
+m4_defun([_LT_PROG_LTMAIN],
+[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
+_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
+ltmain=$ac_aux_dir/ltmain.sh
+])# _LT_PROG_LTMAIN
+
+
+
+# So that we can recreate a full libtool script including additional
+# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
+# in macros and then make a single call at the end using the 'libtool'
+# label.
+
+
+# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
+# ----------------------------------------
+# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL_INIT],
+[m4_ifval([$1],
+          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
+                     [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_INIT])
+
+
+# _LT_CONFIG_LIBTOOL([COMMANDS])
+# ------------------------------
+# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL],
+[m4_ifval([$1],
+          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
+                     [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
+
+
+# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
+# -----------------------------------------------------
+m4_defun([_LT_CONFIG_SAVE_COMMANDS],
+[_LT_CONFIG_LIBTOOL([$1])
+_LT_CONFIG_LIBTOOL_INIT([$2])
+])
+
+
+# _LT_FORMAT_COMMENT([COMMENT])
+# -----------------------------
+# Add leading comment marks to the start of each line, and a trailing
+# full-stop to the whole comment if one is not present already.
+m4_define([_LT_FORMAT_COMMENT],
+[m4_ifval([$1], [
+m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
+              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
+)])
+
+
+
+
+
+# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
+# -------------------------------------------------------------------
+# CONFIGNAME is the name given to the value in the libtool script.
+# VARNAME is the (base) name used in the configure script.
+# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
+# VARNAME.  Any other value will be used directly.
+m4_define([_LT_DECL],
+[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
+    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
+	[m4_ifval([$1], [$1], [$2])])
+    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
+    m4_ifval([$4],
+	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
+    lt_dict_add_subkey([lt_decl_dict], [$2],
+	[tagged?], [m4_ifval([$5], [yes], [no])])])
+])
+
+
+# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
+# --------------------------------------------------------
+m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
+
+
+# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_tag_varnames],
+[_lt_decl_filter([tagged?], [yes], $@)])
+
+
+# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
+# ---------------------------------------------------------
+m4_define([_lt_decl_filter],
+[m4_case([$#],
+  [0], [m4_fatal([$0: too few arguments: $#])],
+  [1], [m4_fatal([$0: too few arguments: $#: $1])],
+  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
+  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
+  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
+])
+
+
+# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
+# --------------------------------------------------
+m4_define([lt_decl_quote_varnames],
+[_lt_decl_filter([value], [1], $@)])
+
+
+# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_dquote_varnames],
+[_lt_decl_filter([value], [2], $@)])
+
+
+# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_varnames_tagged],
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
+
+
+# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_all_varnames],
+[_$0(m4_quote(m4_default([$1], [[, ]])),
+     m4_if([$2], [],
+	   m4_quote(lt_decl_varnames),
+	m4_quote(m4_shift($@))))[]dnl
+])
+m4_define([_lt_decl_all_varnames],
+[lt_join($@, lt_decl_varnames_tagged([$1],
+			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
+])
+
+
+# _LT_CONFIG_STATUS_DECLARE([VARNAME])
+# ------------------------------------
+# Quote a variable value, and forward it to 'config.status' so that its
+# declaration there will have the same value as in 'configure'.  VARNAME
+# must have a single quote delimited value for this to work.
+m4_define([_LT_CONFIG_STATUS_DECLARE],
+[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
+
+
+# _LT_CONFIG_STATUS_DECLARATIONS
+# ------------------------------
+# We delimit libtool config variables with single quotes, so when
+# we write them to config.status, we have to be sure to quote all
+# embedded single quotes properly.  In configure, this macro expands
+# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
+#
+#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
+m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
+    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAGS
+# ----------------
+# Output comment and list of tags supported by the script
+m4_defun([_LT_LIBTOOL_TAGS],
+[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
+available_tags='_LT_TAGS'dnl
+])
+
+
+# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
+# -----------------------------------
+# Extract the dictionary values for VARNAME (optionally with TAG) and
+# expand to a commented shell variable setting:
+#
+#    # Some comment about what VAR is for.
+#    visible_name=$lt_internal_name
+m4_define([_LT_LIBTOOL_DECLARE],
+[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
+					   [description])))[]dnl
+m4_pushdef([_libtool_name],
+    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
+m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
+    [0], [_libtool_name=[$]$1],
+    [1], [_libtool_name=$lt_[]$1],
+    [2], [_libtool_name=$lt_[]$1],
+    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
+m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
+])
+
+
+# _LT_LIBTOOL_CONFIG_VARS
+# -----------------------
+# Produce commented declarations of non-tagged libtool config variables
+# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
+# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
+# section) are produced by _LT_LIBTOOL_TAG_VARS.
+m4_defun([_LT_LIBTOOL_CONFIG_VARS],
+[m4_foreach([_lt_var],
+    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
+    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAG_VARS(TAG)
+# -------------------------
+m4_define([_LT_LIBTOOL_TAG_VARS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
+    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
+
+
+# _LT_TAGVAR(VARNAME, [TAGNAME])
+# ------------------------------
+m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
+
+
+# _LT_CONFIG_COMMANDS
+# -------------------
+# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
+# variables for single and double quote escaping we saved from calls
+# to _LT_DECL, we can put quote escaped variables declarations
+# into 'config.status', and then the shell code to quote escape them in
+# for loops in 'config.status'.  Finally, any additional code accumulated
+# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
+m4_defun([_LT_CONFIG_COMMANDS],
+[AC_PROVIDE_IFELSE([LT_OUTPUT],
+	dnl If the libtool generation code has been placed in $CONFIG_LT,
+	dnl instead of duplicating it all over again into config.status,
+	dnl then we will have config.status run $CONFIG_LT later, so it
+	dnl needs to know what name is stored there:
+        [AC_CONFIG_COMMANDS([libtool],
+            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
+    dnl If the libtool generation code is destined for config.status,
+    dnl expand the accumulated commands and init code now:
+    [AC_CONFIG_COMMANDS([libtool],
+        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
+])#_LT_CONFIG_COMMANDS
+
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
+[
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+_LT_CONFIG_STATUS_DECLARATIONS
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+  eval 'cat <<_LTECHO_EOF
+\$[]1
+_LTECHO_EOF'
+}
+
+# Quote evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_quote_varnames); do
+    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+    *[[\\\\\\\`\\"\\\$]]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Double-quote double-evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_dquote_varnames); do
+    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+    *[[\\\\\\\`\\"\\\$]]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+_LT_OUTPUT_LIBTOOL_INIT
+])
+
+# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
+# ------------------------------------
+# Generate a child script FILE with all initialization necessary to
+# reuse the environment learned by the parent script, and make the
+# file executable.  If COMMENT is supplied, it is inserted after the
+# '#!' sequence but before initialization text begins.  After this
+# macro, additional text can be appended to FILE to form the body of
+# the child script.  The macro ends with non-zero status if the
+# file could not be fully written (such as if the disk is full).
+m4_ifdef([AS_INIT_GENERATED],
+[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
+[m4_defun([_LT_GENERATED_FILE_INIT],
+[m4_require([AS_PREPARE])]dnl
+[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
+[lt_write_fail=0
+cat >$1 <<_ASEOF || lt_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+$2
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$1 <<\_ASEOF || lt_write_fail=1
+AS_SHELL_SANITIZE
+_AS_PREPARE
+exec AS_MESSAGE_FD>&1
+_ASEOF
+test 0 = "$lt_write_fail" && chmod +x $1[]dnl
+m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
+
+# LT_OUTPUT
+# ---------
+# This macro allows early generation of the libtool script (before
+# AC_OUTPUT is called), incase it is used in configure for compilation
+# tests.
+AC_DEFUN([LT_OUTPUT],
+[: ${CONFIG_LT=./config.lt}
+AC_MSG_NOTICE([creating $CONFIG_LT])
+_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
+[# Run this file to recreate a libtool stub with the current configuration.])
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+lt_cl_silent=false
+exec AS_MESSAGE_LOG_FD>>config.log
+{
+  echo
+  AS_BOX([Running $as_me.])
+} >&AS_MESSAGE_LOG_FD
+
+lt_cl_help="\
+'$as_me' creates a local libtool stub from the current configuration,
+for use in further configure time tests before the real libtool is
+generated.
+
+Usage: $[0] [[OPTIONS]]
+
+  -h, --help      print this help, then exit
+  -V, --version   print version number, then exit
+  -q, --quiet     do not print progress messages
+  -d, --debug     don't remove temporary files
+
+Report bugs to <bug-libtool@gnu.org>."
+
+lt_cl_version="\
+m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
+m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
+configured by $[0], generated by m4_PACKAGE_STRING.
+
+Copyright (C) 2011 Free Software Foundation, Inc.
+This config.lt script is free software; the Free Software Foundation
+gives unlimited permision to copy, distribute and modify it."
+
+while test 0 != $[#]
+do
+  case $[1] in
+    --version | --v* | -V )
+      echo "$lt_cl_version"; exit 0 ;;
+    --help | --h* | -h )
+      echo "$lt_cl_help"; exit 0 ;;
+    --debug | --d* | -d )
+      debug=: ;;
+    --quiet | --q* | --silent | --s* | -q )
+      lt_cl_silent=: ;;
+
+    -*) AC_MSG_ERROR([unrecognized option: $[1]
+Try '$[0] --help' for more information.]) ;;
+
+    *) AC_MSG_ERROR([unrecognized argument: $[1]
+Try '$[0] --help' for more information.]) ;;
+  esac
+  shift
+done
+
+if $lt_cl_silent; then
+  exec AS_MESSAGE_FD>/dev/null
+fi
+_LTEOF
+
+cat >>"$CONFIG_LT" <<_LTEOF
+_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AC_MSG_NOTICE([creating $ofile])
+_LT_OUTPUT_LIBTOOL_COMMANDS
+AS_EXIT(0)
+_LTEOF
+chmod +x "$CONFIG_LT"
+
+# configure is writing to config.log, but config.lt does its own redirection,
+# appending to config.log, which fails on DOS, as config.log is still kept
+# open by configure.  Here we exec the FD to /dev/null, effectively closing
+# config.log, so it can be properly (re)opened and appended to by config.lt.
+lt_cl_success=:
+test yes = "$silent" &&
+  lt_config_lt_args="$lt_config_lt_args --quiet"
+exec AS_MESSAGE_LOG_FD>/dev/null
+$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+exec AS_MESSAGE_LOG_FD>>config.log
+$lt_cl_success || AS_EXIT(1)
+])# LT_OUTPUT
+
+
+# _LT_CONFIG(TAG)
+# ---------------
+# If TAG is the built-in tag, create an initial libtool script with a
+# default configuration from the untagged config vars.  Otherwise add code
+# to config.status for appending the configuration named by TAG from the
+# matching tagged config vars.
+m4_defun([_LT_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_CONFIG_SAVE_COMMANDS([
+  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
+  m4_if(_LT_TAG, [C], [
+    # See if we are running on zsh, and set the options that allow our
+    # commands through without removal of \ escapes.
+    if test -n "${ZSH_VERSION+set}"; then
+      setopt NO_GLOB_SUBST
+    fi
+
+    cfgfile=${ofile}T
+    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+    $RM "$cfgfile"
+
+    cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+# Generated automatically by $as_me ($PACKAGE) $VERSION
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit, 1996
+
+_LT_COPYING
+_LT_LIBTOOL_TAGS
+
+# Configured defaults for sys_lib_dlsearch_path munging.
+: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
+
+# ### BEGIN LIBTOOL CONFIG
+_LT_LIBTOOL_CONFIG_VARS
+_LT_LIBTOOL_TAG_VARS
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+    cat <<'_LT_EOF' >> "$cfgfile"
+
+# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_PREPARE_MUNGE_PATH_LIST
+_LT_PREPARE_CC_BASENAME
+
+# ### END FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_EOF
+
+  case $host_os in
+  aix3*)
+    cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test set != "${COLLECT_NAMES+set}"; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+_LT_EOF
+    ;;
+  esac
+
+  _LT_PROG_LTMAIN
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '$q' "$ltmain" >> "$cfgfile" \
+     || (rm -f "$cfgfile"; exit 1)
+
+   mv -f "$cfgfile" "$ofile" ||
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+],
+[cat <<_LT_EOF >> "$ofile"
+
+dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
+dnl in a comment (ie after a #).
+# ### BEGIN LIBTOOL TAG CONFIG: $1
+_LT_LIBTOOL_TAG_VARS(_LT_TAG)
+# ### END LIBTOOL TAG CONFIG: $1
+_LT_EOF
+])dnl /m4_if
+],
+[m4_if([$1], [], [
+    PACKAGE='$PACKAGE'
+    VERSION='$VERSION'
+    RM='$RM'
+    ofile='$ofile'], [])
+])dnl /_LT_CONFIG_SAVE_COMMANDS
+])# _LT_CONFIG
+
+
+# LT_SUPPORTED_TAG(TAG)
+# ---------------------
+# Trace this macro to discover what tags are supported by the libtool
+# --tag option, using:
+#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
+AC_DEFUN([LT_SUPPORTED_TAG], [])
+
+
+# C support is built-in for now
+m4_define([_LT_LANG_C_enabled], [])
+m4_define([_LT_TAGS], [])
+
+
+# LT_LANG(LANG)
+# -------------
+# Enable libtool support for the given language if not already enabled.
+AC_DEFUN([LT_LANG],
+[AC_BEFORE([$0], [LT_OUTPUT])dnl
+m4_case([$1],
+  [C],			[_LT_LANG(C)],
+  [C++],		[_LT_LANG(CXX)],
+  [Go],			[_LT_LANG(GO)],
+  [Java],		[_LT_LANG(GCJ)],
+  [Fortran 77],		[_LT_LANG(F77)],
+  [Fortran],		[_LT_LANG(FC)],
+  [Windows Resource],	[_LT_LANG(RC)],
+  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
+    [_LT_LANG($1)],
+    [m4_fatal([$0: unsupported language: "$1"])])])dnl
+])# LT_LANG
+
+
+# _LT_LANG(LANGNAME)
+# ------------------
+m4_defun([_LT_LANG],
+[m4_ifdef([_LT_LANG_]$1[_enabled], [],
+  [LT_SUPPORTED_TAG([$1])dnl
+  m4_append([_LT_TAGS], [$1 ])dnl
+  m4_define([_LT_LANG_]$1[_enabled], [])dnl
+  _LT_LANG_$1_CONFIG($1)])dnl
+])# _LT_LANG
+
+
+m4_ifndef([AC_PROG_GO], [
+# NOTE: This macro has been submitted for inclusion into   #
+#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
+#  a released version of Autoconf we should remove this    #
+#  macro and use it instead.                               #
+m4_defun([AC_PROG_GO],
+[AC_LANG_PUSH(Go)dnl
+AC_ARG_VAR([GOC],     [Go compiler command])dnl
+AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
+_AC_ARG_VAR_LDFLAGS()dnl
+AC_CHECK_TOOL(GOC, gccgo)
+if test -z "$GOC"; then
+  if test -n "$ac_tool_prefix"; then
+    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
+  fi
+fi
+if test -z "$GOC"; then
+  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
+fi
+])#m4_defun
+])#m4_ifndef
+
+
+# _LT_LANG_DEFAULT_CONFIG
+# -----------------------
+m4_defun([_LT_LANG_DEFAULT_CONFIG],
+[AC_PROVIDE_IFELSE([AC_PROG_CXX],
+  [LT_LANG(CXX)],
+  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_F77],
+  [LT_LANG(F77)],
+  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_FC],
+  [LT_LANG(FC)],
+  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
+
+dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
+dnl pulling things in needlessly.
+AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+  [LT_LANG(GCJ)],
+  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+    [LT_LANG(GCJ)],
+    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
+      [LT_LANG(GCJ)],
+      [m4_ifdef([AC_PROG_GCJ],
+	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
+       m4_ifdef([A][M_PROG_GCJ],
+	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
+       m4_ifdef([LT_PROG_GCJ],
+	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+
+AC_PROVIDE_IFELSE([AC_PROG_GO],
+  [LT_LANG(GO)],
+  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
+
+AC_PROVIDE_IFELSE([LT_PROG_RC],
+  [LT_LANG(RC)],
+  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
+])# _LT_LANG_DEFAULT_CONFIG
+
+# Obsolete macros:
+AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
+AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
+AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
+AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
+dnl AC_DEFUN([AC_LIBTOOL_F77], [])
+dnl AC_DEFUN([AC_LIBTOOL_FC], [])
+dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+dnl AC_DEFUN([AC_LIBTOOL_RC], [])
+
+
+# _LT_TAG_COMPILER
+# ----------------
+m4_defun([_LT_TAG_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
+_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
+_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
+_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_TAG_COMPILER
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+m4_defun([_LT_COMPILER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+m4_defun([_LT_LINKER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+])# _LT_LINKER_BOILERPLATE
+
+# _LT_REQUIRED_DARWIN_CHECKS
+# -------------------------
+m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
+  case $host_os in
+    rhapsody* | darwin*)
+    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
+    AC_CHECK_TOOL([LIPO], [lipo], [:])
+    AC_CHECK_TOOL([OTOOL], [otool], [:])
+    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
+    _LT_DECL([], [DSYMUTIL], [1],
+      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
+    _LT_DECL([], [NMEDIT], [1],
+      [Tool to change global to local symbols on Mac OS X])
+    _LT_DECL([], [LIPO], [1],
+      [Tool to manipulate fat objects and archives on Mac OS X])
+    _LT_DECL([], [OTOOL], [1],
+      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
+    _LT_DECL([], [OTOOL64], [1],
+      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
+
+    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+      [lt_cv_apple_cc_single_mod=no
+      if test -z "$LT_MULTI_MODULE"; then
+	# By default we will add the -single_module flag. You can override
+	# by either setting the environment variable LT_MULTI_MODULE
+	# non-empty at configure time, or by adding -multi_module to the
+	# link flags.
+	rm -rf libconftest.dylib*
+	echo "int foo(void){return 1;}" > conftest.c
+	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
+	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+        _lt_result=$?
+	# If there is a non-empty error log, and "single_module"
+	# appears in it, assume the flag caused a linker warning
+        if test -s conftest.err && $GREP single_module conftest.err; then
+	  cat conftest.err >&AS_MESSAGE_LOG_FD
+	# Otherwise, if the output was created with a 0 exit code from
+	# the compiler, it worked.
+	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
+	  lt_cv_apple_cc_single_mod=yes
+	else
+	  cat conftest.err >&AS_MESSAGE_LOG_FD
+	fi
+	rm -rf libconftest.dylib*
+	rm -f conftest.*
+      fi])
+
+    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+      [lt_cv_ld_exported_symbols_list],
+      [lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+	[lt_cv_ld_exported_symbols_list=yes],
+	[lt_cv_ld_exported_symbols_list=no])
+	LDFLAGS=$save_LDFLAGS
+    ])
+
+    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
+      [lt_cv_ld_force_load=no
+      cat > conftest.c << _LT_EOF
+int forced_loaded() { return 2;}
+_LT_EOF
+      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
+      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
+      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
+      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
+      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
+      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
+      cat > conftest.c << _LT_EOF
+int main() { return 0;}
+_LT_EOF
+      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
+      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
+      _lt_result=$?
+      if test -s conftest.err && $GREP force_load conftest.err; then
+	cat conftest.err >&AS_MESSAGE_LOG_FD
+      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
+	lt_cv_ld_force_load=yes
+      else
+	cat conftest.err >&AS_MESSAGE_LOG_FD
+      fi
+        rm -f conftest.err libconftest.a conftest conftest.c
+        rm -rf conftest.dSYM
+    ])
+    case $host_os in
+    rhapsody* | darwin1.[[012]])
+      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
+    darwin1.*)
+      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+    darwin*) # darwin 5.x on
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+	10.[[012]][[,.]]*)
+	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+	10.*)
+	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test yes = "$lt_cv_apple_cc_single_mod"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test yes = "$lt_cv_ld_exported_symbols_list"; then
+      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
+    else
+      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
+    fi
+    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
+      _lt_dsymutil='~$DSYMUTIL $lib || :'
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+])
+
+
+# _LT_DARWIN_LINKER_FEATURES([TAG])
+# ---------------------------------
+# Checks for linker and compiler features on darwin
+m4_defun([_LT_DARWIN_LINKER_FEATURES],
+[
+  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
+  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+  _LT_TAGVAR(hardcode_direct, $1)=no
+  _LT_TAGVAR(hardcode_automatic, $1)=yes
+  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+  if test yes = "$lt_cv_ld_force_load"; then
+    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
+                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
+  else
+    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+  fi
+  _LT_TAGVAR(link_all_deplibs, $1)=yes
+  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
+  case $cc_basename in
+     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test yes = "$_lt_dar_can_shared"; then
+    output_verbose_link_cmd=func_echo_all
+    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+    m4_if([$1], [CXX],
+[   if test yes != "$lt_cv_apple_cc_single_mod"; then
+      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
+      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
+    fi
+],[])
+  else
+  _LT_TAGVAR(ld_shlibs, $1)=no
+  fi
+])
+
+# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
+# ----------------------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+# Store the results from the different compilers for each TAGNAME.
+# Allow to override them for all tags through lt_cv_aix_libpath.
+m4_defun([_LT_SYS_MODULE_PATH_AIX],
+[m4_require([_LT_DECL_SED])dnl
+if test set = "${lt_cv_aix_libpath+set}"; then
+  aix_libpath=$lt_cv_aix_libpath
+else
+  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
+  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
+  lt_aix_libpath_sed='[
+      /Import File Strings/,/^$/ {
+	  /^0/ {
+	      s/^0  *\([^ ]*\) *$/\1/
+	      p
+	  }
+      }]'
+  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  # Check for a 64-bit object if we didn't find anything.
+  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
+    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  fi],[])
+  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
+    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
+  fi
+  ])
+  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
+fi
+])# _LT_SYS_MODULE_PATH_AIX
+
+
+# _LT_SHELL_INIT(ARG)
+# -------------------
+m4_define([_LT_SHELL_INIT],
+[m4_divert_text([M4SH-INIT], [$1
+])])# _LT_SHELL_INIT
+
+
+
+# _LT_PROG_ECHO_BACKSLASH
+# -----------------------
+# Find how we can fake an echo command that does not interpret backslash.
+# In particular, with Autoconf 2.60 or later we add some code to the start
+# of the generated configure script that will find a shell with a builtin
+# printf (that we can use as an echo command).
+m4_defun([_LT_PROG_ECHO_BACKSLASH],
+[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+
+AC_MSG_CHECKING([how to print strings])
+# Test print first, because it will be a builtin if present.
+if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
+   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
+  ECHO='print -r --'
+elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
+  ECHO='printf %s\n'
+else
+  # Use this function as a fallback that always works.
+  func_fallback_echo ()
+  {
+    eval 'cat <<_LTECHO_EOF
+$[]1
+_LTECHO_EOF'
+  }
+  ECHO='func_fallback_echo'
+fi
+
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+    $ECHO "$*"
+}
+
+case $ECHO in
+  printf*) AC_MSG_RESULT([printf]) ;;
+  print*) AC_MSG_RESULT([print -r]) ;;
+  *) AC_MSG_RESULT([cat]) ;;
+esac
+
+m4_ifdef([_AS_DETECT_SUGGESTED],
+[_AS_DETECT_SUGGESTED([
+  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
+    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+    PATH=/empty FPATH=/empty; export PATH FPATH
+    test "X`printf %s $ECHO`" = "X$ECHO" \
+      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
+
+_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
+_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
+])# _LT_PROG_ECHO_BACKSLASH
+
+
+# _LT_WITH_SYSROOT
+# ----------------
+AC_DEFUN([_LT_WITH_SYSROOT],
+[AC_MSG_CHECKING([for sysroot])
+AC_ARG_WITH([sysroot],
+[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
+  [Search for dependent libraries within DIR (or the compiler's sysroot
+   if not specified).])],
+[], [with_sysroot=no])
+
+dnl lt_sysroot will always be passed unquoted.  We quote it here
+dnl in case the user passed a directory name.
+lt_sysroot=
+case $with_sysroot in #(
+ yes)
+   if test yes = "$GCC"; then
+     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+   fi
+   ;; #(
+ /*)
+   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   ;; #(
+ no|'')
+   ;; #(
+ *)
+   AC_MSG_RESULT([$with_sysroot])
+   AC_MSG_ERROR([The sysroot must be an absolute path.])
+   ;;
+esac
+
+ AC_MSG_RESULT([${lt_sysroot:-no}])
+_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
+[dependent libraries, and where our libraries should be installed.])])
+
+# _LT_ENABLE_LOCK
+# ---------------
+m4_defun([_LT_ENABLE_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+  [AS_HELP_STRING([--disable-libtool-lock],
+    [avoid locking (might break parallel builds)])])
+test no = "$enable_libtool_lock" || enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out what ABI is being produced by ac_compile, and set mode
+  # options accordingly.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.$ac_objext` in
+      *ELF-32*)
+	HPUX_IA64_MODE=32
+	;;
+      *ELF-64*)
+	HPUX_IA64_MODE=64
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    if test yes = "$lt_cv_prog_gnu_ld"; then
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -melf32bsmip"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -melf32bmipn32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -melf64bmip"
+	;;
+      esac
+    else
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -32"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -n32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -64"
+	  ;;
+      esac
+    fi
+  fi
+  rm -rf conftest*
+  ;;
+
+mips64*-*linux*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    emul=elf
+    case `/usr/bin/file conftest.$ac_objext` in
+      *32-bit*)
+	emul="${emul}32"
+	;;
+      *64-bit*)
+	emul="${emul}64"
+	;;
+    esac
+    case `/usr/bin/file conftest.$ac_objext` in
+      *MSB*)
+	emul="${emul}btsmip"
+	;;
+      *LSB*)
+	emul="${emul}ltsmip"
+	;;
+    esac
+    case `/usr/bin/file conftest.$ac_objext` in
+      *N32*)
+	emul="${emul}n32"
+	;;
+    esac
+    LD="${LD-ld} -m $emul"
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.  Note that the listed cases only cover the
+  # situations where additional linker options are needed (such as when
+  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
+  # vice versa); the common cases where no linker options are needed do
+  # not appear in the list.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+      *32-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_i386_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    case `/usr/bin/file conftest.o` in
+	      *x86-64*)
+		LD="${LD-ld} -m elf32_x86_64"
+		;;
+	      *)
+		LD="${LD-ld} -m elf_i386"
+		;;
+	    esac
+	    ;;
+	  powerpc64le-*linux*)
+	    LD="${LD-ld} -m elf32lppclinux"
+	    ;;
+	  powerpc64-*linux*)
+	    LD="${LD-ld} -m elf32ppclinux"
+	    ;;
+	  s390x-*linux*)
+	    LD="${LD-ld} -m elf_s390"
+	    ;;
+	  sparc64-*linux*)
+	    LD="${LD-ld} -m elf32_sparc"
+	    ;;
+	esac
+	;;
+      *64-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_x86_64_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_x86_64"
+	    ;;
+	  powerpcle-*linux*)
+	    LD="${LD-ld} -m elf64lppc"
+	    ;;
+	  powerpc-*linux*)
+	    LD="${LD-ld} -m elf64ppc"
+	    ;;
+	  s390*-*linux*|s390*-*tpf*)
+	    LD="${LD-ld} -m elf64_s390"
+	    ;;
+	  sparc*-*linux*)
+	    LD="${LD-ld} -m elf64_sparc"
+	    ;;
+	esac
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS=$CFLAGS
+  CFLAGS="$CFLAGS -belf"
+  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+    [AC_LANG_PUSH(C)
+     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+     AC_LANG_POP])
+  if test yes != "$lt_cv_cc_needs_belf"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS=$SAVE_CFLAGS
+  fi
+  ;;
+*-*solaris*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo 'int i;' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*)
+        case $host in
+        i?86-*-solaris*|x86_64-*-solaris*)
+          LD="${LD-ld} -m elf_x86_64"
+          ;;
+        sparc*-*-solaris*)
+          LD="${LD-ld} -m elf64_sparc"
+          ;;
+        esac
+        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
+        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+          LD=${LD-ld}_sol2
+        fi
+        ;;
+      *)
+	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+esac
+
+need_locks=$enable_libtool_lock
+])# _LT_ENABLE_LOCK
+
+
+# _LT_PROG_AR
+# -----------
+m4_defun([_LT_PROG_AR],
+[AC_CHECK_TOOLS(AR, [ar], false)
+: ${AR=ar}
+: ${AR_FLAGS=cru}
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
+
+AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
+  [lt_cv_ar_at_file=no
+   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
+     [echo conftest.$ac_objext > conftest.lst
+      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
+      AC_TRY_EVAL([lt_ar_try])
+      if test 0 -eq "$ac_status"; then
+	# Ensure the archiver fails upon bogus file names.
+	rm -f conftest.$ac_objext libconftest.a
+	AC_TRY_EVAL([lt_ar_try])
+	if test 0 -ne "$ac_status"; then
+          lt_cv_ar_at_file=@
+        fi
+      fi
+      rm -f conftest.* libconftest.a
+     ])
+  ])
+
+if test no = "$lt_cv_ar_at_file"; then
+  archiver_list_spec=
+else
+  archiver_list_spec=$lt_cv_ar_at_file
+fi
+_LT_DECL([], [archiver_list_spec], [1],
+  [How to feed a file listing to the archiver])
+])# _LT_PROG_AR
+
+
+# _LT_CMD_OLD_ARCHIVE
+# -------------------
+m4_defun([_LT_CMD_OLD_ARCHIVE],
+[_LT_PROG_AR
+
+AC_CHECK_TOOL(STRIP, strip, :)
+test -z "$STRIP" && STRIP=:
+_LT_DECL([], [STRIP], [1], [A symbol stripping program])
+
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+test -z "$RANLIB" && RANLIB=:
+_LT_DECL([], [RANLIB], [1],
+    [Commands used to install an old-style archive])
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  bitrig* | openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
+fi
+
+case $host_os in
+  darwin*)
+    lock_old_archive_extraction=yes ;;
+  *)
+    lock_old_archive_extraction=no ;;
+esac
+_LT_DECL([], [old_postinstall_cmds], [2])
+_LT_DECL([], [old_postuninstall_cmds], [2])
+_LT_TAGDECL([], [old_archive_cmds], [2],
+    [Commands used to build an old-style archive])
+_LT_DECL([], [lock_old_archive_extraction], [0],
+    [Whether to use a lock for old archive extraction])
+])# _LT_CMD_OLD_ARCHIVE
+
+
+# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([_LT_COMPILER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       $2=yes
+     fi
+   fi
+   $RM conftest*
+])
+
+if test yes = "[$]$2"; then
+    m4_if([$5], , :, [$5])
+else
+    m4_if([$6], , :, [$6])
+fi
+])# _LT_COMPILER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
+
+
+# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+#                  [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------
+# Check whether the given linker option works
+AC_DEFUN([_LT_LINKER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+  [$2=no
+   save_LDFLAGS=$LDFLAGS
+   LDFLAGS="$LDFLAGS $3"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&AS_MESSAGE_LOG_FD
+       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         $2=yes
+       fi
+     else
+       $2=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS=$save_LDFLAGS
+])
+
+if test yes = "[$]$2"; then
+    m4_if([$4], , :, [$4])
+else
+    m4_if([$5], , :, [$5])
+fi
+])# _LT_LINKER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
+
+
+# LT_CMD_MAX_LEN
+#---------------
+AC_DEFUN([LT_CMD_MAX_LEN],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+  i=0
+  teststring=ABCD
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw* | cegcc*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  mint*)
+    # On MiNT this can take a long time and run out of memory.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  os2*)
+    # The test takes a long time on OS/2.
+    lt_cv_sys_max_cmd_len=8192
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len" && \
+       test undefined != "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      # Make teststring a little bigger before we do anything with it.
+      # a 1K string should be a reasonable start.
+      for i in 1 2 3 4 5 6 7 8; do
+        teststring=$teststring$teststring
+      done
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      # If test is not a shell built-in, we'll probably end up computing a
+      # maximum length that is only half of the actual maximum length, but
+      # we can't tell.
+      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
+	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
+	      test 17 != "$i" # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      # Only check the string length outside the loop.
+      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on
+      # massive amounts of additional arguments before passing them to the
+      # linker.  It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
+    ;;
+  esac
+])
+if test -n "$lt_cv_sys_max_cmd_len"; then
+  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+  AC_MSG_RESULT(none)
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+_LT_DECL([], [max_cmd_len], [0],
+    [What is the maximum length of a command?])
+])# LT_CMD_MAX_LEN
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
+
+
+# _LT_HEADER_DLFCN
+# ----------------
+m4_defun([_LT_HEADER_DLFCN],
+[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
+])# _LT_HEADER_DLFCN
+
+
+# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ----------------------------------------------------------------
+m4_defun([_LT_TRY_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test yes = "$cross_compiling"; then :
+  [$4]
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+[#line $LINENO "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+/* When -fvisibility=hidden is used, assume the code has been annotated
+   correspondingly for the symbols needed.  */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+
+int fnord () { return 42; }
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else
+        {
+	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
+          else puts (dlerror ());
+	}
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}]
+_LT_EOF
+  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
+    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) $1 ;;
+      x$lt_dlneed_uscore) $2 ;;
+      x$lt_dlunknown|x*) $3 ;;
+    esac
+  else :
+    # compilation failed
+    $3
+  fi
+fi
+rm -fr conftest*
+])# _LT_TRY_DLOPEN_SELF
+
+
+# LT_SYS_DLOPEN_SELF
+# ------------------
+AC_DEFUN([LT_SYS_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test yes != "$enable_dlopen"; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen=load_add_on
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32* | cegcc*)
+    lt_cv_dlopen=LoadLibrary
+    lt_cv_dlopen_libs=
+    ;;
+
+  cygwin*)
+    lt_cv_dlopen=dlopen
+    lt_cv_dlopen_libs=
+    ;;
+
+  darwin*)
+    # if libdl is installed we need to link against it
+    AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
+    lt_cv_dlopen=dyld
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ])
+    ;;
+
+  tpf*)
+    # Don't try to run any link tests for TPF.  We know it's impossible
+    # because TPF is a cross-compiler, and we know how we open DSOs.
+    lt_cv_dlopen=dlopen
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=no
+    ;;
+
+  *)
+    AC_CHECK_FUNC([shl_load],
+	  [lt_cv_dlopen=shl_load],
+      [AC_CHECK_LIB([dld], [shl_load],
+	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
+	[AC_CHECK_FUNC([dlopen],
+	      [lt_cv_dlopen=dlopen],
+	  [AC_CHECK_LIB([dl], [dlopen],
+		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
+	    [AC_CHECK_LIB([svld], [dlopen],
+		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
+	      [AC_CHECK_LIB([dld], [dld_link],
+		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
+	      ])
+	    ])
+	  ])
+	])
+      ])
+    ;;
+  esac
+
+  if test no = "$lt_cv_dlopen"; then
+    enable_dlopen=no
+  else
+    enable_dlopen=yes
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS=$CPPFLAGS
+    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS=$LDFLAGS
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS=$LIBS
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    AC_CACHE_CHECK([whether a program can dlopen itself],
+	  lt_cv_dlopen_self, [dnl
+	  _LT_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+    ])
+
+    if test yes = "$lt_cv_dlopen_self"; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+	  lt_cv_dlopen_self_static, [dnl
+	  _LT_TRY_DLOPEN_SELF(
+	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
+      ])
+    fi
+
+    CPPFLAGS=$save_CPPFLAGS
+    LDFLAGS=$save_LDFLAGS
+    LIBS=$save_LIBS
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+_LT_DECL([dlopen_support], [enable_dlopen], [0],
+	 [Whether dlopen is supported])
+_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
+	 [Whether dlopen of programs is supported])
+_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
+	 [Whether dlopen of statically linked programs is supported])
+])# LT_SYS_DLOPEN_SELF
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
+
+
+# _LT_COMPILER_C_O([TAGNAME])
+# ---------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler.
+# This macro does not hard code the compiler like AC_PROG_CC_C_O.
+m4_defun([_LT_COMPILER_C_O],
+[m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&AS_MESSAGE_LOG_FD
+   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+     fi
+   fi
+   chmod u+w . 2>&AS_MESSAGE_LOG_FD
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+])
+_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
+	[Does compiler simultaneously support -c and -o options?])
+])# _LT_COMPILER_C_O
+
+
+# _LT_COMPILER_FILE_LOCKS([TAGNAME])
+# ----------------------------------
+# Check to see if we can do hard links to lock some files if needed
+m4_defun([_LT_COMPILER_FILE_LOCKS],
+[m4_require([_LT_ENABLE_LOCK])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_COMPILER_C_O([$1])
+
+hard_links=nottested
+if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
+  # do not overwrite the value of need_locks provided by the user
+  AC_MSG_CHECKING([if we can lock with hard links])
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  AC_MSG_RESULT([$hard_links])
+  if test no = "$hard_links"; then
+    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
+])# _LT_COMPILER_FILE_LOCKS
+
+
+# _LT_CHECK_OBJDIR
+# ----------------
+m4_defun([_LT_CHECK_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+_LT_DECL([], [objdir], [0],
+         [The name of the directory that contains temporary libtool files])dnl
+m4_pattern_allow([LT_OBJDIR])dnl
+AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
+  [Define to the sub-directory where libtool stores uninstalled libraries.])
+])# _LT_CHECK_OBJDIR
+
+
+# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
+# --------------------------------------
+# Check hardcoding attributes.
+m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
+   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
+   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
+
+  # We can hardcode non-existent directories.
+  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
+     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
+    # Linking always hardcodes the temporary library directory.
+    _LT_TAGVAR(hardcode_action, $1)=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    _LT_TAGVAR(hardcode_action, $1)=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  _LT_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
+
+if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
+   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test yes = "$shlibpath_overrides_runpath" ||
+     test no = "$enable_shared"; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+_LT_TAGDECL([], [hardcode_action], [0],
+    [How to hardcode a shared library path into an executable])
+])# _LT_LINKER_HARDCODE_LIBPATH
+
+
+# _LT_CMD_STRIPLIB
+# ----------------
+m4_defun([_LT_CMD_STRIPLIB],
+[m4_require([_LT_DECL_EGREP])
+striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+  darwin*)
+    if test -n "$STRIP"; then
+      striplib="$STRIP -x"
+      old_striplib="$STRIP -S"
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+    fi
+    ;;
+  *)
+    AC_MSG_RESULT([no])
+    ;;
+  esac
+fi
+_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
+_LT_DECL([], [striplib], [1])
+])# _LT_CMD_STRIPLIB
+
+
+# _LT_PREPARE_MUNGE_PATH_LIST
+# ---------------------------
+# Make sure func_munge_path_list() is defined correctly.
+m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
+[[# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+#       string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+#       string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+#       "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+#       VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+    case x@S|@2 in
+    x)
+        ;;
+    *:)
+        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
+        ;;
+    x:*)
+        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
+        ;;
+    *::*)
+        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
+        ;;
+    *)
+        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
+        ;;
+    esac
+}
+]])# _LT_PREPARE_PATH_LIST
+
+
+# _LT_SYS_DYNAMIC_LINKER([TAG])
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+m4_defun([_LT_SYS_DYNAMIC_LINKER],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
+m4_if([$1],
+	[], [
+if test yes = "$GCC"; then
+  case $host_os in
+    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
+    *) lt_awk_arg='/^libraries:/' ;;
+  esac
+  case $host_os in
+    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
+    *) lt_sed_strip_eq='s|=/|/|g' ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
+  case $lt_search_path_spec in
+  *\;*)
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
+    ;;
+  *)
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
+    ;;
+  esac
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary...
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  # ...but if some path component already ends with the multilib dir we assume
+  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
+  case "$lt_multi_os_dir; $lt_search_path_spec " in
+  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
+    lt_multi_os_dir=
+    ;;
+  esac
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
+    elif test -n "$lt_multi_os_dir"; then
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
+BEGIN {RS = " "; FS = "/|\n";} {
+  lt_foo = "";
+  lt_count = 0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo = "/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+  # AWK program above erroneously prepends '/' to C:/dos/paths
+  # for these hosts.
+  case $host_os in
+    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
+  esac
+  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=.so
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
+[User-defined run-time library search path.])
+
+case $host_os in
+aix3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='$libname$release$shared_ext$major'
+  ;;
+
+aix[[4-9]]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test ia64 = "$host_cpu"; then
+    # AIX 5 supports IA64
+    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line '#! .'.  This would cause the generated library to
+    # depend on '.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[[01]] | aix4.[[01]].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # Using Import Files as archive members, it is possible to support
+    # filename-based versioning of shared library archives on AIX. While
+    # this would work for both with and without runtime linking, it will
+    # prevent static linking of such archives. So we do filename-based
+    # shared library versioning with .so extension only, which is used
+    # when both runtime linking and shared linking is enabled.
+    # Unfortunately, runtime linking may impact performance, so we do
+    # not want this to be the default eventually. Also, we use the
+    # versioned .so libs for executables only if there is the -brtl
+    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+    # To allow for filename-based versioning support, we need to create
+    # libNAME.so.V as an archive file, containing:
+    # *) an Import File, referring to the versioned filename of the
+    #    archive as well as the shared archive member, telling the
+    #    bitwidth (32 or 64) of that shared object, and providing the
+    #    list of exported symbols of that shared object, eventually
+    #    decorated with the 'weak' keyword
+    # *) the shared object with the F_LOADONLY flag set, to really avoid
+    #    it being seen by the linker.
+    # At run time we better use the real file rather than another symlink,
+    # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+    case $with_aix_soname,$aix_use_runtimelinking in
+    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    aix,yes) # traditional libtool
+      dynamic_linker='AIX unversionable lib.so'
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      ;;
+    aix,no) # traditional AIX only
+      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      ;;
+    svr4,*) # full svr4 only
+      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,yes) # both, prefer svr4
+      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # unpreferred sharedlib libNAME.a needs extra handling
+      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,no) # both, prefer aix
+      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+      ;;
+    esac
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='$libname$shared_ext'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[[45]]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$cc_basename in
+  yes,*)
+    # gcc
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+m4_if([$1], [],[
+      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+      ;;
+    esac
+    dynamic_linker='Win32 ld.exe'
+    ;;
+
+  *,cl*)
+    # Native MSVC
+    libname_spec='$name'
+    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
+    library_names_spec='$libname.dll.lib'
+
+    case $build_os in
+    mingw*)
+      sys_lib_search_path_spec=
+      lt_save_ifs=$IFS
+      IFS=';'
+      for lt_path in $LIB
+      do
+        IFS=$lt_save_ifs
+        # Let DOS variable expansion print the short 8.3 style file name.
+        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+      done
+      IFS=$lt_save_ifs
+      # Convert to MSYS style.
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
+      ;;
+    cygwin*)
+      # Convert to unix form, then to dos form, then back to unix form
+      # but this time dos style (no spaces!) so that the unix form looks
+      # like /cygdrive/c/PROGRA~1:/cygdr...
+      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      ;;
+    *)
+      sys_lib_search_path_spec=$LIB
+      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+        # It is most probably a Windows format PATH.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      # FIXME: find the short name or the path components, as spaces are
+      # common. (e.g. "Program Files" -> "PROGRA~1")
+      ;;
+    esac
+
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+    dynamic_linker='Win32 link.exe'
+    ;;
+
+  *)
+    # Assume MSVC wrapper
+    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
+    dynamic_linker='Win32 ld.exe'
+    ;;
+  esac
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$major$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+m4_if([$1], [],[
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[[23]].*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      soname_spec='$libname$release$shared_ext$major'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2.*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+haiku*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  dynamic_linker="$host_os runtime_loader"
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    if test 32 = "$HPUX_IA64_MODE"; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
+    fi
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
+  postinstall_cmds='chmod 555 $lib'
+  # or fails outright, so override atomically:
+  install_override_mode=555
+  ;;
+
+interix[[3-9]]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test yes = "$lt_cv_prog_gnu_ld"; then
+		version_type=linux # correct to gnu/linux during the next big refactor
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+linux*android*)
+  version_type=none # Android doesn't support versioned libraries.
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext'
+  soname_spec='$libname$release$shared_ext'
+  finish_cmds=
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  dynamic_linker='Android linker'
+  # Don't embed -rpath directories since the linker doesn't support them.
+  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+  ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+
+  # Some binutils ld are patched to set DT_RUNPATH
+  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
+    [lt_cv_shlibpath_overrides_runpath=no
+    save_LDFLAGS=$LDFLAGS
+    save_libdir=$libdir
+    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+	 [lt_cv_shlibpath_overrides_runpath=yes])])
+    LDFLAGS=$save_LDFLAGS
+    libdir=$save_libdir
+    ])
+  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Ideally, we could use ldconfig to report *all* directores which are
+  # searched for libraries, however this is still not possible.  Aside from not
+  # being certain /sbin/ldconfig is available, command
+  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+  # even though it is searched at run-time.  Try to do the best guess by
+  # appending ld.so.conf contents (and includes) to the search path.
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsdelf*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='NetBSD ld.elf_so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd* | bitrig*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec=/usr/lib
+  need_lib_prefix=no
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+    need_version=no
+  else
+    need_version=yes
+  fi
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+os2*)
+  libname_spec='$name'
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+  # OS/2 can only load a DLL with a base name of 8 characters or less.
+  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+    v=$($ECHO $release$versuffix | tr -d .-);
+    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+    $ECHO $n$v`$shared_ext'
+  library_names_spec='${libname}_dll.$libext'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=BEGINLIBPATH
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  postinstall_cmds='base_file=`basename \$file`~
+    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+    dldir=$destdir/`dirname \$dlpath`~
+    test -d \$dldir || mkdir -p \$dldir~
+    $install_prog $dir/$dlname \$dldir/$dlname~
+    chmod a+x \$dldir/$dlname~
+    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+    fi'
+  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+    dlpath=$dir/\$dldll~
+    $RM \$dlpath'
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test yes = "$with_gnu_ld"; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec; then
+    version_type=linux # correct to gnu/linux during the next big refactor
+    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+    soname_spec='$libname$shared_ext.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=sco
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test yes = "$with_gnu_ld"; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test no = "$dynamic_linker" && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test yes = "$GCC"; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
+fi
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
+fi
+
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
+_LT_DECL([], [variables_saved_for_relink], [1],
+    [Variables whose values should be saved in libtool wrapper scripts and
+    restored at link time])
+_LT_DECL([], [need_lib_prefix], [0],
+    [Do we need the "lib" prefix for modules?])
+_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
+_LT_DECL([], [version_type], [0], [Library versioning type])
+_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
+_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
+_LT_DECL([], [shlibpath_overrides_runpath], [0],
+    [Is shlibpath searched before the hard-coded library search path?])
+_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
+_LT_DECL([], [library_names_spec], [1],
+    [[List of archive names.  First name is the real one, the rest are links.
+    The last name is the one that the linker finds with -lNAME]])
+_LT_DECL([], [soname_spec], [1],
+    [[The coded name of the library, if different from the real name]])
+_LT_DECL([], [install_override_mode], [1],
+    [Permission mode override for installation of shared libraries])
+_LT_DECL([], [postinstall_cmds], [2],
+    [Command to use after installation of a shared archive])
+_LT_DECL([], [postuninstall_cmds], [2],
+    [Command to use after uninstallation of a shared archive])
+_LT_DECL([], [finish_cmds], [2],
+    [Commands used to finish a libtool library installation in a directory])
+_LT_DECL([], [finish_eval], [1],
+    [[As "finish_cmds", except a single script fragment to be evaled but
+    not shown]])
+_LT_DECL([], [hardcode_into_libs], [0],
+    [Whether we should hardcode library paths into libraries])
+_LT_DECL([], [sys_lib_search_path_spec], [2],
+    [Compile-time system search path for libraries])
+_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
+    [Detected run-time system search path for libraries])
+_LT_DECL([], [configure_time_lt_sys_library_path], [2],
+    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
+])# _LT_SYS_DYNAMIC_LINKER
+
+
+# _LT_PATH_TOOL_PREFIX(TOOL)
+# --------------------------
+# find a file program that can recognize shared library
+AC_DEFUN([_LT_PATH_TOOL_PREFIX],
+[m4_require([_LT_DECL_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] |  ?:[\\/]*])
+  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD=$MAGIC_CMD
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word.  This closes a longstanding sh security hole.
+  ac_dummy="m4_if([$2], , $PATH, [$2])"
+  for ac_dir in $ac_dummy; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$1"; then
+      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS=$lt_save_ifs
+  MAGIC_CMD=$lt_save_MAGIC_CMD
+  ;;
+esac])
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+if test -n "$MAGIC_CMD"; then
+  AC_MSG_RESULT($MAGIC_CMD)
+else
+  AC_MSG_RESULT(no)
+fi
+_LT_DECL([], [MAGIC_CMD], [0],
+	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
+])# _LT_PATH_TOOL_PREFIX
+
+# Old name:
+AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
+
+
+# _LT_PATH_MAGIC
+# --------------
+# find a file program that can recognize a shared library
+m4_defun([_LT_PATH_MAGIC],
+[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+  else
+    MAGIC_CMD=:
+  fi
+fi
+])# _LT_PATH_MAGIC
+
+
+# LT_PATH_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([LT_PATH_LD],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
+
+AC_ARG_WITH([gnu-ld],
+    [AS_HELP_STRING([--with-gnu-ld],
+	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
+    [test no = "$withval" || with_gnu_ld=yes],
+    [with_gnu_ld=no])dnl
+
+ac_prog=ld
+if test yes = "$GCC"; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  AC_MSG_CHECKING([for ld used by $CC])
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return, which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [[\\/]]* | ?:[[\\/]]*)
+      re_direlt='/[[^/]][[^/]]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD=$ac_prog
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test yes = "$with_gnu_ld"; then
+  AC_MSG_CHECKING([for GNU ld])
+else
+  AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD=$ac_dir/$ac_prog
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test no != "$with_gnu_ld" && break
+	;;
+      *)
+	test yes != "$with_gnu_ld" && break
+	;;
+      esac
+    fi
+  done
+  IFS=$lt_save_ifs
+else
+  lt_cv_path_LD=$LD # Let the user override the test with a path.
+fi])
+LD=$lt_cv_path_LD
+if test -n "$LD"; then
+  AC_MSG_RESULT($LD)
+else
+  AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+_LT_PATH_LD_GNU
+AC_SUBST([LD])
+
+_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
+])# LT_PATH_LD
+
+# Old names:
+AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
+AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_LD], [])
+dnl AC_DEFUN([AC_PROG_LD], [])
+
+
+# _LT_PATH_LD_GNU
+#- --------------
+m4_defun([_LT_PATH_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# _LT_PATH_LD_GNU
+
+
+# _LT_CMD_RELOAD
+# --------------
+# find reload flag for linker
+#   -- PORTME Some linkers may need a different reload flag.
+m4_defun([_LT_CMD_RELOAD],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+  lt_cv_ld_reload_flag,
+  [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    if test yes != "$GCC"; then
+      reload_cmds=false
+    fi
+    ;;
+  darwin*)
+    if test yes = "$GCC"; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_TAGDECL([], [reload_cmds], [2])dnl
+])# _LT_CMD_RELOAD
+
+
+# _LT_PATH_DD
+# -----------
+# find a working dd
+m4_defun([_LT_PATH_DD],
+[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
+[printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+: ${lt_DD:=$DD}
+AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
+[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+  cmp -s conftest.i conftest.out \
+  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
+fi])
+rm -f conftest.i conftest2.i conftest.out])
+])# _LT_PATH_DD
+
+
+# _LT_CMD_TRUNCATE
+# ----------------
+# find command to truncate a binary pipe
+m4_defun([_LT_CMD_TRUNCATE],
+[m4_require([_LT_PATH_DD])
+AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
+[printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+lt_cv_truncate_bin=
+if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+  cmp -s conftest.i conftest.out \
+  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
+fi
+rm -f conftest.i conftest2.i conftest.out
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
+_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
+  [Command to truncate a binary pipe])
+])# _LT_CMD_TRUNCATE
+
+
+# _LT_CHECK_MAGIC_METHOD
+# ----------------------
+# how to check for library dependencies
+#  -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_MAGIC_METHOD],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+AC_CACHE_CHECK([how to recognize dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# 'unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# that responds to the $file_magic_cmd with a given extended regex.
+# If you have 'file' or equivalent on your system and you're not sure
+# whether 'pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[[4-9]]*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[[45]]*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    # Keep this pattern in sync with the one in func_win32_libid.
+    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
+  ;;
+
+cegcc*)
+  # use the weaker test based on 'objdump'. See mingw*.
+  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | dragonfly*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+haiku*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix[[3-9]]*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd* | netbsdelf*-gnu)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+*nto* | *qnx*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+openbsd* | bitrig*)
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+tpf*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+os2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+])
+
+file_magic_glob=
+want_nocaseglob=no
+if test "$build" = "$host"; then
+  case $host_os in
+  mingw* | pw32*)
+    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
+      want_nocaseglob=yes
+    else
+      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
+    fi
+    ;;
+  esac
+fi
+
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+_LT_DECL([], [deplibs_check_method], [1],
+    [Method to check whether dependent libraries are shared objects])
+_LT_DECL([], [file_magic_cmd], [1],
+    [Command to use when deplibs_check_method = "file_magic"])
+_LT_DECL([], [file_magic_glob], [1],
+    [How to find potential files when deplibs_check_method = "file_magic"])
+_LT_DECL([], [want_nocaseglob], [1],
+    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
+])# _LT_CHECK_MAGIC_METHOD
+
+
+# LT_PATH_NM
+# ----------
+# find the pathname to a BSD- or MS-compatible name lister
+AC_DEFUN([LT_PATH_NM],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
+[if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM=$NM
+else
+  lt_nm_to_check=${ac_tool_prefix}nm
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS=$lt_save_ifs
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm=$ac_dir/$lt_tmp_nm
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
+	case $build_os in
+	mingw*) lt_bad_file=conftest.nm/nofile ;;
+	*) lt_bad_file=/dev/null ;;
+	esac
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	*$lt_bad_file* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break 2
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break 2
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS=$lt_save_ifs
+  done
+  : ${lt_cv_path_NM=no}
+fi])
+if test no != "$lt_cv_path_NM"; then
+  NM=$lt_cv_path_NM
+else
+  # Didn't find any BSD compatible name lister, look for dumpbin.
+  if test -n "$DUMPBIN"; then :
+    # Let the user override the test.
+  else
+    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    *COFF*)
+      DUMPBIN="$DUMPBIN -symbols -headers"
+      ;;
+    *)
+      DUMPBIN=:
+      ;;
+    esac
+  fi
+  AC_SUBST([DUMPBIN])
+  if test : != "$DUMPBIN"; then
+    NM=$DUMPBIN
+  fi
+fi
+test -z "$NM" && NM=nm
+AC_SUBST([NM])
+_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
+
+AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
+  [lt_cv_nm_interface="BSD nm"
+  echo "int some_variable = 0;" > conftest.$ac_ext
+  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+  (eval "$ac_compile" 2>conftest.err)
+  cat conftest.err >&AS_MESSAGE_LOG_FD
+  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+  cat conftest.err >&AS_MESSAGE_LOG_FD
+  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
+  cat conftest.out >&AS_MESSAGE_LOG_FD
+  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+    lt_cv_nm_interface="MS dumpbin"
+  fi
+  rm -f conftest*])
+])# LT_PATH_NM
+
+# Old names:
+AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
+AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_NM], [])
+dnl AC_DEFUN([AC_PROG_NM], [])
+
+# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
+# --------------------------------
+# how to determine the name of the shared library
+# associated with a specific link library.
+#  -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+m4_require([_LT_DECL_DLLTOOL])
+AC_CACHE_CHECK([how to associate runtime and link libraries],
+lt_cv_sharedlib_from_linklib_cmd,
+[lt_cv_sharedlib_from_linklib_cmd='unknown'
+
+case $host_os in
+cygwin* | mingw* | pw32* | cegcc*)
+  # two different shell functions defined in ltmain.sh;
+  # decide which one to use based on capabilities of $DLLTOOL
+  case `$DLLTOOL --help 2>&1` in
+  *--identify-strict*)
+    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
+    ;;
+  *)
+    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
+    ;;
+  esac
+  ;;
+*)
+  # fallback: assume linklib IS sharedlib
+  lt_cv_sharedlib_from_linklib_cmd=$ECHO
+  ;;
+esac
+])
+sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
+test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
+
+_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
+    [Command to associate shared and link libraries])
+])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
+
+
+# _LT_PATH_MANIFEST_TOOL
+# ----------------------
+# locate the manifest tool
+m4_defun([_LT_PATH_MANIFEST_TOOL],
+[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
+test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
+AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
+  [lt_cv_path_mainfest_tool=no
+  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
+  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
+  cat conftest.err >&AS_MESSAGE_LOG_FD
+  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
+    lt_cv_path_mainfest_tool=yes
+  fi
+  rm -f conftest*])
+if test yes != "$lt_cv_path_mainfest_tool"; then
+  MANIFEST_TOOL=:
+fi
+_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
+])# _LT_PATH_MANIFEST_TOOL
+
+
+# _LT_DLL_DEF_P([FILE])
+# ---------------------
+# True iff FILE is a Windows DLL '.def' file.
+# Keep in sync with func_dll_def_p in the libtool script
+AC_DEFUN([_LT_DLL_DEF_P],
+[dnl
+  test DEF = "`$SED -n dnl
+    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
+    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
+    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
+    -e q dnl                          Only consider the first "real" line
+    $1`" dnl
+])# _LT_DLL_DEF_P
+
+
+# LT_LIB_M
+# --------
+# check for math library
+AC_DEFUN([LT_LIB_M],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
+  # These system don't have libm, or don't need it
+  ;;
+*-ncr-sysv4.3*)
+  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
+  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+  ;;
+*)
+  AC_CHECK_LIB(m, cos, LIBM=-lm)
+  ;;
+esac
+AC_SUBST([LIBM])
+])# LT_LIB_M
+
+# Old name:
+AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_CHECK_LIBM], [])
+
+
+# _LT_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------
+m4_defun([_LT_COMPILER_NO_RTTI],
+[m4_require([_LT_TAG_COMPILER])dnl
+
+_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test yes = "$GCC"; then
+  case $cc_basename in
+  nvcc*)
+    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
+  *)
+    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
+  esac
+
+  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+    lt_cv_prog_compiler_rtti_exceptions,
+    [-fno-rtti -fno-exceptions], [],
+    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
+	[Compiler flag to turn off builtin functions])
+])# _LT_COMPILER_NO_RTTI
+
+
+# _LT_CMD_GLOBAL_SYMBOLS
+# ----------------------
+m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[[BCDT]]'
+  ;;
+cygwin* | mingw* | pw32* | cegcc*)
+  symcode='[[ABCDGISTW]]'
+  ;;
+hpux*)
+  if test ia64 = "$host_cpu"; then
+    symcode='[[ABCDEGRST]]'
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[[BCDEGRST]]'
+  ;;
+osf*)
+  symcode='[[BCDEGQRST]]'
+  ;;
+solaris*)
+  symcode='[[BDRT]]'
+  ;;
+sco3.2v5*)
+  symcode='[[DT]]'
+  ;;
+sysv4.2uw2*)
+  symcode='[[DT]]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[[ABDT]]'
+  ;;
+sysv4)
+  symcode='[[DFNSTU]]'
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+  # Gets list of data symbols to import.
+  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  # Adjust the below global symbol transforms to fixup imported variables.
+  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
+  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
+  lt_c_name_lib_hook="\
+  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
+  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
+else
+  # Disable hooks by default.
+  lt_cv_sys_global_symbol_to_import=
+  lt_cdecl_hook=
+  lt_c_name_hook=
+  lt_c_name_lib_hook=
+fi
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+$lt_cdecl_hook\
+" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+$lt_c_name_hook\
+" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
+
+# Transform an extracted symbol line into symbol name with lib prefix and
+# symbol address.
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+$lt_c_name_lib_hook\
+" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+    # Fake it for dumpbin and say T for any non-static function,
+    # D for any global variable and I for any imported variable.
+    # Also find C++ and __fastcall symbols from MSVC++,
+    # which start with @ or ?.
+    lt_cv_sys_global_symbol_pipe="$AWK ['"\
+"     {last_section=section; section=\$ 3};"\
+"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
+"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
+"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
+"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
+"     \$ 0!~/External *\|/{next};"\
+"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+"     {if(hide[section]) next};"\
+"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
+"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
+"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
+"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
+"     ' prfx=^$ac_symprfx]"
+  else
+    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+  fi
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+  if AC_TRY_EVAL(ac_compile); then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<_LT_EOF > conftest.$ac_ext
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
+   relocations are performed -- see ld's documentation on pseudo-relocs.  */
+# define LT@&t@_DLSYM_CONST
+#elif defined __osf__
+/* This system does not cope well with relocations in const data.  */
+# define LT@&t@_DLSYM_CONST
+#else
+# define LT@&t@_DLSYM_CONST const
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+	  cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols.  */
+LT@&t@_DLSYM_CONST struct {
+  const char *name;
+  void       *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[[]] =
+{
+  { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+	  cat <<\_LT_EOF >> conftest.$ac_ext
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_globsym_save_LIBS=$LIBS
+	  lt_globsym_save_CFLAGS=$CFLAGS
+	  LIBS=conftstm.$ac_objext
+	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
+	    pipe_works=yes
+	  fi
+	  LIBS=$lt_globsym_save_LIBS
+	  CFLAGS=$lt_globsym_save_CFLAGS
+	else
+	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+    fi
+  else
+    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+    cat conftest.$ac_ext >&5
+  fi
+  rm -rf conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test yes = "$pipe_works"; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  AC_MSG_RESULT(failed)
+else
+  AC_MSG_RESULT(ok)
+fi
+
+# Response file support.
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+  nm_file_list_spec='@'
+elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
+  nm_file_list_spec='@'
+fi
+
+_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
+    [Take the output of nm and produce a listing of raw symbols and C names])
+_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
+    [Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
+    [Transform the output of nm into a list of symbols to manually relocate])
+_LT_DECL([global_symbol_to_c_name_address],
+    [lt_cv_sys_global_symbol_to_c_name_address], [1],
+    [Transform the output of nm in a C name address pair])
+_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
+    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
+    [Transform the output of nm in a C name address pair when lib prefix is needed])
+_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
+    [The name lister interface])
+_LT_DECL([], [nm_file_list_spec], [1],
+    [Specify filename containing input files for $NM])
+]) # _LT_CMD_GLOBAL_SYMBOLS
+
+
+# _LT_COMPILER_PIC([TAGNAME])
+# ---------------------------
+m4_defun([_LT_COMPILER_PIC],
+[m4_require([_LT_TAG_COMPILER])dnl
+_LT_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_TAGVAR(lt_prog_compiler_static, $1)=
+
+m4_if([$1], [CXX], [
+  # C++ specific cases for pic, static, wl, etc.
+  if test yes = "$GXX"; then
+    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the '-m68020' flag to GCC prevents building anything better,
+            # like '-m68040'.
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | cygwin* | os2* | pw32* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      case $host_os in
+      os2*)
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+	;;
+      esac
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+      ;;
+    haiku*)
+      # PIC is the default for Haiku.
+      # The "-static" flag exists, but is broken.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)=
+      ;;
+    interix[[3-9]]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+    *qnx* | *nto*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+    *)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix[[4-9]]*)
+	# All AIX code is PIC.
+	if test ia64 = "$host_cpu"; then
+	  # AIX 5 now supports IA64 processor
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	else
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+      mingw* | cygwin* | os2* | pw32* | cegcc*)
+	# This hack is so that the source file can tell whether it is being
+	# built for inclusion in a dll (and should export symbols for example).
+	m4_if([$1], [GCJ], [],
+	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+	;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
+	    if test ia64 != "$host_cpu"; then
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	    ;;
+	  ecpc* )
+	    # old Intel C++ for x86_64, which still supported -KPIC.
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	    ;;
+	  icpc* )
+	    # Intel C++, used to be incompatible with GCC.
+	    # ICC 10 doesn't accept -KPIC any more.
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	    ;;
+	  pgCC* | pgcpp*)
+	    # Portland Group C++ compiler
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
+	    # IBM XL 8.0, 9.0 on PPC and BlueGene
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd* | netbsdelf*-gnu)
+	;;
+      *qnx* | *nto*)
+        # QNX uses GNU C++, but need to define -shared option too, otherwise
+        # it will coredump.
+        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+        ;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC* | sunCC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+	;;
+    esac
+  fi
+],
+[
+  if test yes = "$GCC"; then
+    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the '-m68020' flag to GCC prevents building anything better,
+            # like '-m68040'.
+            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      case $host_os in
+      os2*)
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+	;;
+      esac
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      ;;
+
+    haiku*)
+      # PIC is the default for Haiku.
+      # The "-static" flag exists, but is broken.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)=
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[[3-9]]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+      ;;
+    esac
+
+    case $cc_basename in
+    nvcc*) # Cuda Compiler Driver 2.2
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
+      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
+      fi
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      else
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+      case $cc_basename in
+      nagfor*)
+        # NAG Fortran compiler
+        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
+        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+        ;;
+      esac
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      m4_if([$1], [GCJ], [],
+	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+      case $host_os in
+      os2*)
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
+	;;
+      esac
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # PIC (with -KPIC) is the default.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+      case $cc_basename in
+      # old Intel for x86_64, which still supported -KPIC.
+      ecc*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+	;;
+      nagfor*)
+	# NAG Fortran compiler
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	;;
+      tcc*)
+	# Fabrice Bellard et al's Tiny C Compiler
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+        ;;
+      ccc*)
+        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+        # All Alpha code is PIC.
+        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+        ;;
+      xl* | bgxl* | bgf* | mpixl*)
+	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+	  ;;
+	*Sun\ F* | *Sun*Fortran*)
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+	  ;;
+	*Sun\ C*)
+	  # Sun C 5.9
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	  ;;
+        *Intel*\ [[CF]]*Compiler*)
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+	  ;;
+	*Portland\ Group*)
+	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      # All OSF/1 code is PIC.
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    rdos*)
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+      ;;
+
+    solaris*)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+      *)
+	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    unicos*)
+      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+
+    uts4*)
+      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+      ;;
+
+    *)
+      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+      ;;
+    esac
+  fi
+])
+case $host_os in
+  # For platforms that do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+    ;;
+  *)
+    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
+    ;;
+esac
+
+AC_CACHE_CHECK([for $compiler option to produce PIC],
+  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
+  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
+    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
+    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
+    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
+     "" | " "*) ;;
+     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+     esac],
+    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
+	[Additional compiler flags for building library objects])
+
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+	[How to pass a linker flag through the compiler])
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
+_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
+  $lt_tmp_static_flag,
+  [],
+  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
+_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
+	[Compiler flag to prevent dynamic linking])
+])# _LT_COMPILER_PIC
+
+
+# _LT_LINKER_SHLIBS([TAGNAME])
+# ----------------------------
+# See if the linker supports building shared libraries.
+m4_defun([_LT_LINKER_SHLIBS],
+[AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_PATH_MANIFEST_TOOL])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+m4_if([$1], [CXX], [
+  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+  case $host_os in
+  aix[[4-9]]*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+    # Without the "-l" option, or with the "-B" option, AIX nm treats
+    # weak defined symbols like other global defined symbols, whereas
+    # GNU nm marks them as "W".
+    # While the 'weak' keyword is ignored in the Export File, we need
+    # it in the Import File for the 'aix-soname' feature, so we have
+    # to replace the "-B" option with "-P" for AIX nm.
+    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
+    else
+      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
+    ;;
+  cygwin* | mingw* | cegcc*)
+    case $cc_basename in
+    cl*)
+      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+      ;;
+    *)
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
+      ;;
+    esac
+    ;;
+  linux* | k*bsd*-gnu | gnu*)
+    _LT_TAGVAR(link_all_deplibs, $1)=no
+    ;;
+  *)
+    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+    ;;
+  esac
+], [
+  runpath_var=
+  _LT_TAGVAR(allow_undefined_flag, $1)=
+  _LT_TAGVAR(always_export_symbols, $1)=no
+  _LT_TAGVAR(archive_cmds, $1)=
+  _LT_TAGVAR(archive_expsym_cmds, $1)=
+  _LT_TAGVAR(compiler_needs_object, $1)=no
+  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  _LT_TAGVAR(hardcode_automatic, $1)=no
+  _LT_TAGVAR(hardcode_direct, $1)=no
+  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+  _LT_TAGVAR(hardcode_libdir_separator, $1)=
+  _LT_TAGVAR(hardcode_minus_L, $1)=no
+  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+  _LT_TAGVAR(inherit_rpath, $1)=no
+  _LT_TAGVAR(link_all_deplibs, $1)=unknown
+  _LT_TAGVAR(module_cmds, $1)=
+  _LT_TAGVAR(module_expsym_cmds, $1)=
+  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
+  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+  _LT_TAGVAR(thread_safe_flag_spec, $1)=
+  _LT_TAGVAR(whole_archive_flag_spec, $1)=
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  _LT_TAGVAR(include_expsyms, $1)=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ' (' and ')$', so one must not match beginning or
+  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
+  # as well as any symbol that contains 'd'.
+  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
+  extract_expsyms_cmds=
+
+  case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test yes != "$GCC"; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd* | bitrig*)
+    with_gnu_ld=no
+    ;;
+  linux* | k*bsd*-gnu | gnu*)
+    _LT_TAGVAR(link_all_deplibs, $1)=no
+    ;;
+  esac
+
+  _LT_TAGVAR(ld_shlibs, $1)=yes
+
+  # On some targets, GNU ld is compatible enough with the native linker
+  # that we're better off using the native interface for both.
+  lt_use_gnu_ld_interface=no
+  if test yes = "$with_gnu_ld"; then
+    case $host_os in
+      aix*)
+	# The AIX port of GNU ld has always aspired to compatibility
+	# with the native linker.  However, as the warning in the GNU ld
+	# block says, versions before 2.19.5* couldn't really create working
+	# shared libraries, regardless of the interface used.
+	case `$LD -v 2>&1` in
+	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
+	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
+	  *)
+	    lt_use_gnu_ld_interface=yes
+	    ;;
+	esac
+	;;
+      *)
+	lt_use_gnu_ld_interface=yes
+	;;
+    esac
+  fi
+
+  if test yes = "$lt_use_gnu_ld_interface"; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='$wl'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+    else
+      _LT_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
+      *GNU\ gold*) supports_anon_versioning=yes ;;
+      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix[[3-9]]*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test ia64 != "$host_cpu"; then
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.19, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to install binutils
+*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+*** You will then need to restart the configuration process.
+
+_LT_EOF
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+            _LT_TAGVAR(archive_expsym_cmds, $1)=''
+        ;;
+      m68k)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes
+        ;;
+      esac
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+      # as there is no search path for DLLs.
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_TAGVAR(always_export_symbols, $1)=no
+      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
+
+      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file, use it as
+	# is; otherwise, prepend EXPORTS...
+	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+          cp $export_symbols $output_objdir/$soname.def;
+        else
+          echo EXPORTS > $output_objdir/$soname.def;
+          cat $export_symbols >> $output_objdir/$soname.def;
+        fi~
+        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    haiku*)
+      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    os2*)
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      shrext_cmds=.dll
+      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	prefix_cmds="$SED"~
+	if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	  prefix_cmds="$prefix_cmds -e 1d";
+	fi~
+	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      ;;
+
+    interix[[3-9]]*)
+      _LT_TAGVAR(hardcode_direct, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+      tmp_diet=no
+      if test linux-dietlibc = "$host_os"; then
+	case $cc_basename in
+	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
+	esac
+      fi
+      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+	 && test no = "$tmp_diet"
+      then
+	tmp_addflag=' $pic_flag'
+	tmp_sharedflag='-shared'
+	case $cc_basename,$host_cpu in
+        pgcc*)				# Portland Group C compiler
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95* | pgfortran*)
+					# Portland Group f77 and f90 compilers
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	lf95*)				# Lahey Fortran 8.1
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
+	  tmp_sharedflag='--shared' ;;
+        nagfor*)                        # NAGFOR 5.3
+          tmp_sharedflag='-Wl,-shared' ;;
+	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+	  tmp_sharedflag='-qmkshrobj'
+	  tmp_addflag= ;;
+	nvcc*)	# Cuda Compiler Driver 2.2
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  _LT_TAGVAR(compiler_needs_object, $1)=yes
+	  ;;
+	esac
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  _LT_TAGVAR(compiler_needs_object, $1)=yes
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	esac
+	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+
+        if test yes = "$supports_anon_versioning"; then
+          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            echo "local: *; };" >> $output_objdir/$libname.ver~
+            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
+        fi
+
+	case $cc_basename in
+	tcc*)
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
+	  ;;
+	xlf* | bgf* | bgxlf* | mpixlf*)
+	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
+	  if test yes = "$supports_anon_versioning"; then
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              echo "local: *; };" >> $output_objdir/$libname.ver~
+              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+	  fi
+	  ;;
+	esac
+      else
+        _LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  # For security reasons, it is highly recommended that you always
+	  # use absolute paths for naming shared libraries, and exclude the
+	  # DT_RUNPATH tag from executables and libraries.  But doing so
+	  # requires that you compile everything twice, which is a pain.
+	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	  else
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+    esac
+
+    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
+      runpath_var=
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+      _LT_TAGVAR(whole_archive_flag_spec, $1)=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      _LT_TAGVAR(always_export_symbols, $1)=yes
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	_LT_TAGVAR(hardcode_direct, $1)=unsupported
+      fi
+      ;;
+
+    aix[[4-9]]*)
+      if test ia64 = "$host_cpu"; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
+	# Without the "-l" option, or with the "-B" option, AIX nm treats
+	# weak defined symbols like other global defined symbols, whereas
+	# GNU nm marks them as "W".
+	# While the 'weak' keyword is ignored in the Export File, we need
+	# it in the Import File for the 'aix-soname' feature, so we have
+	# to replace the "-B" option with "-P" for AIX nm.
+	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
+	else
+	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# have runtime linking enabled, and use it for executables.
+	# For shared libraries, we enable/disable runtime linking
+	# depending on the kind of the shared library created -
+	# when "with_aix_soname,aix_use_runtimelinking" is:
+	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
+	# "aix,yes"  lib.so          shared, rtl:yes, for executables
+	#            lib.a           static archive
+	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
+	#            lib.a(lib.so.V) shared, rtl:no,  for executables
+	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+	#            lib.a(lib.so.V) shared, rtl:no
+	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
+	#            lib.a           static archive
+	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+	  for ld_flag in $LDFLAGS; do
+	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
+	    aix_use_runtimelinking=yes
+	    break
+	  fi
+	  done
+	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
+	    # so we don't have lib.a shared libs to link our executables.
+	    # We have to force runtime linking in this case.
+	    aix_use_runtimelinking=yes
+	    LDFLAGS="$LDFLAGS -Wl,-brtl"
+	  fi
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      _LT_TAGVAR(archive_cmds, $1)=''
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
+      case $with_aix_soname,$aix_use_runtimelinking in
+      aix,*) ;; # traditional, no import file
+      svr4,* | *,yes) # use import file
+	# The Import File defines what to hardcode.
+	_LT_TAGVAR(hardcode_direct, $1)=no
+	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+	;;
+      esac
+
+      if test yes = "$GCC"; then
+	case $host_os in aix4.[[012]]|aix4.[[012]].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`$CC -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	  # We have reworked collect2
+	  :
+	  else
+	  # We have old collect2
+	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test yes = "$aix_use_runtimelinking"; then
+	  shared_flag="$shared_flag "'$wl-G'
+	fi
+	# Need to ensure runtime linking is disabled for the traditional
+	# shared library, or the linker may eventually find shared libraries
+	# /with/ Import File - we do not want to mix them.
+	shared_flag_aix='-shared'
+	shared_flag_svr4='-shared $wl-G'
+      else
+	# not using gcc
+	if test ia64 = "$host_cpu"; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test yes = "$aix_use_runtimelinking"; then
+	    shared_flag='$wl-G'
+	  else
+	    shared_flag='$wl-bM:SRE'
+	  fi
+	  shared_flag_aix='$wl-bM:SRE'
+	  shared_flag_svr4='$wl-G'
+	fi
+      fi
+
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      _LT_TAGVAR(always_export_symbols, $1)=yes
+      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+        # Determine the default libpath from the value encoded in an
+        # empty executable.
+        _LT_SYS_MODULE_PATH_AIX([$1])
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
+        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
+      else
+	if test ia64 = "$host_cpu"; then
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
+	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an
+	 # empty executable.
+	 _LT_SYS_MODULE_PATH_AIX([$1])
+	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
+	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
+	  if test yes = "$with_gnu_ld"; then
+	    # We only use this code for GNU lds that support --whole-archive.
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
+	  else
+	    # Exported symbols can be pulled into shared objects from archives
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	  fi
+	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+	  # -brtl affects multiple linker settings, -berok does not and is overridden later
+	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
+	  if test svr4 != "$with_aix_soname"; then
+	    # This is similar to how AIX traditionally builds its shared libraries.
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+	  fi
+	  if test aix != "$with_aix_soname"; then
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
+	  else
+	    # used by -dlpreopen to get the symbols
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
+	  fi
+	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+            _LT_TAGVAR(archive_expsym_cmds, $1)=''
+        ;;
+      m68k)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes
+        ;;
+      esac
+      ;;
+
+    bsdi[[45]]*)
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      case $cc_basename in
+      cl*)
+	# Native MSVC
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	_LT_TAGVAR(always_export_symbols, $1)=yes
+	_LT_TAGVAR(file_list_spec, $1)='@'
+	# Tell ltmain to make .lib files, not .a files.
+	libext=lib
+	# Tell ltmain to make .dll files, not .so files.
+	shrext_cmds=.dll
+	# FIXME: Setting linknames here is a bad hack.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+            cp "$export_symbols" "$output_objdir/$soname.def";
+            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+          else
+            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+          fi~
+          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+          linknames='
+	# The linker will not automatically build a static lib if we build a DLL.
+	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+	# Don't use ranlib
+	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
+	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
+          lt_tool_outputfile="@TOOL_OUTPUT@"~
+          case $lt_outputfile in
+            *.exe|*.EXE) ;;
+            *)
+              lt_outputfile=$lt_outputfile.exe
+              lt_tool_outputfile=$lt_tool_outputfile.exe
+              ;;
+          esac~
+          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+            $RM "$lt_outputfile.manifest";
+          fi'
+	;;
+      *)
+	# Assume MSVC wrapper
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	# Tell ltmain to make .lib files, not .a files.
+	libext=lib
+	# Tell ltmain to make .dll files, not .so files.
+	shrext_cmds=.dll
+	# FIXME: Setting linknames here is a bad hack.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
+	# The linker will automatically build a .lib file if we build a DLL.
+	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+	# FIXME: Should let the user specify the lib program.
+	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	;;
+      esac
+      ;;
+
+    darwin* | rhapsody*)
+      _LT_DARWIN_LINKER_FEATURES($1)
+      ;;
+
+    dgux*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2.*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | dragonfly*)
+      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    hpux9*)
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+      ;;
+
+    hpux10*)
+      if test yes,no = "$GCC,$with_gnu_ld"; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test no = "$with_gnu_ld"; then
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
+	_LT_TAGVAR(hardcode_direct, $1)=yes
+	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	_LT_TAGVAR(hardcode_minus_L, $1)=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test yes,no = "$GCC,$with_gnu_ld"; then
+	case $host_cpu in
+	hppa*64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	m4_if($1, [], [
+	  # Older versions of the 11.00 compiler do not understand -b yet
+	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
+	  _LT_LINKER_OPTION([if $CC understands -b],
+	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
+	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
+	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
+	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
+	  ;;
+	esac
+      fi
+      if test no = "$with_gnu_ld"; then
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  _LT_TAGVAR(hardcode_direct, $1)=no
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	  ;;
+	*)
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	# Try to use the -exported_symbol ld option, if it does not
+	# work, assume that -exports_file does not work either and
+	# implicitly export all symbols.
+	# This should be the same for all languages, so no per-tag cache variable.
+	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
+	  [lt_cv_irix_exported_symbol],
+	  [save_LDFLAGS=$LDFLAGS
+	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
+	   AC_LINK_IFELSE(
+	     [AC_LANG_SOURCE(
+	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
+			      [C++], [[int foo (void) { return 0; }]],
+			      [Fortran 77], [[
+      subroutine foo
+      end]],
+			      [Fortran], [[
+      subroutine foo
+      end]])])],
+	      [lt_cv_irix_exported_symbol=yes],
+	      [lt_cv_irix_exported_symbol=no])
+           LDFLAGS=$save_LDFLAGS])
+	if test yes = "$lt_cv_irix_exported_symbol"; then
+          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
+	fi
+	_LT_TAGVAR(link_all_deplibs, $1)=no
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(inherit_rpath, $1)=yes
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    linux*)
+      case $cc_basename in
+      tcc*)
+	# Fabrice Bellard et al's Tiny C Compiler
+	_LT_TAGVAR(ld_shlibs, $1)=yes
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      esac
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    newsos6)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *nto* | *qnx*)
+      ;;
+
+    openbsd* | bitrig*)
+      if test -f /usr/libexec/ld.so; then
+	_LT_TAGVAR(hardcode_direct, $1)=yes
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+	else
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	fi
+      else
+	_LT_TAGVAR(ld_shlibs, $1)=no
+      fi
+      ;;
+
+    os2*)
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+      shrext_cmds=.dll
+      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	prefix_cmds="$SED"~
+	if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	  prefix_cmds="$prefix_cmds -e 1d";
+	fi~
+	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+      ;;
+
+    osf3*)
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+      else
+	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+      else
+	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+      fi
+      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+      ;;
+
+    solaris*)
+      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
+      if test yes = "$GCC"; then
+	wlarc='$wl'
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+      else
+	case `$CC -V 2>&1` in
+	*"Compilers 5.0"*)
+	  wlarc=''
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+	  ;;
+	*)
+	  wlarc='$wl'
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+	  ;;
+	esac
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      case $host_os in
+      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+      *)
+	# The compiler driver will combine and reorder linker options,
+	# but understands '-z linker_flag'.  GCC discards it without '$wl',
+	# but is careful enough not to reorder.
+	# Supported since Solaris 2.6 (maybe 2.5.1?)
+	if test yes = "$GCC"; then
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
+	else
+	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+	fi
+	;;
+      esac
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      ;;
+
+    sunos4*)
+      if test sequent = "$host_vendor"; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_direct, $1)=yes
+      _LT_TAGVAR(hardcode_minus_L, $1)=yes
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+	  _LT_TAGVAR(hardcode_direct, $1)=no
+        ;;
+	motorola)
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    sysv4.3*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	_LT_TAGVAR(ld_shlibs, $1)=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      runpath_var='LD_RUN_PATH'
+
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We CANNOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
+      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+      _LT_TAGVAR(link_all_deplibs, $1)=yes
+      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test yes = "$GCC"; then
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      ;;
+
+    *)
+      _LT_TAGVAR(ld_shlibs, $1)=no
+      ;;
+    esac
+
+    if test sni = "$host_vendor"; then
+      case $host in
+      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
+	;;
+      esac
+    fi
+  fi
+])
+AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
+
+_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
+
+_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
+_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
+_LT_DECL([], [extract_expsyms_cmds], [2],
+    [The commands to extract the exported symbol list from a shared archive])
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+  # Assume -lc should be added
+  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+  if test yes,yes = "$GCC,$enable_shared"; then
+    case $_LT_TAGVAR(archive_cmds, $1) in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
+	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
+	[$RM conftest*
+	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+	  soname=conftest
+	  lib=conftest
+	  libobjs=conftest.$ac_objext
+	  deplibs=
+	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+	  compiler_flags=-v
+	  linker_flags=-v
+	  verstring=
+	  output_objdir=.
+	  libname=conftest
+	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+	  _LT_TAGVAR(allow_undefined_flag, $1)=
+	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+	  then
+	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+	  else
+	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+	  fi
+	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+	else
+	  cat conftest.err 1>&5
+	fi
+	$RM conftest*
+	])
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
+    [Whether or not to add -lc for building shared libraries])
+_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
+    [enable_shared_with_static_runtimes], [0],
+    [Whether or not to disallow shared libs when runtime libs are static])
+_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
+    [Compiler flag to allow reflexive dlopens])
+_LT_TAGDECL([], [whole_archive_flag_spec], [1],
+    [Compiler flag to generate shared objects directly from archives])
+_LT_TAGDECL([], [compiler_needs_object], [1],
+    [Whether the compiler copes with passing no objects directly])
+_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
+    [Create an old-style archive from a shared archive])
+_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
+    [Create a temporary old-style archive to link instead of a shared archive])
+_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
+_LT_TAGDECL([], [archive_expsym_cmds], [2])
+_LT_TAGDECL([], [module_cmds], [2],
+    [Commands used to build a loadable module if different from building
+    a shared archive.])
+_LT_TAGDECL([], [module_expsym_cmds], [2])
+_LT_TAGDECL([], [with_gnu_ld], [1],
+    [Whether we are building with GNU ld or not])
+_LT_TAGDECL([], [allow_undefined_flag], [1],
+    [Flag that allows shared libraries with undefined symbols to be built])
+_LT_TAGDECL([], [no_undefined_flag], [1],
+    [Flag that enforces no undefined symbols])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
+    [Flag to hardcode $libdir into a binary during linking.
+    This must work even if $libdir does not exist])
+_LT_TAGDECL([], [hardcode_libdir_separator], [1],
+    [Whether we need a single "-rpath" flag with a separated argument])
+_LT_TAGDECL([], [hardcode_direct], [0],
+    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
+    DIR into the resulting binary])
+_LT_TAGDECL([], [hardcode_direct_absolute], [0],
+    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
+    DIR into the resulting binary and the resulting library dependency is
+    "absolute", i.e impossible to change by setting $shlibpath_var if the
+    library is relocated])
+_LT_TAGDECL([], [hardcode_minus_L], [0],
+    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+    into the resulting binary])
+_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
+    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+    into the resulting binary])
+_LT_TAGDECL([], [hardcode_automatic], [0],
+    [Set to "yes" if building a shared library automatically hardcodes DIR
+    into the library and all subsequent libraries and executables linked
+    against it])
+_LT_TAGDECL([], [inherit_rpath], [0],
+    [Set to yes if linker adds runtime paths of dependent libraries
+    to runtime path list])
+_LT_TAGDECL([], [link_all_deplibs], [0],
+    [Whether libtool must link a program against all its dependency libraries])
+_LT_TAGDECL([], [always_export_symbols], [0],
+    [Set to "yes" if exported symbols are required])
+_LT_TAGDECL([], [export_symbols_cmds], [2],
+    [The commands to list exported symbols])
+_LT_TAGDECL([], [exclude_expsyms], [1],
+    [Symbols that should not be listed in the preloaded symbols])
+_LT_TAGDECL([], [include_expsyms], [1],
+    [Symbols that must always be exported])
+_LT_TAGDECL([], [prelink_cmds], [2],
+    [Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [postlink_cmds], [2],
+    [Commands necessary for finishing linking programs])
+_LT_TAGDECL([], [file_list_spec], [1],
+    [Specify filename containing input files])
+dnl FIXME: Not yet implemented
+dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
+dnl    [Compiler flag to generate thread safe objects])
+])# _LT_LINKER_SHLIBS
+
+
+# _LT_LANG_C_CONFIG([TAG])
+# ------------------------
+# Ensure that the configuration variables for a C compiler are suitably
+# defined.  These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_C_CONFIG],
+[m4_require([_LT_DECL_EGREP])dnl
+lt_save_CC=$CC
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+_LT_TAG_COMPILER
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+if test -n "$compiler"; then
+  _LT_COMPILER_NO_RTTI($1)
+  _LT_COMPILER_PIC($1)
+  _LT_COMPILER_C_O($1)
+  _LT_COMPILER_FILE_LOCKS($1)
+  _LT_LINKER_SHLIBS($1)
+  _LT_SYS_DYNAMIC_LINKER($1)
+  _LT_LINKER_HARDCODE_LIBPATH($1)
+  LT_SYS_DLOPEN_SELF
+  _LT_CMD_STRIPLIB
+
+  # Report what library types will actually be built
+  AC_MSG_CHECKING([if libtool supports shared libraries])
+  AC_MSG_RESULT([$can_build_shared])
+
+  AC_MSG_CHECKING([whether to build shared libraries])
+  test no = "$can_build_shared" && enable_shared=no
+
+  # On AIX, shared libraries and static libraries use the same namespace, and
+  # are all built from PIC.
+  case $host_os in
+  aix3*)
+    test yes = "$enable_shared" && enable_static=no
+    if test -n "$RANLIB"; then
+      archive_cmds="$archive_cmds~\$RANLIB \$lib"
+      postinstall_cmds='$RANLIB $lib'
+    fi
+    ;;
+
+  aix[[4-9]]*)
+    if test ia64 != "$host_cpu"; then
+      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+      yes,aix,yes) ;;			# shared object as lib.so file only
+      yes,svr4,*) ;;			# shared object as lib.so archive member only
+      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
+      esac
+    fi
+    ;;
+  esac
+  AC_MSG_RESULT([$enable_shared])
+
+  AC_MSG_CHECKING([whether to build static libraries])
+  # Make sure either enable_shared or enable_static is yes.
+  test yes = "$enable_shared" || enable_static=yes
+  AC_MSG_RESULT([$enable_static])
+
+  _LT_CONFIG($1)
+fi
+AC_LANG_POP
+CC=$lt_save_CC
+])# _LT_LANG_C_CONFIG
+
+
+# _LT_LANG_CXX_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a C++ compiler are suitably
+# defined.  These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_CXX_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_PATH_MANIFEST_TOOL])dnl
+if test -n "$CXX" && ( test no != "$CXX" &&
+    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
+    (test g++ != "$CXX"))); then
+  AC_PROG_CXXCPP
+else
+  _lt_caught_CXX_error=yes
+fi
+
+AC_LANG_PUSH(C++)
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(compiler_needs_object, $1)=no
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test yes != "$_lt_caught_CXX_error"; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="int some_variable = 0;"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_CFLAGS=$CFLAGS
+  lt_save_LD=$LD
+  lt_save_GCC=$GCC
+  GCC=$GXX
+  lt_save_with_gnu_ld=$with_gnu_ld
+  lt_save_path_LD=$lt_cv_path_LD
+  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+  else
+    $as_unset lt_cv_prog_gnu_ld
+  fi
+  if test -n "${lt_cv_path_LDCXX+set}"; then
+    lt_cv_path_LD=$lt_cv_path_LDCXX
+  else
+    $as_unset lt_cv_path_LD
+  fi
+  test -z "${LDCXX+set}" || LD=$LDCXX
+  CC=${CXX-"c++"}
+  CFLAGS=$CXXFLAGS
+  compiler=$CC
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+
+  if test -n "$compiler"; then
+    # We don't want -fno-exception when compiling C++ code, so set the
+    # no_builtin_flag separately
+    if test yes = "$GXX"; then
+      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+    else
+      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+    fi
+
+    if test yes = "$GXX"; then
+      # Set up default GNU C++ configuration
+
+      LT_PATH_LD
+
+      # Check if GNU C++ uses GNU ld as the underlying linker, since the
+      # archiving commands below assume that GNU ld is being used.
+      if test yes = "$with_gnu_ld"; then
+        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+
+        # If archive_cmds runs LD, not CC, wlarc should be empty
+        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+        #     investigate it a little bit more. (MM)
+        wlarc='$wl'
+
+        # ancient GNU ld didn't support --whole-archive et. al.
+        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+	  $GREP 'no-whole-archive' > /dev/null; then
+          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+        else
+          _LT_TAGVAR(whole_archive_flag_spec, $1)=
+        fi
+      else
+        with_gnu_ld=no
+        wlarc=
+
+        # A generic and very simple default shared library creation
+        # command for GNU C++ for the case where it uses the native
+        # linker, instead of GNU ld.  If possible, this setting should
+        # overridden to take advantage of the native linker features on
+        # the platform it is being used on.
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+      fi
+
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+
+    else
+      GXX=no
+      with_gnu_ld=no
+      wlarc=
+    fi
+
+    # PORTME: fill in a description of your system's C++ link characteristics
+    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+    _LT_TAGVAR(ld_shlibs, $1)=yes
+    case $host_os in
+      aix3*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+      aix[[4-9]]*)
+        if test ia64 = "$host_cpu"; then
+          # On IA64, the linker does run time linking by default, so we don't
+          # have to do anything special.
+          aix_use_runtimelinking=no
+          exp_sym_flag='-Bexport'
+          no_entry_flag=
+        else
+          aix_use_runtimelinking=no
+
+          # Test if we are trying to use run time linking or normal
+          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+          # have runtime linking enabled, and use it for executables.
+          # For shared libraries, we enable/disable runtime linking
+          # depending on the kind of the shared library created -
+          # when "with_aix_soname,aix_use_runtimelinking" is:
+          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
+          # "aix,yes"  lib.so          shared, rtl:yes, for executables
+          #            lib.a           static archive
+          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
+          #            lib.a(lib.so.V) shared, rtl:no,  for executables
+          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+          #            lib.a(lib.so.V) shared, rtl:no
+          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
+          #            lib.a           static archive
+          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+	    for ld_flag in $LDFLAGS; do
+	      case $ld_flag in
+	      *-brtl*)
+	        aix_use_runtimelinking=yes
+	        break
+	        ;;
+	      esac
+	    done
+	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
+	      # so we don't have lib.a shared libs to link our executables.
+	      # We have to force runtime linking in this case.
+	      aix_use_runtimelinking=yes
+	      LDFLAGS="$LDFLAGS -Wl,-brtl"
+	    fi
+	    ;;
+          esac
+
+          exp_sym_flag='-bexport'
+          no_entry_flag='-bnoentry'
+        fi
+
+        # When large executables or shared objects are built, AIX ld can
+        # have problems creating the table of contents.  If linking a library
+        # or program results in "error TOC overflow" add -mminimal-toc to
+        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+        _LT_TAGVAR(archive_cmds, $1)=''
+        _LT_TAGVAR(hardcode_direct, $1)=yes
+        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+        _LT_TAGVAR(link_all_deplibs, $1)=yes
+        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
+        case $with_aix_soname,$aix_use_runtimelinking in
+        aix,*) ;;	# no import file
+        svr4,* | *,yes) # use import file
+          # The Import File defines what to hardcode.
+          _LT_TAGVAR(hardcode_direct, $1)=no
+          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+          ;;
+        esac
+
+        if test yes = "$GXX"; then
+          case $host_os in aix4.[[012]]|aix4.[[012]].*)
+          # We only want to do this on AIX 4.2 and lower, the check
+          # below for broken collect2 doesn't work under 4.3+
+	  collect2name=`$CC -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	    # We have reworked collect2
+	    :
+	  else
+	    # We have old collect2
+	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
+	    # It fails to find uninstalled libraries when the uninstalled
+	    # path is not listed in the libpath.  Setting hardcode_minus_L
+	    # to unsupported forces relinking
+	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
+	  fi
+          esac
+          shared_flag='-shared'
+	  if test yes = "$aix_use_runtimelinking"; then
+	    shared_flag=$shared_flag' $wl-G'
+	  fi
+	  # Need to ensure runtime linking is disabled for the traditional
+	  # shared library, or the linker may eventually find shared libraries
+	  # /with/ Import File - we do not want to mix them.
+	  shared_flag_aix='-shared'
+	  shared_flag_svr4='-shared $wl-G'
+        else
+          # not using gcc
+          if test ia64 = "$host_cpu"; then
+	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	  # chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+          else
+	    if test yes = "$aix_use_runtimelinking"; then
+	      shared_flag='$wl-G'
+	    else
+	      shared_flag='$wl-bM:SRE'
+	    fi
+	    shared_flag_aix='$wl-bM:SRE'
+	    shared_flag_svr4='$wl-G'
+          fi
+        fi
+
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
+        # It seems that -bexpall does not export symbols beginning with
+        # underscore (_), so it is better to generate a list of symbols to
+	# export.
+        _LT_TAGVAR(always_export_symbols, $1)=yes
+	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
+          # Warning - without using the other runtime loading flags (-brtl),
+          # -berok will link without error, but may produce a broken library.
+          # The "-G" linker flag allows undefined symbols.
+          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
+          # Determine the default libpath from the value encoded in an empty
+          # executable.
+          _LT_SYS_MODULE_PATH_AIX([$1])
+          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
+
+          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
+        else
+          if test ia64 = "$host_cpu"; then
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
+	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
+          else
+	    # Determine the default libpath from the value encoded in an
+	    # empty executable.
+	    _LT_SYS_MODULE_PATH_AIX([$1])
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
+	    # Warning - without using the other run time loading flags,
+	    # -berok will link without error, but may produce a broken library.
+	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
+	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
+	    if test yes = "$with_gnu_ld"; then
+	      # We only use this code for GNU lds that support --whole-archive.
+	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
+	    else
+	      # Exported symbols can be pulled into shared objects from archives
+	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+	    fi
+	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+	    # -brtl affects multiple linker settings, -berok does not and is overridden later
+	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
+	    if test svr4 != "$with_aix_soname"; then
+	      # This is similar to how AIX traditionally builds its shared
+	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
+	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+	    fi
+	    if test aix != "$with_aix_soname"; then
+	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
+	    else
+	      # used by -dlpreopen to get the symbols
+	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
+	    fi
+	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
+          fi
+        fi
+        ;;
+
+      beos*)
+	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	  # support --undefined.  This deserves some investigation.  FIXME
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	else
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+
+      chorus*)
+        case $cc_basename in
+          *)
+	  # FIXME: insert proper C++ library support
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	  ;;
+        esac
+        ;;
+
+      cygwin* | mingw* | pw32* | cegcc*)
+	case $GXX,$cc_basename in
+	,cl* | no,cl*)
+	  # Native MSVC
+	  # hardcode_libdir_flag_spec is actually meaningless, as there is
+	  # no search path for DLLs.
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	  _LT_TAGVAR(always_export_symbols, $1)=yes
+	  _LT_TAGVAR(file_list_spec, $1)='@'
+	  # Tell ltmain to make .lib files, not .a files.
+	  libext=lib
+	  # Tell ltmain to make .dll files, not .so files.
+	  shrext_cmds=.dll
+	  # FIXME: Setting linknames here is a bad hack.
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+              cp "$export_symbols" "$output_objdir/$soname.def";
+              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+            else
+              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+            fi~
+            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+            linknames='
+	  # The linker will not automatically build a static lib if we build a DLL.
+	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	  # Don't use ranlib
+	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
+	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
+            lt_tool_outputfile="@TOOL_OUTPUT@"~
+            case $lt_outputfile in
+              *.exe|*.EXE) ;;
+              *)
+                lt_outputfile=$lt_outputfile.exe
+                lt_tool_outputfile=$lt_tool_outputfile.exe
+                ;;
+            esac~
+            func_to_tool_file "$lt_outputfile"~
+            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+              $RM "$lt_outputfile.manifest";
+            fi'
+	  ;;
+	*)
+	  # g++
+	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+	  # as there is no search path for DLLs.
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
+	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	  _LT_TAGVAR(always_export_symbols, $1)=no
+	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	    # If the export-symbols file already is a .def file, use it as
+	    # is; otherwise, prepend EXPORTS...
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
+              cp $export_symbols $output_objdir/$soname.def;
+            else
+              echo EXPORTS > $output_objdir/$soname.def;
+              cat $export_symbols >> $output_objdir/$soname.def;
+            fi~
+            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	  else
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	  fi
+	  ;;
+	esac
+	;;
+      darwin* | rhapsody*)
+        _LT_DARWIN_LINKER_FEATURES($1)
+	;;
+
+      os2*)
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+	_LT_TAGVAR(hardcode_minus_L, $1)=yes
+	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+	shrext_cmds=.dll
+	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	  $ECHO EXPORTS >> $output_objdir/$libname.def~
+	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	  emximp -o $lib $output_objdir/$libname.def'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	  $ECHO EXPORTS >> $output_objdir/$libname.def~
+	  prefix_cmds="$SED"~
+	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	    prefix_cmds="$prefix_cmds -e 1d";
+	  fi~
+	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	  emximp -o $lib $output_objdir/$libname.def'
+	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+	;;
+
+      dgux*)
+        case $cc_basename in
+          ec++*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          ghcx*)
+	    # Green Hills C++ Compiler
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      freebsd2.*)
+        # C++ shared libraries reported to be fairly broken before
+	# switch to ELF
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      freebsd-elf*)
+        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+        ;;
+
+      freebsd* | dragonfly*)
+        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+        # conventions
+        _LT_TAGVAR(ld_shlibs, $1)=yes
+        ;;
+
+      haiku*)
+        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+        _LT_TAGVAR(link_all_deplibs, $1)=yes
+        ;;
+
+      hpux9*)
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+        _LT_TAGVAR(hardcode_direct, $1)=yes
+        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+				             # but as the default
+				             # location of the library.
+
+        case $cc_basename in
+          CC*)
+            # FIXME: insert proper C++ library support
+            _LT_TAGVAR(ld_shlibs, $1)=no
+            ;;
+          aCC*)
+            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+            # Commands to make compiler produce verbose output that lists
+            # what "hidden" libraries, object files and flags are used when
+            # linking a shared library.
+            #
+            # There doesn't appear to be a way to prevent this compiler from
+            # explicitly linking system object files so we need to strip them
+            # from the output so that they don't get included in the library
+            # dependencies.
+            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+            ;;
+          *)
+            if test yes = "$GXX"; then
+              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+            else
+              # FIXME: insert proper C++ library support
+              _LT_TAGVAR(ld_shlibs, $1)=no
+            fi
+            ;;
+        esac
+        ;;
+
+      hpux10*|hpux11*)
+        if test no = "$with_gnu_ld"; then
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
+	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+          case $host_cpu in
+            hppa*64*|ia64*)
+              ;;
+            *)
+	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+              ;;
+          esac
+        fi
+        case $host_cpu in
+          hppa*64*|ia64*)
+            _LT_TAGVAR(hardcode_direct, $1)=no
+            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+            ;;
+          *)
+            _LT_TAGVAR(hardcode_direct, $1)=yes
+            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+					         # but as the default
+					         # location of the library.
+            ;;
+        esac
+
+        case $cc_basename in
+          CC*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          aCC*)
+	    case $host_cpu in
+	      hppa*64*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      ia64*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      *)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	    esac
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+	    ;;
+          *)
+	    if test yes = "$GXX"; then
+	      if test no = "$with_gnu_ld"; then
+	        case $host_cpu in
+	          hppa*64*)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          ia64*)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          *)
+	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	        esac
+	      fi
+	    else
+	      # FIXME: insert proper C++ library support
+	      _LT_TAGVAR(ld_shlibs, $1)=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      interix[[3-9]]*)
+	_LT_TAGVAR(hardcode_direct, $1)=no
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+	# Instead, shared libraries are loaded at an image base (0x10000000 by
+	# default) and relocated if they conflict, which is a slow very memory
+	# consuming and fragmenting process.  To avoid this, we pick a random,
+	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	;;
+      irix5* | irix6*)
+        case $cc_basename in
+          CC*)
+	    # SGI C++
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    if test yes = "$GXX"; then
+	      if test no = "$with_gnu_ld"; then
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	      else
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
+	      fi
+	    fi
+	    _LT_TAGVAR(link_all_deplibs, $1)=yes
+	    ;;
+        esac
+        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+        _LT_TAGVAR(inherit_rpath, $1)=yes
+        ;;
+
+      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+	    ;;
+	  icpc* | ecpc* )
+	    # Intel C++
+	    with_gnu_ld=yes
+	    # version 8.0 and above of icpc choke on multiply defined symbols
+	    # if we add $predep_objects and $postdep_objects, however 7.1 and
+	    # earlier do not add the objects themselves.
+	    case `$CC -V 2>&1` in
+	      *"Version 7."*)
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	      *)  # Version 8.0 or newer
+	        tmp_idyn=
+	        case $host_cpu in
+		  ia64*) tmp_idyn=' -i_dynamic';;
+		esac
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	    esac
+	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
+	    ;;
+          pgCC* | pgcpp*)
+            # Portland Group C++ compiler
+	    case `$CC -V` in
+	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
+	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
+               rm -rf $tpldir~
+               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
+	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
+                $RANLIB $oldlib'
+	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	      ;;
+	    *) # Version 6 and above use weak symbols
+	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	      ;;
+	    esac
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+            ;;
+	  cxx*)
+	    # Compaq C++
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
+
+	    runpath_var=LD_RUN_PATH
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
+	    ;;
+	  xl* | mpixl* | bgxl*)
+	    # IBM XL 8.0 on PPC, with GNU ld
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	    if test yes = "$supports_anon_versioning"; then
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+                echo "local: *; };" >> $output_objdir/$libname.ver~
+                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
+	    fi
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	      _LT_TAGVAR(compiler_needs_object, $1)=yes
+
+	      # Not sure whether something based on
+	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+	      # would be better.
+	      output_verbose_link_cmd='func_echo_all'
+
+	      # Archives containing C++ object files must be created using
+	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	      # necessary to make sure instantiated templates are included
+	      # in the archive.
+	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+
+      lynxos*)
+        # FIXME: insert proper C++ library support
+	_LT_TAGVAR(ld_shlibs, $1)=no
+	;;
+
+      m88k*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+	;;
+
+      mvs*)
+        case $cc_basename in
+          cxx*)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+	  *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+	esac
+	;;
+
+      netbsd*)
+        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+	  wlarc=
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	fi
+	# Workaround some broken pre-1.5 toolchains
+	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+	;;
+
+      *nto* | *qnx*)
+        _LT_TAGVAR(ld_shlibs, $1)=yes
+	;;
+
+      openbsd* | bitrig*)
+	if test -f /usr/libexec/ld.so; then
+	  _LT_TAGVAR(hardcode_direct, $1)=yes
+	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
+	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
+	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+	  fi
+	  output_verbose_link_cmd=func_echo_all
+	else
+	  _LT_TAGVAR(ld_shlibs, $1)=no
+	fi
+	;;
+
+      osf3* | osf4* | osf5*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Archives containing C++ object files must be created using
+	    # the KAI C++ compiler.
+	    case $host in
+	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
+	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
+	    esac
+	    ;;
+          RCC*)
+	    # Rational C++ 2.4.1
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          cxx*)
+	    case $host in
+	      osf3*)
+	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+		;;
+	      *)
+	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+                  echo "-hidden">> $lib.exp~
+                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
+                  $RM $lib.exp'
+	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+		;;
+	    esac
+
+	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+	    ;;
+	  *)
+	    if test yes,no = "$GXX,$with_gnu_ld"; then
+	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
+	      case $host in
+	        osf3*)
+	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+		  ;;
+	        *)
+	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+		  ;;
+	      esac
+
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
+	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+	      # Commands to make compiler produce verbose output that lists
+	      # what "hidden" libraries, object files and flags are used when
+	      # linking a shared library.
+	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+
+	    else
+	      # FIXME: insert proper C++ library support
+	      _LT_TAGVAR(ld_shlibs, $1)=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      psos*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      sunos4*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.x
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          lcc*)
+	    # Lucid
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      solaris*)
+        case $cc_basename in
+          CC* | sunCC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
+	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	    case $host_os in
+	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+	      *)
+		# The compiler driver will combine and reorder linker options,
+		# but understands '-z linker_flag'.
+	        # Supported since Solaris 2.6 (maybe 2.5.1?)
+		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+	        ;;
+	    esac
+	    _LT_TAGVAR(link_all_deplibs, $1)=yes
+
+	    output_verbose_link_cmd='func_echo_all'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+	    ;;
+          gcx*)
+	    # Green Hills C++ Compiler
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+
+	    # The C++ compiler must be used to create the archive.
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    # GNU C++ compiler with Solaris linker
+	    if test yes,no = "$GXX,$with_gnu_ld"; then
+	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
+	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	      else
+	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
+	        # platform.
+	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	      fi
+
+	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
+	      case $host_os in
+		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+		*)
+		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
+		  ;;
+	      esac
+	    fi
+	    ;;
+        esac
+        ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+      runpath_var='LD_RUN_PATH'
+
+      case $cc_basename in
+        CC*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+      esac
+      ;;
+
+      sysv5* | sco3.2v5* | sco5v6*)
+	# Note: We CANNOT use -z defs as we might desire, because we do not
+	# link with -lc, and that would cause any symbols used from libc to
+	# always be unresolved, which means just about no library would
+	# ever link correctly.  If we're not using GNU ld we use -z text
+	# though, which does catch some bad symbols but isn't as heavy-handed
+	# as -z defs.
+	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
+	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
+	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
+	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+	_LT_TAGVAR(link_all_deplibs, $1)=yes
+	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
+	runpath_var='LD_RUN_PATH'
+
+	case $cc_basename in
+          CC*)
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
+              '"$_LT_TAGVAR(old_archive_cmds, $1)"
+	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
+              '"$_LT_TAGVAR(reload_cmds, $1)"
+	    ;;
+	  *)
+	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	esac
+      ;;
+
+      tandem*)
+        case $cc_basename in
+          NCC*)
+	    # NonStop-UX NCC 3.20
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    _LT_TAGVAR(ld_shlibs, $1)=no
+	    ;;
+        esac
+        ;;
+
+      vxworks*)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+
+      *)
+        # FIXME: insert proper C++ library support
+        _LT_TAGVAR(ld_shlibs, $1)=no
+        ;;
+    esac
+
+    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
+
+    _LT_TAGVAR(GCC, $1)=$GXX
+    _LT_TAGVAR(LD, $1)=$LD
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_SYS_HIDDEN_LIBDEPS($1)
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  CC=$lt_save_CC
+  CFLAGS=$lt_save_CFLAGS
+  LDCXX=$LD
+  LD=$lt_save_LD
+  GCC=$lt_save_GCC
+  with_gnu_ld=$lt_save_with_gnu_ld
+  lt_cv_path_LDCXX=$lt_cv_path_LD
+  lt_cv_path_LD=$lt_save_path_LD
+  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test yes != "$_lt_caught_CXX_error"
+
+AC_LANG_POP
+])# _LT_LANG_CXX_CONFIG
+
+
+# _LT_FUNC_STRIPNAME_CNF
+# ----------------------
+# func_stripname_cnf prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+#
+# This function is identical to the (non-XSI) version of func_stripname,
+# except this one can be used by m4 code that may be executed by configure,
+# rather than the libtool script.
+m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
+AC_REQUIRE([_LT_DECL_SED])
+AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
+func_stripname_cnf ()
+{
+  case @S|@2 in
+  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
+  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
+  esac
+} # func_stripname_cnf
+])# _LT_FUNC_STRIPNAME_CNF
+
+
+# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
+# ---------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
+# Dependencies to place before and after the object being linked:
+_LT_TAGVAR(predep_objects, $1)=
+_LT_TAGVAR(postdep_objects, $1)=
+_LT_TAGVAR(predeps, $1)=
+_LT_TAGVAR(postdeps, $1)=
+_LT_TAGVAR(compiler_lib_search_path, $1)=
+
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library.  It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
+int a;
+void foo (void) { a = 0; }
+_LT_EOF
+], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+_LT_EOF
+], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
+      subroutine foo
+      implicit none
+      integer*4 a
+      a=0
+      return
+      end
+_LT_EOF
+], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
+      subroutine foo
+      implicit none
+      integer a
+      a=0
+      return
+      end
+_LT_EOF
+], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
+public class foo {
+  private int a;
+  public void bar (void) {
+    a = 0;
+  }
+};
+_LT_EOF
+], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
+package foo
+func foo() {
+}
+_LT_EOF
+])
+
+_lt_libdeps_save_CFLAGS=$CFLAGS
+case "$CC $CFLAGS " in #(
+*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
+*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
+*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
+esac
+
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  for p in `eval "$output_verbose_link_cmd"`; do
+    case $prev$p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test x-L = "$p" ||
+          test x-R = "$p"; then
+	 prev=$p
+	 continue
+       fi
+
+       # Expand the sysroot to ease extracting the directories later.
+       if test -z "$prev"; then
+         case $p in
+         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
+         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
+         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
+         esac
+       fi
+       case $p in
+       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
+       esac
+       if test no = "$pre_test_object_deps_done"; then
+	 case $prev in
+	 -L | -R)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
+	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
+	   else
+	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
+	   _LT_TAGVAR(postdeps, $1)=$prev$p
+	 else
+	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
+	 fi
+       fi
+       prev=
+       ;;
+
+    *.lto.$objext) ;; # Ignore GCC LTO objects
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test no = "$pre_test_object_deps_done"; then
+	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
+	   _LT_TAGVAR(predep_objects, $1)=$p
+	 else
+	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
+	 fi
+       else
+	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
+	   _LT_TAGVAR(postdep_objects, $1)=$p
+	 else
+	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$RM -f confest.$objext
+CFLAGS=$_lt_libdeps_save_CFLAGS
+
+# PORTME: override above test on systems where it is broken
+m4_if([$1], [CXX],
+[case $host_os in
+interix[[3-9]]*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  _LT_TAGVAR(predep_objects,$1)=
+  _LT_TAGVAR(postdep_objects,$1)=
+  _LT_TAGVAR(postdeps,$1)=
+  ;;
+esac
+])
+
+case " $_LT_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
+fi
+_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
+    [The directories searched by this compiler when creating a shared library])
+_LT_TAGDECL([], [predep_objects], [1],
+    [Dependencies to place before and after the objects being linked to
+    create a shared library])
+_LT_TAGDECL([], [postdep_objects], [1])
+_LT_TAGDECL([], [predeps], [1])
+_LT_TAGDECL([], [postdeps], [1])
+_LT_TAGDECL([], [compiler_lib_search_path], [1],
+    [The library search path used internally by the compiler when linking
+    a shared library])
+])# _LT_SYS_HIDDEN_LIBDEPS
+
+
+# _LT_LANG_F77_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a Fortran 77 compiler are
+# suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_F77_CONFIG],
+[AC_LANG_PUSH(Fortran 77)
+if test -z "$F77" || test no = "$F77"; then
+  _lt_disable_F77=yes
+fi
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the F77 compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test yes != "$_lt_disable_F77"; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="\
+      subroutine t
+      return
+      end
+"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code="\
+      program t
+      end
+"
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_GCC=$GCC
+  lt_save_CFLAGS=$CFLAGS
+  CC=${F77-"f77"}
+  CFLAGS=$FFLAGS
+  compiler=$CC
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+  GCC=$G77
+  if test -n "$compiler"; then
+    AC_MSG_CHECKING([if libtool supports shared libraries])
+    AC_MSG_RESULT([$can_build_shared])
+
+    AC_MSG_CHECKING([whether to build shared libraries])
+    test no = "$can_build_shared" && enable_shared=no
+
+    # On AIX, shared libraries and static libraries use the same namespace, and
+    # are all built from PIC.
+    case $host_os in
+      aix3*)
+        test yes = "$enable_shared" && enable_static=no
+        if test -n "$RANLIB"; then
+          archive_cmds="$archive_cmds~\$RANLIB \$lib"
+          postinstall_cmds='$RANLIB $lib'
+        fi
+        ;;
+      aix[[4-9]]*)
+	if test ia64 != "$host_cpu"; then
+	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+	  yes,aix,yes) ;;		# shared object as lib.so file only
+	  yes,svr4,*) ;;		# shared object as lib.so archive member only
+	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
+	  esac
+	fi
+        ;;
+    esac
+    AC_MSG_RESULT([$enable_shared])
+
+    AC_MSG_CHECKING([whether to build static libraries])
+    # Make sure either enable_shared or enable_static is yes.
+    test yes = "$enable_shared" || enable_static=yes
+    AC_MSG_RESULT([$enable_static])
+
+    _LT_TAGVAR(GCC, $1)=$G77
+    _LT_TAGVAR(LD, $1)=$LD
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  GCC=$lt_save_GCC
+  CC=$lt_save_CC
+  CFLAGS=$lt_save_CFLAGS
+fi # test yes != "$_lt_disable_F77"
+
+AC_LANG_POP
+])# _LT_LANG_F77_CONFIG
+
+
+# _LT_LANG_FC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for a Fortran compiler are
+# suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_FC_CONFIG],
+[AC_LANG_PUSH(Fortran)
+
+if test -z "$FC" || test no = "$FC"; then
+  _lt_disable_FC=yes
+fi
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for fc test sources.
+ac_ext=${ac_fc_srcext-f}
+
+# Object file extension for compiled fc test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the FC compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test yes != "$_lt_disable_FC"; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="\
+      subroutine t
+      return
+      end
+"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code="\
+      program t
+      end
+"
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+  _LT_TAG_COMPILER
+
+  # save warnings/boilerplate of simple test code
+  _LT_COMPILER_BOILERPLATE
+  _LT_LINKER_BOILERPLATE
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_GCC=$GCC
+  lt_save_CFLAGS=$CFLAGS
+  CC=${FC-"f95"}
+  CFLAGS=$FCFLAGS
+  compiler=$CC
+  GCC=$ac_cv_fc_compiler_gnu
+
+  _LT_TAGVAR(compiler, $1)=$CC
+  _LT_CC_BASENAME([$compiler])
+
+  if test -n "$compiler"; then
+    AC_MSG_CHECKING([if libtool supports shared libraries])
+    AC_MSG_RESULT([$can_build_shared])
+
+    AC_MSG_CHECKING([whether to build shared libraries])
+    test no = "$can_build_shared" && enable_shared=no
+
+    # On AIX, shared libraries and static libraries use the same namespace, and
+    # are all built from PIC.
+    case $host_os in
+      aix3*)
+        test yes = "$enable_shared" && enable_static=no
+        if test -n "$RANLIB"; then
+          archive_cmds="$archive_cmds~\$RANLIB \$lib"
+          postinstall_cmds='$RANLIB $lib'
+        fi
+        ;;
+      aix[[4-9]]*)
+	if test ia64 != "$host_cpu"; then
+	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+	  yes,aix,yes) ;;		# shared object as lib.so file only
+	  yes,svr4,*) ;;		# shared object as lib.so archive member only
+	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
+	  esac
+	fi
+        ;;
+    esac
+    AC_MSG_RESULT([$enable_shared])
+
+    AC_MSG_CHECKING([whether to build static libraries])
+    # Make sure either enable_shared or enable_static is yes.
+    test yes = "$enable_shared" || enable_static=yes
+    AC_MSG_RESULT([$enable_static])
+
+    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
+    _LT_TAGVAR(LD, $1)=$LD
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    _LT_SYS_HIDDEN_LIBDEPS($1)
+    _LT_COMPILER_PIC($1)
+    _LT_COMPILER_C_O($1)
+    _LT_COMPILER_FILE_LOCKS($1)
+    _LT_LINKER_SHLIBS($1)
+    _LT_SYS_DYNAMIC_LINKER($1)
+    _LT_LINKER_HARDCODE_LIBPATH($1)
+
+    _LT_CONFIG($1)
+  fi # test -n "$compiler"
+
+  GCC=$lt_save_GCC
+  CC=$lt_save_CC
+  CFLAGS=$lt_save_CFLAGS
+fi # test yes != "$_lt_disable_FC"
+
+AC_LANG_POP
+])# _LT_LANG_FC_CONFIG
+
+
+# _LT_LANG_GCJ_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Java Compiler compiler
+# are suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_GCJ_CONFIG],
+[AC_REQUIRE([LT_PROG_GCJ])dnl
+AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GCJ-"gcj"}
+CFLAGS=$GCJFLAGS
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)=$LD
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+
+if test -n "$compiler"; then
+  _LT_COMPILER_NO_RTTI($1)
+  _LT_COMPILER_PIC($1)
+  _LT_COMPILER_C_O($1)
+  _LT_COMPILER_FILE_LOCKS($1)
+  _LT_LINKER_SHLIBS($1)
+  _LT_LINKER_HARDCODE_LIBPATH($1)
+
+  _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_GCJ_CONFIG
+
+
+# _LT_LANG_GO_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Go compiler
+# are suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_GO_CONFIG],
+[AC_REQUIRE([LT_PROG_GO])dnl
+AC_LANG_SAVE
+
+# Source file extension for Go test sources.
+ac_ext=go
+
+# Object file extension for compiled Go test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="package main; func main() { }"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='package main; func main() { }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GOC-"gccgo"}
+CFLAGS=$GOFLAGS
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)=$LD
+_LT_CC_BASENAME([$compiler])
+
+# Go did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(reload_flag, $1)=$reload_flag
+_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
+
+if test -n "$compiler"; then
+  _LT_COMPILER_NO_RTTI($1)
+  _LT_COMPILER_PIC($1)
+  _LT_COMPILER_C_O($1)
+  _LT_COMPILER_FILE_LOCKS($1)
+  _LT_LINKER_SHLIBS($1)
+  _LT_LINKER_HARDCODE_LIBPATH($1)
+
+  _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_GO_CONFIG
+
+
+# _LT_LANG_RC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for the Windows resource compiler
+# are suitably defined.  These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to 'libtool'.
+m4_defun([_LT_LANG_RC_CONFIG],
+[AC_REQUIRE([LT_PROG_RC])dnl
+AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code=$lt_simple_compile_test_code
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC=$CC
+lt_save_CFLAGS=$CFLAGS
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+CFLAGS=
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+if test -n "$compiler"; then
+  :
+  _LT_CONFIG($1)
+fi
+
+GCC=$lt_save_GCC
+AC_LANG_RESTORE
+CC=$lt_save_CC
+CFLAGS=$lt_save_CFLAGS
+])# _LT_LANG_RC_CONFIG
+
+
+# LT_PROG_GCJ
+# -----------
+AC_DEFUN([LT_PROG_GCJ],
+[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
+    [AC_CHECK_TOOL(GCJ, gcj,)
+      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
+      AC_SUBST(GCJFLAGS)])])[]dnl
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+
+
+# LT_PROG_GO
+# ----------
+AC_DEFUN([LT_PROG_GO],
+[AC_CHECK_TOOL(GOC, gccgo,)
+])
+
+
+# LT_PROG_RC
+# ----------
+AC_DEFUN([LT_PROG_RC],
+[AC_CHECK_TOOL(RC, windres,)
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_RC], [])
+
+
+# _LT_DECL_EGREP
+# --------------
+# If we don't have a new enough Autoconf to choose the best grep
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_EGREP],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_REQUIRE([AC_PROG_FGREP])dnl
+test -z "$GREP" && GREP=grep
+_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
+_LT_DECL([], [EGREP], [1], [An ERE matcher])
+_LT_DECL([], [FGREP], [1], [A literal string matcher])
+dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
+AC_SUBST([GREP])
+])
+
+
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+# _LT_DECL_DLLTOOL
+# ----------------
+# Ensure DLLTOOL variable is set.
+m4_defun([_LT_DECL_DLLTOOL],
+[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
+AC_SUBST([DLLTOOL])
+])
+
+# _LT_DECL_SED
+# ------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible.  Prefer GNU sed if found.
+m4_defun([_LT_DECL_SED],
+[AC_PROG_SED
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
+_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
+    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
+])# _LT_DECL_SED
+
+m4_ifndef([AC_PROG_SED], [
+# NOTE: This macro has been submitted for inclusion into   #
+#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
+#  a released version of Autoconf we should remove this    #
+#  macro and use it instead.                               #
+
+m4_defun([AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for lt_ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+      fi
+    done
+  done
+done
+IFS=$as_save_IFS
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+  test ! -f "$lt_ac_sed" && continue
+  cat /dev/null > conftest.in
+  lt_ac_count=0
+  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+  # Check for GNU sed and select it if it is found.
+  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+    lt_cv_path_SED=$lt_ac_sed
+    break
+  fi
+  while true; do
+    cat conftest.in conftest.in >conftest.tmp
+    mv conftest.tmp conftest.in
+    cp conftest.in conftest.nl
+    echo >>conftest.nl
+    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+    cmp -s conftest.out conftest.nl || break
+    # 10000 chars as input seems more than enough
+    test 10 -lt "$lt_ac_count" && break
+    lt_ac_count=`expr $lt_ac_count + 1`
+    if test "$lt_ac_count" -gt "$lt_ac_max"; then
+      lt_ac_max=$lt_ac_count
+      lt_cv_path_SED=$lt_ac_sed
+    fi
+  done
+done
+])
+SED=$lt_cv_path_SED
+AC_SUBST([SED])
+AC_MSG_RESULT([$SED])
+])#AC_PROG_SED
+])#m4_ifndef
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_SED], [])
+
+
+# _LT_CHECK_SHELL_FEATURES
+# ------------------------
+# Find out whether the shell is Bourne or XSI compatible,
+# or has some other useful features.
+m4_defun([_LT_CHECK_SHELL_FEATURES],
+[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  lt_unset=unset
+else
+  lt_unset=false
+fi
+_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  lt_SP2NL='tr \040 \012'
+  lt_NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  lt_SP2NL='tr \100 \n'
+  lt_NL2SP='tr \r\n \100\100'
+  ;;
+esac
+_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
+_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
+])# _LT_CHECK_SHELL_FEATURES
+
+
+# _LT_PATH_CONVERSION_FUNCTIONS
+# -----------------------------
+# Determine what file name conversion functions should be used by
+# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
+# for certain cross-compile configurations and native mingw.
+m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_MSG_CHECKING([how to convert $build file names to $host format])
+AC_CACHE_VAL(lt_cv_to_host_file_cmd,
+[case $host in
+  *-*-mingw* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
+        ;;
+      *-*-cygwin* )
+        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
+        ;;
+      * ) # otherwise, assume *nix
+        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
+        ;;
+    esac
+    ;;
+  *-*-cygwin* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
+        ;;
+      *-*-cygwin* )
+        lt_cv_to_host_file_cmd=func_convert_file_noop
+        ;;
+      * ) # otherwise, assume *nix
+        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
+        ;;
+    esac
+    ;;
+  * ) # unhandled hosts (and "normal" native builds)
+    lt_cv_to_host_file_cmd=func_convert_file_noop
+    ;;
+esac
+])
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
+_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
+         [0], [convert $build file names to $host format])dnl
+
+AC_MSG_CHECKING([how to convert $build file names to toolchain format])
+AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
+[#assume ordinary cross tools, or native build.
+lt_cv_to_tool_file_cmd=func_convert_file_noop
+case $host in
+  *-*-mingw* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
+        ;;
+    esac
+    ;;
+esac
+])
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
+_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
+         [0], [convert $build files to toolchain format])dnl
+])# _LT_PATH_CONVERSION_FUNCTIONS
+
+# Helper functions for option handling.                    -*- Autoconf -*-
+#
+#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
+#   Foundation, Inc.
+#   Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 8 ltoptions.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
+
+
+# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
+# ------------------------------------------
+m4_define([_LT_MANGLE_OPTION],
+[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
+
+
+# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
+# ---------------------------------------
+# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
+# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
+# saved as a flag.
+m4_define([_LT_SET_OPTION],
+[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
+m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
+        _LT_MANGLE_DEFUN([$1], [$2]),
+    [m4_warning([Unknown $1 option '$2'])])[]dnl
+])
+
+
+# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
+# ------------------------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+m4_define([_LT_IF_OPTION],
+[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
+
+
+# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
+# -------------------------------------------------------
+# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
+# are set.
+m4_define([_LT_UNLESS_OPTIONS],
+[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
+		      [m4_define([$0_found])])])[]dnl
+m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
+])[]dnl
+])
+
+
+# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
+# ----------------------------------------
+# OPTION-LIST is a space-separated list of Libtool options associated
+# with MACRO-NAME.  If any OPTION has a matching handler declared with
+# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
+# the unknown option and exit.
+m4_defun([_LT_SET_OPTIONS],
+[# Set options
+m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+    [_LT_SET_OPTION([$1], _LT_Option)])
+
+m4_if([$1],[LT_INIT],[
+  dnl
+  dnl Simply set some default values (i.e off) if boolean options were not
+  dnl specified:
+  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
+  ])
+  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
+  ])
+  dnl
+  dnl If no reference was made to various pairs of opposing options, then
+  dnl we run the default mode handler for the pair.  For example, if neither
+  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
+  dnl archives by default:
+  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
+  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
+  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
+  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
+		   [_LT_ENABLE_FAST_INSTALL])
+  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
+		   [_LT_WITH_AIX_SONAME([aix])])
+  ])
+])# _LT_SET_OPTIONS
+
+
+
+# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
+# -----------------------------------------
+m4_define([_LT_MANGLE_DEFUN],
+[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
+
+
+# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
+# -----------------------------------------------
+m4_define([LT_OPTION_DEFINE],
+[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
+])# LT_OPTION_DEFINE
+
+
+# dlopen
+# ------
+LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
+])
+
+AU_DEFUN([AC_LIBTOOL_DLOPEN],
+[_LT_SET_OPTION([LT_INIT], [dlopen])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'dlopen' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
+
+
+# win32-dll
+# ---------
+# Declare package support for building win32 dll's.
+LT_OPTION_DEFINE([LT_INIT], [win32-dll],
+[enable_win32_dll=yes
+
+case $host in
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
+  AC_CHECK_TOOL(AS, as, false)
+  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+  AC_CHECK_TOOL(OBJDUMP, objdump, false)
+  ;;
+esac
+
+test -z "$AS" && AS=as
+_LT_DECL([], [AS],      [1], [Assembler program])dnl
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
+])# win32-dll
+
+AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+_LT_SET_OPTION([LT_INIT], [win32-dll])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'win32-dll' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
+
+
+# _LT_ENABLE_SHARED([DEFAULT])
+# ----------------------------
+# implement the --enable-shared flag, and supports the 'shared' and
+# 'disable-shared' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
+m4_define([_LT_ENABLE_SHARED],
+[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([shared],
+    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac],
+    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
+
+    _LT_DECL([build_libtool_libs], [enable_shared], [0],
+	[Whether or not to build shared libraries])
+])# _LT_ENABLE_SHARED
+
+LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
+])
+
+AC_DEFUN([AC_DISABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], [disable-shared])
+])
+
+AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_SHARED], [])
+dnl AC_DEFUN([AM_DISABLE_SHARED], [])
+
+
+
+# _LT_ENABLE_STATIC([DEFAULT])
+# ----------------------------
+# implement the --enable-static flag, and support the 'static' and
+# 'disable-static' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
+m4_define([_LT_ENABLE_STATIC],
+[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([static],
+    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac],
+    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
+
+    _LT_DECL([build_old_libs], [enable_static], [0],
+	[Whether or not to build static libraries])
+])# _LT_ENABLE_STATIC
+
+LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
+])
+
+AC_DEFUN([AC_DISABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], [disable-static])
+])
+
+AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_STATIC], [])
+dnl AC_DEFUN([AM_DISABLE_STATIC], [])
+
+
+
+# _LT_ENABLE_FAST_INSTALL([DEFAULT])
+# ----------------------------------
+# implement the --enable-fast-install flag, and support the 'fast-install'
+# and 'disable-fast-install' LT_INIT options.
+# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
+m4_define([_LT_ENABLE_FAST_INSTALL],
+[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([fast-install],
+    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+    [p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac],
+    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
+
+_LT_DECL([fast_install], [enable_fast_install], [0],
+	 [Whether or not to optimize for fast installation])dnl
+])# _LT_ENABLE_FAST_INSTALL
+
+LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
+
+# Old names:
+AU_DEFUN([AC_ENABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the 'fast-install' option into LT_INIT's first parameter.])
+])
+
+AU_DEFUN([AC_DISABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the 'disable-fast-install' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
+dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+
+
+# _LT_WITH_AIX_SONAME([DEFAULT])
+# ----------------------------------
+# implement the --with-aix-soname flag, and support the `aix-soname=aix'
+# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
+# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
+m4_define([_LT_WITH_AIX_SONAME],
+[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
+shared_archive_member_spec=
+case $host,$enable_shared in
+power*-*-aix[[5-9]]*,yes)
+  AC_MSG_CHECKING([which variant of shared library versioning to provide])
+  AC_ARG_WITH([aix-soname],
+    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
+      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
+    [case $withval in
+    aix|svr4|both)
+      ;;
+    *)
+      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
+      ;;
+    esac
+    lt_cv_with_aix_soname=$with_aix_soname],
+    [AC_CACHE_VAL([lt_cv_with_aix_soname],
+      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
+    with_aix_soname=$lt_cv_with_aix_soname])
+  AC_MSG_RESULT([$with_aix_soname])
+  if test aix != "$with_aix_soname"; then
+    # For the AIX way of multilib, we name the shared archive member
+    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
+    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
+    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
+    # the AIX toolchain works better with OBJECT_MODE set (default 32).
+    if test 64 = "${OBJECT_MODE-32}"; then
+      shared_archive_member_spec=shr_64
+    else
+      shared_archive_member_spec=shr
+    fi
+  fi
+  ;;
+*)
+  with_aix_soname=aix
+  ;;
+esac
+
+_LT_DECL([], [shared_archive_member_spec], [0],
+    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
+])# _LT_WITH_AIX_SONAME
+
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
+LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
+
+
+# _LT_WITH_PIC([MODE])
+# --------------------
+# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
+# LT_INIT options.
+# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
+m4_define([_LT_WITH_PIC],
+[AC_ARG_WITH([pic],
+    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
+	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+    [lt_p=${PACKAGE-default}
+    case $withval in
+    yes|no) pic_mode=$withval ;;
+    *)
+      pic_mode=default
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for lt_pkg in $withval; do
+	IFS=$lt_save_ifs
+	if test "X$lt_pkg" = "X$lt_p"; then
+	  pic_mode=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac],
+    [pic_mode=m4_default([$1], [default])])
+
+_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
+])# _LT_WITH_PIC
+
+LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
+
+# Old name:
+AU_DEFUN([AC_LIBTOOL_PICMODE],
+[_LT_SET_OPTION([LT_INIT], [pic-only])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the 'pic-only' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
+
+
+m4_define([_LTDL_MODE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
+		 [m4_define([_LTDL_MODE], [nonrecursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [recursive],
+		 [m4_define([_LTDL_MODE], [recursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [subproject],
+		 [m4_define([_LTDL_MODE], [subproject])])
+
+m4_define([_LTDL_TYPE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [installable],
+		 [m4_define([_LTDL_TYPE], [installable])])
+LT_OPTION_DEFINE([LTDL_INIT], [convenience],
+		 [m4_define([_LTDL_TYPE], [convenience])])
+
+# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
+#
+# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
+# Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltsugar.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
+
+
+# lt_join(SEP, ARG1, [ARG2...])
+# -----------------------------
+# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
+# associated separator.
+# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
+# versions in m4sugar had bugs.
+m4_define([lt_join],
+[m4_if([$#], [1], [],
+       [$#], [2], [[$2]],
+       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
+m4_define([_lt_join],
+[m4_if([$#$2], [2], [],
+       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
+
+
+# lt_car(LIST)
+# lt_cdr(LIST)
+# ------------
+# Manipulate m4 lists.
+# These macros are necessary as long as will still need to support
+# Autoconf-2.59, which quotes differently.
+m4_define([lt_car], [[$1]])
+m4_define([lt_cdr],
+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
+       [$#], 1, [],
+       [m4_dquote(m4_shift($@))])])
+m4_define([lt_unquote], $1)
+
+
+# lt_append(MACRO-NAME, STRING, [SEPARATOR])
+# ------------------------------------------
+# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
+# Note that neither SEPARATOR nor STRING are expanded; they are appended
+# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
+# No SEPARATOR is output if MACRO-NAME was previously undefined (different
+# than defined and empty).
+#
+# This macro is needed until we can rely on Autoconf 2.62, since earlier
+# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
+m4_define([lt_append],
+[m4_define([$1],
+	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
+
+
+
+# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
+# ----------------------------------------------------------
+# Produce a SEP delimited list of all paired combinations of elements of
+# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
+# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
+m4_define([lt_combine],
+[m4_if(m4_eval([$# > 3]), [1],
+       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+	     [m4_foreach([_Lt_suffix],
+		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
+
+
+# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
+# -----------------------------------------------------------------------
+# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
+m4_define([lt_if_append_uniq],
+[m4_ifdef([$1],
+	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
+		 [lt_append([$1], [$2], [$3])$4],
+		 [$5])],
+	  [lt_append([$1], [$2], [$3])$4])])
+
+
+# lt_dict_add(DICT, KEY, VALUE)
+# -----------------------------
+m4_define([lt_dict_add],
+[m4_define([$1($2)], [$3])])
+
+
+# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
+# --------------------------------------------
+m4_define([lt_dict_add_subkey],
+[m4_define([$1($2:$3)], [$4])])
+
+
+# lt_dict_fetch(DICT, KEY, [SUBKEY])
+# ----------------------------------
+m4_define([lt_dict_fetch],
+[m4_ifval([$3],
+	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
+    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
+
+
+# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
+# -----------------------------------------------------------------
+m4_define([lt_if_dict_fetch],
+[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
+	[$5],
+    [$6])])
+
+
+# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
+# --------------------------------------------------------------
+m4_define([lt_dict_filter],
+[m4_if([$5], [], [],
+  [lt_join(m4_quote(m4_default([$4], [[, ]])),
+           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
+		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
+])
+
+# ltversion.m4 -- version numbers			-*- Autoconf -*-
+#
+#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
+#   Written by Scott James Remnant, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# @configure_input@
+
+# serial 4179 ltversion.m4
+# This file is part of GNU Libtool
+
+m4_define([LT_PACKAGE_VERSION], [2.4.6])
+m4_define([LT_PACKAGE_REVISION], [2.4.6])
+
+AC_DEFUN([LTVERSION_VERSION],
+[macro_version='2.4.6'
+macro_revision='2.4.6'
+_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
+_LT_DECL(, macro_revision, 0)
+])
+
+# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
+#
+#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
+#   Foundation, Inc.
+#   Written by Scott James Remnant, 2004.
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 5 lt~obsolete.m4
+
+# These exist entirely to fool aclocal when bootstrapping libtool.
+#
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
+# which have later been changed to m4_define as they aren't part of the
+# exported API, or moved to Autoconf or Automake where they belong.
+#
+# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
+# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
+# using a macro with the same name in our local m4/libtool.m4 it'll
+# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
+# and doesn't know about Autoconf macros at all.)
+#
+# So we provide this file, which has a silly filename so it's always
+# included after everything else.  This provides aclocal with the
+# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
+# because those macros already exist, or will be overwritten later.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
+#
+# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
+# Yes, that means every name once taken will need to remain here until
+# we give up compatibility with versions before 1.7, at which point
+# we need to keep only those names which we still refer to.
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
+
+m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
+m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
+m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
+m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
+m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
+m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
+m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
+m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
+m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
+m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
+m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
+m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
+m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
+m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
+m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
+m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
+m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
+m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
+m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
+m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
+m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
+m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
+m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
+m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
+m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
+m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
+m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
+m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
+m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
+m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
+m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
+m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
+m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
+m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
+m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
+m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
+m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
+m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
+m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
+m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
+m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
+m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
+m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
+m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
+m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
+m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
+m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
+m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
+m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
+m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
+m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
+
+# Copyright (C) 2002-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.15'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.15.1], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.15.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to '$srcdir/foo'.  In other projects, it is set to
+# '$srcdir', '$srcdir/..', or '$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is '.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ([2.52])dnl
+ m4_if([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+       [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+
+# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+m4_if([$1], [CC],   [depcc="$CC"   am_compiler_list=],
+      [$1], [CXX],  [depcc="$CXX"  am_compiler_list=],
+      [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+      [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'],
+      [$1], [UPC],  [depcc="$UPC"  am_compiler_list=],
+      [$1], [GCJ],  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                    [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named 'D' -- because '-MD' means "put the output
+  # in D".
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+      # Solaris 10 /bin/sh.
+      echo '/* dummy */' > sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with '-c' and '-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle '-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs.
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # After this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested.
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+      # This compiler won't grok '-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES.
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE([dependency-tracking], [dnl
+AS_HELP_STRING(
+  [--enable-dependency-tracking],
+  [do not reject slow dependency extractors])
+AS_HELP_STRING(
+  [--disable-dependency-tracking],
+  [speeds up one-time build])])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+  am__nodep='_no'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+AC_SUBST([am__nodep])dnl
+_AM_SUBST_NOTMAKE([am__nodep])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Older Autoconf quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named 'Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running 'make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "$am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each '.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O.
+m4_define([AC_PROG_CC],
+m4_defn([AC_PROG_CC])
+[_AM_PROG_CC_C_O
+])
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.65])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[AC_DIAGNOSE([obsolete],
+             [$0: two- and three-arguments forms are deprecated.])
+m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(
+  m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]),
+  [ok:ok],,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package])
+ AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}])
+AM_MISSING_PROG([AUTOCONF], [autoconf])
+AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}])
+AM_MISSING_PROG([AUTOHEADER], [autoheader])
+AM_MISSING_PROG([MAKEINFO], [makeinfo])
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+# For better backward compatibility.  To be removed once Automake 1.9.x
+# dies out for good.  For more background, see:
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
+# We need awk for the "check" target (and possibly the TAP driver).  The
+# system "awk" is bad on some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES([CC])],
+		  [m4_define([AC_PROG_CC],
+			     m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES([CXX])],
+		  [m4_define([AC_PROG_CXX],
+			     m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES([OBJC])],
+		  [m4_define([AC_PROG_OBJC],
+			     m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJCXX],
+		  [_AM_DEPENDENCIES([OBJCXX])],
+		  [m4_define([AC_PROG_OBJCXX],
+			     m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl
+])
+AC_REQUIRE([AM_SILENT_RULES])dnl
+dnl The testsuite driver may need to know about EXEEXT, so add the
+dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This
+dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+
+# POSIX will say in a future version that running "rm -f" with no argument
+# is OK; and we want to be able to make that assumption in our Makefile
+# recipes.  So use an aggressive probe to check that the usage we want is
+# actually supported "in the wild" to an acceptable degree.
+# See automake bug#10828.
+# To make any issue more visible, cause the running configure to be aborted
+# by default if the 'rm' program in use doesn't match our expectations; the
+# user can still override this though.
+if rm -f && rm -fr && rm -rf; then : OK; else
+  cat >&2 <<'END'
+Oops!
+
+Your 'rm' program seems unable to run without file operands specified
+on the command line, even when the '-f' option is present.  This is contrary
+to the behaviour of most rm programs out there, and not conforming with
+the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
+
+Please tell bug-automake@gnu.org about your system, including the value
+of your $PATH and any error possibly output before this message.  This
+can help us improve future automake versions.
+
+END
+  if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
+    echo 'Configuration will proceed anyway, since you have set the' >&2
+    echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
+    echo >&2
+  else
+    cat >&2 <<'END'
+Aborting the configuration process, to ensure you take notice of the issue.
+
+You can download and install GNU coreutils to get an 'rm' implementation
+that behaves properly: <http://www.gnu.org/software/coreutils/>.
+
+If you want to complete the configuration process using your problematic
+'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+to "yes", and re-run configure.
+
+END
+    AC_MSG_ERROR([Your 'rm' program is bad, sorry.])
+  fi
+fi
+dnl The trailing newline in this macro's definition is deliberate, for
+dnl backward compatibility and to allow trailing 'dnl'-style comments
+dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841.
+])
+
+dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST([install_sh])])
+
+# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from 'make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it is modern enough.
+# If it is, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --is-lightweight"; then
+  am_missing_run="$MISSING "
+else
+  am_missing_run=
+  AC_MSG_WARN(['missing' script is too old or missing])
+fi
+])
+
+#  -*- Autoconf -*-
+# Obsolete and "removed" macros, that must however still report explicit
+# error messages when used, to smooth transition.
+#
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([AM_CONFIG_HEADER],
+[AC_DIAGNOSE([obsolete],
+['$0': this macro is obsolete.
+You should use the 'AC][_CONFIG_HEADERS' macro instead.])dnl
+AC_CONFIG_HEADERS($@)])
+
+AC_DEFUN([AM_PROG_CC_STDC],
+[AC_PROG_CC
+am_cv_prog_cc_stdc=$ac_cv_prog_cc_stdc
+AC_DIAGNOSE([obsolete],
+['$0': this macro is obsolete.
+You should simply use the 'AC][_PROG_CC' macro instead.
+Also, your code should no longer depend upon 'am_cv_prog_cc_stdc',
+but upon 'ac_cv_prog_cc_stdc'.])])
+
+AC_DEFUN([AM_C_PROTOTYPES],
+         [AC_FATAL([automatic de-ANSI-fication support has been removed])])
+AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# --------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), [1])])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_PROG_CC_C_O
+# ---------------
+# Like AC_PROG_CC_C_O, but changed for automake.  We rewrite AC_PROG_CC
+# to automatically call this.
+AC_DEFUN([_AM_PROG_CC_C_O],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([compile])dnl
+AC_LANG_PUSH([C])dnl
+AC_CACHE_CHECK(
+  [whether $CC understands -c and -o together],
+  [am_cv_prog_cc_c_o],
+  [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])])
+  # Make sure it works both with $CC and with simple cc.
+  # Following AC_PROG_CC_C_O, we do the test twice because some
+  # compilers refuse to overwrite an existing .o file with -o,
+  # though they will create one.
+  am_cv_prog_cc_c_o=yes
+  for am_i in 1 2; do
+    if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \
+         && test -f conftest2.$ac_objext; then
+      : OK
+    else
+      am_cv_prog_cc_c_o=no
+      break
+    fi
+  done
+  rm -f core conftest*
+  unset am_i])
+if test "$am_cv_prog_cc_c_o" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+AC_LANG_POP([C])])
+
+# For backward compatibility.
+AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_RUN_LOG(COMMAND)
+# -------------------
+# Run COMMAND, save the exit status in ac_status, and log it.
+# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
+AC_DEFUN([AM_RUN_LOG],
+[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
+   ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+   (exit $ac_status); }])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);;
+esac
+
+# Do 'set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   am_has_slept=no
+   for am_try in 1 2; do
+     echo "timestamp, slept: $am_has_slept" > conftest.file
+     set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+     if test "$[*]" = "X"; then
+	# -L didn't work.
+	set X `ls -t "$srcdir/configure" conftest.file`
+     fi
+     if test "$[*]" != "X $srcdir/configure conftest.file" \
+	&& test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+	# If neither matched, then we have a broken ls.  This can happen
+	# if, for instance, CONFIG_SHELL is bash and it inherits a
+	# broken ls alias from the environment.  This has actually
+	# happened.  Such a system could not be considered "sane".
+	AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+  alias in your environment])
+     fi
+     if test "$[2]" = conftest.file || test $am_try -eq 2; then
+       break
+     fi
+     # Just in case.
+     sleep 1
+     am_has_slept=yes
+   done
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT([yes])
+# If we didn't sleep, we still need to ensure time stamps of config.status and
+# generated files are strictly newer.
+am_sleep_pid=
+if grep 'slept: no' conftest.file >/dev/null 2>&1; then
+  ( sleep 1 ) &
+  am_sleep_pid=$!
+fi
+AC_CONFIG_COMMANDS_PRE(
+  [AC_MSG_CHECKING([that generated files are newer than configure])
+   if test -n "$am_sleep_pid"; then
+     # Hide warnings about reused PIDs.
+     wait $am_sleep_pid 2>/dev/null
+   fi
+   AC_MSG_RESULT([done])])
+rm -f conftest.file
+])
+
+# Copyright (C) 2009-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_SILENT_RULES([DEFAULT])
+# --------------------------
+# Enable less verbose build rules; with the default set to DEFAULT
+# ("yes" being less verbose, "no" or empty being verbose).
+AC_DEFUN([AM_SILENT_RULES],
+[AC_ARG_ENABLE([silent-rules], [dnl
+AS_HELP_STRING(
+  [--enable-silent-rules],
+  [less verbose build output (undo: "make V=1")])
+AS_HELP_STRING(
+  [--disable-silent-rules],
+  [verbose build output (undo: "make V=0")])dnl
+])
+case $enable_silent_rules in @%:@ (((
+  yes) AM_DEFAULT_VERBOSITY=0;;
+   no) AM_DEFAULT_VERBOSITY=1;;
+    *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
+esac
+dnl
+dnl A few 'make' implementations (e.g., NonStop OS and NextStep)
+dnl do not support nested variable expansions.
+dnl See automake bug#9928 and bug#10237.
+am_make=${MAKE-make}
+AC_CACHE_CHECK([whether $am_make supports nested variables],
+   [am_cv_make_support_nested_variables],
+   [if AS_ECHO([['TRUE=$(BAR$(V))
+BAR0=false
+BAR1=true
+V=1
+am__doit:
+	@$(TRUE)
+.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then
+  am_cv_make_support_nested_variables=yes
+else
+  am_cv_make_support_nested_variables=no
+fi])
+if test $am_cv_make_support_nested_variables = yes; then
+  dnl Using '$V' instead of '$(V)' breaks IRIX make.
+  AM_V='$(V)'
+  AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
+else
+  AM_V=$AM_DEFAULT_VERBOSITY
+  AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
+fi
+AC_SUBST([AM_V])dnl
+AM_SUBST_NOTMAKE([AM_V])dnl
+AC_SUBST([AM_DEFAULT_V])dnl
+AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl
+AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
+AM_BACKSLASH='\'
+AC_SUBST([AM_BACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
+])
+
+# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor 'install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in "make install-strip", and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using 'strip' when the user
+# run "make install-strip".  However 'strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the 'STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be 'maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# --------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004-2017 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of 'v7', 'ustar', or 'pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+#
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.  Yes, it's still used
+# in the wild :-(  We should find a proper way to deprecate it ...
+AC_SUBST([AMTAR], ['$${TAR-tar}'])
+
+# We'll loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+
+m4_if([$1], [v7],
+  [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
+
+  [m4_case([$1],
+    [ustar],
+     [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
+      # There is notably a 21 bits limit for the UID and the GID.  In fact,
+      # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
+      # and bug#13588).
+      am_max_uid=2097151 # 2^21 - 1
+      am_max_gid=$am_max_uid
+      # The $UID and $GID variables are not portable, so we need to resort
+      # to the POSIX-mandated id(1) utility.  Errors in the 'id' calls
+      # below are definitely unexpected, so allow the users to see them
+      # (that is, avoid stderr redirection).
+      am_uid=`id -u || echo unknown`
+      am_gid=`id -g || echo unknown`
+      AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
+      if test $am_uid -le $am_max_uid; then
+         AC_MSG_RESULT([yes])
+      else
+         AC_MSG_RESULT([no])
+         _am_tools=none
+      fi
+      AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
+      if test $am_gid -le $am_max_gid; then
+         AC_MSG_RESULT([yes])
+      else
+        AC_MSG_RESULT([no])
+        _am_tools=none
+      fi],
+
+  [pax],
+    [],
+
+  [m4_fatal([Unknown tar format])])
+
+  AC_MSG_CHECKING([how to create a $1 tar archive])
+
+  # Go ahead even if we have the value already cached.  We do so because we
+  # need to set the values for the 'am__tar' and 'am__untar' variables.
+  _am_tools=${am_cv_prog_tar_$1-$_am_tools}
+
+  for _am_tool in $_am_tools; do
+    case $_am_tool in
+    gnutar)
+      for _am_tar in tar gnutar gtar; do
+        AM_RUN_LOG([$_am_tar --version]) && break
+      done
+      am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+      am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+      am__untar="$_am_tar -xf -"
+      ;;
+    plaintar)
+      # Must skip GNU tar: if it does not support --format= it doesn't create
+      # ustar tarball either.
+      (tar --version) >/dev/null 2>&1 && continue
+      am__tar='tar chf - "$$tardir"'
+      am__tar_='tar chf - "$tardir"'
+      am__untar='tar xf -'
+      ;;
+    pax)
+      am__tar='pax -L -x $1 -w "$$tardir"'
+      am__tar_='pax -L -x $1 -w "$tardir"'
+      am__untar='pax -r'
+      ;;
+    cpio)
+      am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+      am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+      am__untar='cpio -i -H $1 -d'
+      ;;
+    none)
+      am__tar=false
+      am__tar_=false
+      am__untar=false
+      ;;
+    esac
+
+    # If the value was cached, stop now.  We just wanted to have am__tar
+    # and am__untar set.
+    test -n "${am_cv_prog_tar_$1}" && break
+
+    # tar/untar a dummy directory, and stop if the command works.
+    rm -rf conftest.dir
+    mkdir conftest.dir
+    echo GrepMe > conftest.dir/file
+    AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+    rm -rf conftest.dir
+    if test -s conftest.tar; then
+      AM_RUN_LOG([$am__untar <conftest.tar])
+      AM_RUN_LOG([cat conftest.dir/file])
+      grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+    fi
+  done
+  rm -rf conftest.dir
+
+  AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+  AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
diff --git a/contrib/ldapc++/config.guess b/contrib/ldapc++/config.guess
new file mode 100755
index 0000000..45001cf
--- /dev/null
+++ b/contrib/ldapc++/config.guess
@@ -0,0 +1,1667 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright 1992-2020 Free Software Foundation, Inc.
+
+timestamp='2020-01-01'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+#
+# Originally written by Per Bothner; maintained since 2000 by Ben Elliston.
+#
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+#
+# Please send patches to <config-patches@gnu.org>.
+
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Options:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright 1992-2020 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+tmp=
+# shellcheck disable=SC2172
+trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15
+
+set_cc_for_build() {
+    # prevent multiple calls if $tmp is already set
+    test "$tmp" && return 0
+    : "${TMPDIR=/tmp}"
+    # shellcheck disable=SC2039
+    { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+	{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } ||
+	{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+	{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; }
+    dummy=$tmp/dummy
+    case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in
+	,,)    echo "int x;" > "$dummy.c"
+	       for driver in cc gcc c89 c99 ; do
+		   if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then
+		       CC_FOR_BUILD="$driver"
+		       break
+		   fi
+	       done
+	       if test x"$CC_FOR_BUILD" = x ; then
+		   CC_FOR_BUILD=no_compiler_found
+	       fi
+	       ;;
+	,,*)   CC_FOR_BUILD=$CC ;;
+	,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+    esac
+}
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if test -f /.attbin/uname ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+case "$UNAME_SYSTEM" in
+Linux|GNU|GNU/*)
+	# If the system lacks a compiler, then just pick glibc.
+	# We could probably try harder.
+	LIBC=gnu
+
+	set_cc_for_build
+	cat <<-EOF > "$dummy.c"
+	#include <features.h>
+	#if defined(__UCLIBC__)
+	LIBC=uclibc
+	#elif defined(__dietlibc__)
+	LIBC=dietlibc
+	#else
+	LIBC=gnu
+	#endif
+	EOF
+	eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`"
+
+	# If ldd exists, use it to detect musl libc.
+	if command -v ldd >/dev/null && \
+		ldd --version 2>&1 | grep -q ^musl
+	then
+	    LIBC=musl
+	fi
+	;;
+esac
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
+	    "/sbin/$sysctl" 2>/dev/null || \
+	    "/usr/sbin/$sysctl" 2>/dev/null || \
+	    echo unknown)`
+	case "$UNAME_MACHINE_ARCH" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    earmv*)
+		arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
+		endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'`
+		machine="${arch}${endian}"-unknown
+		;;
+	    *) machine="$UNAME_MACHINE_ARCH"-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently (or will in the future) and ABI.
+	case "$UNAME_MACHINE_ARCH" in
+	    earm*)
+		os=netbsdelf
+		;;
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+		os=netbsd
+		;;
+	esac
+	# Determine ABI tags.
+	case "$UNAME_MACHINE_ARCH" in
+	    earm*)
+		expr='s/^earmv[0-9]/-eabi/;s/eb$//'
+		abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"`
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "$UNAME_VERSION" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "$machine-${os}${release}${abi-}"
+	exit ;;
+    *:Bitrig:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
+	echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE"
+	exit ;;
+    *:LibertyBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'`
+	echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE"
+	exit ;;
+    *:MidnightBSD:*:*)
+	echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE"
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE"
+	exit ;;
+    *:SolidBSD:*:*)
+	echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE"
+	exit ;;
+    *:OS108:*:*)
+	echo "$UNAME_MACHINE"-unknown-os108_"$UNAME_RELEASE"
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd"$UNAME_RELEASE"
+	exit ;;
+    *:MirBSD:*:*)
+	echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE"
+	exit ;;
+    *:Sortix:*:*)
+	echo "$UNAME_MACHINE"-unknown-sortix
+	exit ;;
+    *:Twizzler:*:*)
+	echo "$UNAME_MACHINE"-unknown-twizzler
+	exit ;;
+    *:Redox:*:*)
+	echo "$UNAME_MACHINE"-unknown-redox
+	exit ;;
+    mips:OSF1:*.*)
+	echo mips-dec-osf1
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE=alpha ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE=alpha ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE=alphaev5 ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE=alphaev56 ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE=alphapca56 ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE=alphapca57 ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE=alphaev6 ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE=alphaev67 ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE=alphaev68 ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE=alphaev69 ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE=alphaev7 ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE=alphaev79 ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`"
+	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+	exitcode=$?
+	trap '' 0
+	exit $exitcode ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo "$UNAME_MACHINE"-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo "$UNAME_MACHINE"-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+	echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix"$UNAME_RELEASE"
+	exit ;;
+    arm*:riscos:*:*|arm*:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`"
+	exit ;;
+    i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+	echo i386-pc-auroraux"$UNAME_RELEASE"
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	set_cc_for_build
+	SUN_ARCH=i386
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH=x86_64
+	    fi
+	fi
+	echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`"
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos"$UNAME_RELEASE"
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos"$UNAME_RELEASE"
+		;;
+	    sun4)
+		echo sparc-sun-sunos"$UNAME_RELEASE"
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos"$UNAME_RELEASE"
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint"$UNAME_RELEASE"
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint"$UNAME_RELEASE"
+	exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+	echo m68k-atari-mint"$UNAME_RELEASE"
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+	echo m68k-milan-mint"$UNAME_RELEASE"
+	exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+	echo m68k-hades-mint"$UNAME_RELEASE"
+	exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+	echo m68k-unknown-mint"$UNAME_RELEASE"
+	exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten"$UNAME_RELEASE"
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten"$UNAME_RELEASE"
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix"$UNAME_RELEASE"
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix"$UNAME_RELEASE"
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix"$UNAME_RELEASE"
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	set_cc_for_build
+	sed 's/^	//' << EOF > "$dummy.c"
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o "$dummy" "$dummy.c" &&
+	  dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`"$dummy" "$dummyarg"` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos"$UNAME_RELEASE"
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+	# DG/UX returns AViiON for all architectures
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ]
+	then
+	    if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \
+	       [ "$TARGET_BINARY_INTERFACE"x = x ]
+	    then
+		echo m88k-dg-dgux"$UNAME_RELEASE"
+	    else
+		echo m88k-dg-dguxbcs"$UNAME_RELEASE"
+	    fi
+	else
+	    echo i586-dg-dgux"$UNAME_RELEASE"
+	fi
+	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`"
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+	fi
+	echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV"
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		set_cc_for_build
+		sed 's/^		//' << EOF > "$dummy.c"
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[4567])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/lslpp ] ; then
+		IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
+			   awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
+	else
+		IBM_REV="$UNAME_VERSION.$UNAME_RELEASE"
+	fi
+	echo "$IBM_ARCH"-ibm-aix"$IBM_REV"
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd"$UNAME_RELEASE"   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
+	case "$UNAME_MACHINE" in
+	    9000/31?)            HP_ARCH=m68000 ;;
+	    9000/[34]??)         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+		    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+		    case "$sc_cpu_version" in
+		      523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0
+		      528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1
+		      532)                      # CPU_PA_RISC2_0
+			case "$sc_kernel_bits" in
+			  32) HP_ARCH=hppa2.0n ;;
+			  64) HP_ARCH=hppa2.0w ;;
+			  '') HP_ARCH=hppa2.0 ;;   # HP-UX 10.20
+			esac ;;
+		    esac
+		fi
+		if [ "$HP_ARCH" = "" ]; then
+		    set_cc_for_build
+		    sed 's/^		//' << EOF > "$dummy.c"
+
+		#define _HPUX_SOURCE
+		#include <stdlib.h>
+		#include <unistd.h>
+
+		int main ()
+		{
+		#if defined(_SC_KERNEL_BITS)
+		    long bits = sysconf(_SC_KERNEL_BITS);
+		#endif
+		    long cpu  = sysconf (_SC_CPU_VERSION);
+
+		    switch (cpu)
+			{
+			case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+			case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+			case CPU_PA_RISC2_0:
+		#if defined(_SC_KERNEL_BITS)
+			    switch (bits)
+				{
+				case 64: puts ("hppa2.0w"); break;
+				case 32: puts ("hppa2.0n"); break;
+				default: puts ("hppa2.0"); break;
+				} break;
+		#else  /* !defined(_SC_KERNEL_BITS) */
+			    puts ("hppa2.0"); break;
+		#endif
+			default: puts ("hppa1.0"); break;
+			}
+		    exit (0);
+		}
+EOF
+		    (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ "$HP_ARCH" = hppa2.0w ]
+	then
+	    set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH=hppa2.0w
+	    else
+		HP_ARCH=hppa64
+	    fi
+	fi
+	echo "$HP_ARCH"-hp-hpux"$HPUX_REV"
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux"$HPUX_REV"
+	exit ;;
+    3050*:HI-UX:*:*)
+	set_cc_for_build
+	sed 's/^	//' << EOF > "$dummy.c"
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*)
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*)
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo "$UNAME_MACHINE"-unknown-osf1mk
+	else
+	    echo "$UNAME_MACHINE"-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+	exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+	exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+	exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+	exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'`
+	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    5000:UNIX_System_V:4.*:*)
+	FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'`
+	FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'`
+	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE"
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi"$UNAME_RELEASE"
+	exit ;;
+    *:BSD/OS:*:*)
+	echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE"
+	exit ;;
+    arm:FreeBSD:*:*)
+	UNAME_PROCESSOR=`uname -p`
+	set_cc_for_build
+	if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_PCS_VFP
+	then
+	    echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi
+	else
+	    echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf
+	fi
+	exit ;;
+    *:FreeBSD:*:*)
+	UNAME_PROCESSOR=`/usr/bin/uname -p`
+	case "$UNAME_PROCESSOR" in
+	    amd64)
+		UNAME_PROCESSOR=x86_64 ;;
+	    i386)
+		UNAME_PROCESSOR=i586 ;;
+	esac
+	echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
+	exit ;;
+    i*:CYGWIN*:*)
+	echo "$UNAME_MACHINE"-pc-cygwin
+	exit ;;
+    *:MINGW64*:*)
+	echo "$UNAME_MACHINE"-pc-mingw64
+	exit ;;
+    *:MINGW*:*)
+	echo "$UNAME_MACHINE"-pc-mingw32
+	exit ;;
+    *:MSYS*:*)
+	echo "$UNAME_MACHINE"-pc-msys
+	exit ;;
+    i*:PW*:*)
+	echo "$UNAME_MACHINE"-pc-pw32
+	exit ;;
+    *:Interix*:*)
+	case "$UNAME_MACHINE" in
+	    x86)
+		echo i586-pc-interix"$UNAME_RELEASE"
+		exit ;;
+	    authenticamd | genuineintel | EM64T)
+		echo x86_64-unknown-interix"$UNAME_RELEASE"
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix"$UNAME_RELEASE"
+		exit ;;
+	esac ;;
+    i*:UWIN*:*)
+	echo "$UNAME_MACHINE"-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-pc-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`"
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`"
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC"
+	exit ;;
+    *:Minix:*:*)
+	echo "$UNAME_MACHINE"-unknown-minix
+	exit ;;
+    aarch64:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    aarch64_be:Linux:*:*)
+	UNAME_MACHINE=aarch64_be
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+	esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC=gnulibc1 ; fi
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    arc:Linux:*:* | arceb:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    arm*:Linux:*:*)
+	set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	else
+	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+		| grep -q __ARM_PCS_VFP
+	    then
+		echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi
+	    else
+		echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf
+	    fi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    cris:Linux:*:*)
+	echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
+	exit ;;
+    crisv32:Linux:*:*)
+	echo "$UNAME_MACHINE"-axis-linux-"$LIBC"
+	exit ;;
+    e2k:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    frv:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    hexagon:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    i*86:Linux:*:*)
+	echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
+	exit ;;
+    ia64:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    k1om:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    m32r*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    m68*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	set_cc_for_build
+	IS_GLIBC=0
+	test x"${LIBC}" = xgnu && IS_GLIBC=1
+	sed 's/^	//' << EOF > "$dummy.c"
+	#undef CPU
+	#undef mips
+	#undef mipsel
+	#undef mips64
+	#undef mips64el
+	#if ${IS_GLIBC} && defined(_ABI64)
+	LIBCABI=gnuabi64
+	#else
+	#if ${IS_GLIBC} && defined(_ABIN32)
+	LIBCABI=gnuabin32
+	#else
+	LIBCABI=${LIBC}
+	#endif
+	#endif
+
+	#if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa64r6
+	#else
+	#if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6
+	CPU=mipsisa32r6
+	#else
+	#if defined(__mips64)
+	CPU=mips64
+	#else
+	CPU=mips
+	#endif
+	#endif
+	#endif
+
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	MIPS_ENDIAN=el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	MIPS_ENDIAN=
+	#else
+	MIPS_ENDIAN=
+	#endif
+	#endif
+EOF
+	eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`"
+	test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; }
+	;;
+    mips64el:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    openrisc*:Linux:*:*)
+	echo or1k-unknown-linux-"$LIBC"
+	exit ;;
+    or32:Linux:*:* | or1k*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-"$LIBC"
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-"$LIBC"
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;;
+	  PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;;
+	  *)    echo hppa-unknown-linux-"$LIBC" ;;
+	esac
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-"$LIBC"
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-"$LIBC"
+	exit ;;
+    ppc64le:Linux:*:*)
+	echo powerpc64le-unknown-linux-"$LIBC"
+	exit ;;
+    ppcle:Linux:*:*)
+	echo powerpcle-unknown-linux-"$LIBC"
+	exit ;;
+    riscv32:Linux:*:* | riscv64:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo "$UNAME_MACHINE"-ibm-linux-"$LIBC"
+	exit ;;
+    sh64*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    sh*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    tile*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    vax:Linux:*:*)
+	echo "$UNAME_MACHINE"-dec-linux-"$LIBC"
+	exit ;;
+    x86_64:Linux:*:*)
+	echo "$UNAME_MACHINE"-pc-linux-"$LIBC"
+	exit ;;
+    xtensa*:Linux:*:*)
+	echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"
+	exit ;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+	# Unixware is an offshoot of SVR4, but it has its own version
+	# number series starting with 2...
+	# I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+	# Use sysv4.2uw... so that sysv4* matches it.
+	echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION"
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo "$UNAME_MACHINE"-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo "$UNAME_MACHINE"-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo "$UNAME_MACHINE"-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo "$UNAME_MACHINE"-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos"$UNAME_RELEASE"
+	exit ;;
+    i*86:*DOS:*:*)
+	echo "$UNAME_MACHINE"-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:*)
+	UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL"
+	else
+		echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL"
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}"
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL"
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL"
+	else
+		echo "$UNAME_MACHINE"-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+	# uname -m prints for DJGPP always 'pc', but it prints nothing about
+	# the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configure will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+	exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv"$UNAME_RELEASE"  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3"$OS_REL"; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos"$UNAME_RELEASE"
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos"$UNAME_RELEASE"
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos"$UNAME_RELEASE"
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos"$UNAME_RELEASE"
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv"$UNAME_RELEASE"
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo "$UNAME_MACHINE"-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*)	# Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+			# says <Richard.M.Bartel@ccMail.Census.GOV>
+	echo i586-unisys-sysv4
+	exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo "$UNAME_MACHINE"-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux"$UNAME_RELEASE"
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+		echo mips-nec-sysv"$UNAME_RELEASE"
+	else
+		echo mips-unknown-sysv"$UNAME_RELEASE"
+	fi
+	exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    x86_64:Haiku:*:*)
+	echo x86_64-unknown-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    SX-ACE:SUPER-UX:*:*)
+	echo sxace-nec-superux"$UNAME_RELEASE"
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody"$UNAME_RELEASE"
+	exit ;;
+    *:Rhapsody:*:*)
+	echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE"
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p`
+	case $UNAME_PROCESSOR in
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	if command -v xcode-select > /dev/null 2> /dev/null && \
+		! xcode-select --print-path > /dev/null 2> /dev/null ; then
+	    # Avoid executing cc if there is no toolchain installed as
+	    # cc will be a stub that puts up a graphical alert
+	    # prompting the user to install developer tools.
+	    CC_FOR_BUILD=no_compiler_found
+	else
+	    set_cc_for_build
+	fi
+	if [ "$CC_FOR_BUILD" != no_compiler_found ]; then
+	    if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_64BIT_ARCH >/dev/null
+	    then
+		case $UNAME_PROCESSOR in
+		    i386) UNAME_PROCESSOR=x86_64 ;;
+		    powerpc) UNAME_PROCESSOR=powerpc64 ;;
+		esac
+	    fi
+	    # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc
+	    if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \
+		   (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
+		   grep IS_PPC >/dev/null
+	    then
+		UNAME_PROCESSOR=powerpc
+	    fi
+	elif test "$UNAME_PROCESSOR" = i386 ; then
+	    # uname -m returns i386 or x86_64
+	    UNAME_PROCESSOR=$UNAME_MACHINE
+	fi
+	echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE"
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = x86; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE"
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NEO-*:NONSTOP_KERNEL:*:*)
+	echo neo-tandem-nsk"$UNAME_RELEASE"
+	exit ;;
+    NSE-*:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk"$UNAME_RELEASE"
+	exit ;;
+    NSR-*:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk"$UNAME_RELEASE"
+	exit ;;
+    NSV-*:NONSTOP_KERNEL:*:*)
+	echo nsv-tandem-nsk"$UNAME_RELEASE"
+	exit ;;
+    NSX-*:NONSTOP_KERNEL:*:*)
+	echo nsx-tandem-nsk"$UNAME_RELEASE"
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE"
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	# shellcheck disable=SC2154
+	if test "$cputype" = 386; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo "$UNAME_MACHINE"-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+	echo mips-sei-seiux"$UNAME_RELEASE"
+	exit ;;
+    *:DragonFly:*:*)
+	echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`"
+	exit ;;
+    *:*VMS:*:*)
+	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "$UNAME_MACHINE" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`"
+	exit ;;
+    i*86:rdos:*:*)
+	echo "$UNAME_MACHINE"-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo "$UNAME_MACHINE"-pc-aros
+	exit ;;
+    x86_64:VMkernel:*:*)
+	echo "$UNAME_MACHINE"-unknown-esx
+	exit ;;
+    amd64:Isilon\ OneFS:*:*)
+	echo x86_64-unknown-onefs
+	exit ;;
+    *:Unleashed:*:*)
+	echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE"
+	exit ;;
+esac
+
+# No uname command or uname output not recognized.
+set_cc_for_build
+cat > "$dummy.c" <<EOF
+#ifdef _SEQUENT_
+#include <sys/types.h>
+#include <sys/utsname.h>
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#include <signal.h>
+#if defined(_SIZE_T_) || defined(SIGLOST)
+#include <sys/utsname.h>
+#endif
+#endif
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+  "4"
+#else
+  ""
+#endif
+  ); exit (0);
+#endif
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+  struct utsname un;
+
+  uname(&un);
+  if (strncmp(un.version, "V2", 2) == 0) {
+    printf ("i386-sequent-ptx2\n"); exit (0);
+  }
+  if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+    printf ("i386-sequent-ptx1\n"); exit (0);
+  }
+  printf ("i386-sequent-ptx\n"); exit (0);
+#endif
+
+#if defined (vax)
+#if !defined (ultrix)
+#include <sys/param.h>
+#if defined (BSD)
+#if BSD == 43
+  printf ("vax-dec-bsd4.3\n"); exit (0);
+#else
+#if BSD == 199006
+  printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#endif
+#else
+  printf ("vax-dec-bsd\n"); exit (0);
+#endif
+#else
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname un;
+  uname (&un);
+  printf ("vax-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("vax-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__)
+#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__)
+#if defined(_SIZE_T_) || defined(SIGLOST)
+  struct utsname *un;
+  uname (&un);
+  printf ("mips-dec-ultrix%s\n", un.release); exit (0);
+#else
+  printf ("mips-dec-ultrix\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; }
+
+echo "$0: unable to guess system type" >&2
+
+case "$UNAME_MACHINE:$UNAME_SYSTEM" in
+    mips:Linux | mips64:Linux)
+	# If we got here on MIPS GNU/Linux, output extra information.
+	cat >&2 <<EOF
+
+NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize
+the system type. Please install a C compiler and try again.
+EOF
+	;;
+esac
+
+cat >&2 <<EOF
+
+This script (version $timestamp), has failed to recognize the
+operating system you are using. If your script is old, overwrite *all*
+copies of config.guess and config.sub with the latest versions from:
+
+  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess
+and
+  https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+
+If $0 has already been updated, send the following data and any
+information you think might be pertinent to config-patches@gnu.org to
+provide the necessary information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = "$UNAME_MACHINE"
+UNAME_RELEASE = "$UNAME_RELEASE"
+UNAME_SYSTEM  = "$UNAME_SYSTEM"
+UNAME_VERSION = "$UNAME_VERSION"
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/contrib/ldapc++/config.sub b/contrib/ldapc++/config.sub
new file mode 100755
index 0000000..f02d43a
--- /dev/null
+++ b/contrib/ldapc++/config.sub
@@ -0,0 +1,1793 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright 1992-2020 Free Software Foundation, Inc.
+
+timestamp='2020-01-01'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, see <https://www.gnu.org/licenses/>.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that
+# program.  This Exception is an additional permission under section 7
+# of the GNU General Public License, version 3 ("GPLv3").
+
+
+# Please send patches to <config-patches@gnu.org>.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
+
+Canonicalize a configuration name.
+
+Options:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright 1992-2020 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo "$1"
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Split fields of configuration type
+# shellcheck disable=SC2162
+IFS="-" read field1 field2 field3 field4 <<EOF
+$1
+EOF
+
+# Separate into logical components for further validation
+case $1 in
+	*-*-*-*-*)
+		echo Invalid configuration \`"$1"\': more than four components >&2
+		exit 1
+		;;
+	*-*-*-*)
+		basic_machine=$field1-$field2
+		os=$field3-$field4
+		;;
+	*-*-*)
+		# Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two
+		# parts
+		maybe_os=$field2-$field3
+		case $maybe_os in
+			nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \
+			| linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \
+			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
+			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
+			| storm-chaos* | os2-emx* | rtmk-nova*)
+				basic_machine=$field1
+				os=$maybe_os
+				;;
+			android-linux)
+				basic_machine=$field1-unknown
+				os=linux-android
+				;;
+			*)
+				basic_machine=$field1-$field2
+				os=$field3
+				;;
+		esac
+		;;
+	*-*)
+		# A lone config we happen to match not fitting any pattern
+		case $field1-$field2 in
+			decstation-3100)
+				basic_machine=mips-dec
+				os=
+				;;
+			*-*)
+				# Second component is usually, but not always the OS
+				case $field2 in
+					# Prevent following clause from handling this valid os
+					sun*os*)
+						basic_machine=$field1
+						os=$field2
+						;;
+					# Manufacturers
+					dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \
+					| att* | 7300* | 3300* | delta* | motorola* | sun[234]* \
+					| unicom* | ibm* | next | hp | isi* | apollo | altos* \
+					| convergent* | ncr* | news | 32* | 3600* | 3100* \
+					| hitachi* | c[123]* | convex* | sun | crds | omron* | dg \
+					| ultra | tti* | harris | dolphin | highlevel | gould \
+					| cbm | ns | masscomp | apple | axis | knuth | cray \
+					| microblaze* | sim | cisco \
+					| oki | wec | wrs | winbond)
+						basic_machine=$field1-$field2
+						os=
+						;;
+					*)
+						basic_machine=$field1
+						os=$field2
+						;;
+				esac
+			;;
+		esac
+		;;
+	*)
+		# Convert single-component short-hands not valid as part of
+		# multi-component configurations.
+		case $field1 in
+			386bsd)
+				basic_machine=i386-pc
+				os=bsd
+				;;
+			a29khif)
+				basic_machine=a29k-amd
+				os=udi
+				;;
+			adobe68k)
+				basic_machine=m68010-adobe
+				os=scout
+				;;
+			alliant)
+				basic_machine=fx80-alliant
+				os=
+				;;
+			altos | altos3068)
+				basic_machine=m68k-altos
+				os=
+				;;
+			am29k)
+				basic_machine=a29k-none
+				os=bsd
+				;;
+			amdahl)
+				basic_machine=580-amdahl
+				os=sysv
+				;;
+			amiga)
+				basic_machine=m68k-unknown
+				os=
+				;;
+			amigaos | amigados)
+				basic_machine=m68k-unknown
+				os=amigaos
+				;;
+			amigaunix | amix)
+				basic_machine=m68k-unknown
+				os=sysv4
+				;;
+			apollo68)
+				basic_machine=m68k-apollo
+				os=sysv
+				;;
+			apollo68bsd)
+				basic_machine=m68k-apollo
+				os=bsd
+				;;
+			aros)
+				basic_machine=i386-pc
+				os=aros
+				;;
+			aux)
+				basic_machine=m68k-apple
+				os=aux
+				;;
+			balance)
+				basic_machine=ns32k-sequent
+				os=dynix
+				;;
+			blackfin)
+				basic_machine=bfin-unknown
+				os=linux
+				;;
+			cegcc)
+				basic_machine=arm-unknown
+				os=cegcc
+				;;
+			convex-c1)
+				basic_machine=c1-convex
+				os=bsd
+				;;
+			convex-c2)
+				basic_machine=c2-convex
+				os=bsd
+				;;
+			convex-c32)
+				basic_machine=c32-convex
+				os=bsd
+				;;
+			convex-c34)
+				basic_machine=c34-convex
+				os=bsd
+				;;
+			convex-c38)
+				basic_machine=c38-convex
+				os=bsd
+				;;
+			cray)
+				basic_machine=j90-cray
+				os=unicos
+				;;
+			crds | unos)
+				basic_machine=m68k-crds
+				os=
+				;;
+			da30)
+				basic_machine=m68k-da30
+				os=
+				;;
+			decstation | pmax | pmin | dec3100 | decstatn)
+				basic_machine=mips-dec
+				os=
+				;;
+			delta88)
+				basic_machine=m88k-motorola
+				os=sysv3
+				;;
+			dicos)
+				basic_machine=i686-pc
+				os=dicos
+				;;
+			djgpp)
+				basic_machine=i586-pc
+				os=msdosdjgpp
+				;;
+			ebmon29k)
+				basic_machine=a29k-amd
+				os=ebmon
+				;;
+			es1800 | OSE68k | ose68k | ose | OSE)
+				basic_machine=m68k-ericsson
+				os=ose
+				;;
+			gmicro)
+				basic_machine=tron-gmicro
+				os=sysv
+				;;
+			go32)
+				basic_machine=i386-pc
+				os=go32
+				;;
+			h8300hms)
+				basic_machine=h8300-hitachi
+				os=hms
+				;;
+			h8300xray)
+				basic_machine=h8300-hitachi
+				os=xray
+				;;
+			h8500hms)
+				basic_machine=h8500-hitachi
+				os=hms
+				;;
+			harris)
+				basic_machine=m88k-harris
+				os=sysv3
+				;;
+			hp300 | hp300hpux)
+				basic_machine=m68k-hp
+				os=hpux
+				;;
+			hp300bsd)
+				basic_machine=m68k-hp
+				os=bsd
+				;;
+			hppaosf)
+				basic_machine=hppa1.1-hp
+				os=osf
+				;;
+			hppro)
+				basic_machine=hppa1.1-hp
+				os=proelf
+				;;
+			i386mach)
+				basic_machine=i386-mach
+				os=mach
+				;;
+			isi68 | isi)
+				basic_machine=m68k-isi
+				os=sysv
+				;;
+			m68knommu)
+				basic_machine=m68k-unknown
+				os=linux
+				;;
+			magnum | m3230)
+				basic_machine=mips-mips
+				os=sysv
+				;;
+			merlin)
+				basic_machine=ns32k-utek
+				os=sysv
+				;;
+			mingw64)
+				basic_machine=x86_64-pc
+				os=mingw64
+				;;
+			mingw32)
+				basic_machine=i686-pc
+				os=mingw32
+				;;
+			mingw32ce)
+				basic_machine=arm-unknown
+				os=mingw32ce
+				;;
+			monitor)
+				basic_machine=m68k-rom68k
+				os=coff
+				;;
+			morphos)
+				basic_machine=powerpc-unknown
+				os=morphos
+				;;
+			moxiebox)
+				basic_machine=moxie-unknown
+				os=moxiebox
+				;;
+			msdos)
+				basic_machine=i386-pc
+				os=msdos
+				;;
+			msys)
+				basic_machine=i686-pc
+				os=msys
+				;;
+			mvs)
+				basic_machine=i370-ibm
+				os=mvs
+				;;
+			nacl)
+				basic_machine=le32-unknown
+				os=nacl
+				;;
+			ncr3000)
+				basic_machine=i486-ncr
+				os=sysv4
+				;;
+			netbsd386)
+				basic_machine=i386-pc
+				os=netbsd
+				;;
+			netwinder)
+				basic_machine=armv4l-rebel
+				os=linux
+				;;
+			news | news700 | news800 | news900)
+				basic_machine=m68k-sony
+				os=newsos
+				;;
+			news1000)
+				basic_machine=m68030-sony
+				os=newsos
+				;;
+			necv70)
+				basic_machine=v70-nec
+				os=sysv
+				;;
+			nh3000)
+				basic_machine=m68k-harris
+				os=cxux
+				;;
+			nh[45]000)
+				basic_machine=m88k-harris
+				os=cxux
+				;;
+			nindy960)
+				basic_machine=i960-intel
+				os=nindy
+				;;
+			mon960)
+				basic_machine=i960-intel
+				os=mon960
+				;;
+			nonstopux)
+				basic_machine=mips-compaq
+				os=nonstopux
+				;;
+			os400)
+				basic_machine=powerpc-ibm
+				os=os400
+				;;
+			OSE68000 | ose68000)
+				basic_machine=m68000-ericsson
+				os=ose
+				;;
+			os68k)
+				basic_machine=m68k-none
+				os=os68k
+				;;
+			paragon)
+				basic_machine=i860-intel
+				os=osf
+				;;
+			parisc)
+				basic_machine=hppa-unknown
+				os=linux
+				;;
+			pw32)
+				basic_machine=i586-unknown
+				os=pw32
+				;;
+			rdos | rdos64)
+				basic_machine=x86_64-pc
+				os=rdos
+				;;
+			rdos32)
+				basic_machine=i386-pc
+				os=rdos
+				;;
+			rom68k)
+				basic_machine=m68k-rom68k
+				os=coff
+				;;
+			sa29200)
+				basic_machine=a29k-amd
+				os=udi
+				;;
+			sei)
+				basic_machine=mips-sei
+				os=seiux
+				;;
+			sequent)
+				basic_machine=i386-sequent
+				os=
+				;;
+			sps7)
+				basic_machine=m68k-bull
+				os=sysv2
+				;;
+			st2000)
+				basic_machine=m68k-tandem
+				os=
+				;;
+			stratus)
+				basic_machine=i860-stratus
+				os=sysv4
+				;;
+			sun2)
+				basic_machine=m68000-sun
+				os=
+				;;
+			sun2os3)
+				basic_machine=m68000-sun
+				os=sunos3
+				;;
+			sun2os4)
+				basic_machine=m68000-sun
+				os=sunos4
+				;;
+			sun3)
+				basic_machine=m68k-sun
+				os=
+				;;
+			sun3os3)
+				basic_machine=m68k-sun
+				os=sunos3
+				;;
+			sun3os4)
+				basic_machine=m68k-sun
+				os=sunos4
+				;;
+			sun4)
+				basic_machine=sparc-sun
+				os=
+				;;
+			sun4os3)
+				basic_machine=sparc-sun
+				os=sunos3
+				;;
+			sun4os4)
+				basic_machine=sparc-sun
+				os=sunos4
+				;;
+			sun4sol2)
+				basic_machine=sparc-sun
+				os=solaris2
+				;;
+			sun386 | sun386i | roadrunner)
+				basic_machine=i386-sun
+				os=
+				;;
+			sv1)
+				basic_machine=sv1-cray
+				os=unicos
+				;;
+			symmetry)
+				basic_machine=i386-sequent
+				os=dynix
+				;;
+			t3e)
+				basic_machine=alphaev5-cray
+				os=unicos
+				;;
+			t90)
+				basic_machine=t90-cray
+				os=unicos
+				;;
+			toad1)
+				basic_machine=pdp10-xkl
+				os=tops20
+				;;
+			tpf)
+				basic_machine=s390x-ibm
+				os=tpf
+				;;
+			udi29k)
+				basic_machine=a29k-amd
+				os=udi
+				;;
+			ultra3)
+				basic_machine=a29k-nyu
+				os=sym1
+				;;
+			v810 | necv810)
+				basic_machine=v810-nec
+				os=none
+				;;
+			vaxv)
+				basic_machine=vax-dec
+				os=sysv
+				;;
+			vms)
+				basic_machine=vax-dec
+				os=vms
+				;;
+			vsta)
+				basic_machine=i386-pc
+				os=vsta
+				;;
+			vxworks960)
+				basic_machine=i960-wrs
+				os=vxworks
+				;;
+			vxworks68)
+				basic_machine=m68k-wrs
+				os=vxworks
+				;;
+			vxworks29k)
+				basic_machine=a29k-wrs
+				os=vxworks
+				;;
+			xbox)
+				basic_machine=i686-pc
+				os=mingw32
+				;;
+			ymp)
+				basic_machine=ymp-cray
+				os=unicos
+				;;
+			*)
+				basic_machine=$1
+				os=
+				;;
+		esac
+		;;
+esac
+
+# Decode 1-component or ad-hoc basic machines
+case $basic_machine in
+	# Here we handle the default manufacturer of certain CPU types.  It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		cpu=hppa1.1
+		vendor=winbond
+		;;
+	op50n)
+		cpu=hppa1.1
+		vendor=oki
+		;;
+	op60c)
+		cpu=hppa1.1
+		vendor=oki
+		;;
+	ibm*)
+		cpu=i370
+		vendor=ibm
+		;;
+	orion105)
+		cpu=clipper
+		vendor=highlevel
+		;;
+	mac | mpw | mac-mpw)
+		cpu=m68k
+		vendor=apple
+		;;
+	pmac | pmac-mpw)
+		cpu=powerpc
+		vendor=apple
+		;;
+
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		cpu=m68000
+		vendor=att
+		;;
+	3b*)
+		cpu=we32k
+		vendor=att
+		;;
+	bluegene*)
+		cpu=powerpc
+		vendor=ibm
+		os=cnk
+		;;
+	decsystem10* | dec10*)
+		cpu=pdp10
+		vendor=dec
+		os=tops10
+		;;
+	decsystem20* | dec20*)
+		cpu=pdp10
+		vendor=dec
+		os=tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		cpu=m68k
+		vendor=motorola
+		;;
+	dpx2*)
+		cpu=m68k
+		vendor=bull
+		os=sysv3
+		;;
+	encore | umax | mmax)
+		cpu=ns32k
+		vendor=encore
+		;;
+	elxsi)
+		cpu=elxsi
+		vendor=elxsi
+		os=${os:-bsd}
+		;;
+	fx2800)
+		cpu=i860
+		vendor=alliant
+		;;
+	genix)
+		cpu=ns32k
+		vendor=ns
+		;;
+	h3050r* | hiux*)
+		cpu=hppa1.1
+		vendor=hitachi
+		os=hiuxwe2
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		cpu=m68000
+		vendor=hp
+		;;
+	hp9k3[2-9][0-9])
+		cpu=m68k
+		vendor=hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		cpu=hppa1.1
+		vendor=hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		cpu=hppa1.0
+		vendor=hp
+		;;
+	i*86v32)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		os=sysv32
+		;;
+	i*86v4*)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		os=sysv4
+		;;
+	i*86v)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		os=sysv
+		;;
+	i*86sol2)
+		cpu=`echo "$1" | sed -e 's/86.*/86/'`
+		vendor=pc
+		os=solaris2
+		;;
+	j90 | j90-cray)
+		cpu=j90
+		vendor=cray
+		os=${os:-unicos}
+		;;
+	iris | iris4d)
+		cpu=mips
+		vendor=sgi
+		case $os in
+		    irix*)
+			;;
+		    *)
+			os=irix4
+			;;
+		esac
+		;;
+	miniframe)
+		cpu=m68000
+		vendor=convergent
+		;;
+	*mint | mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		cpu=m68k
+		vendor=atari
+		os=mint
+		;;
+	news-3600 | risc-news)
+		cpu=mips
+		vendor=sony
+		os=newsos
+		;;
+	next | m*-next)
+		cpu=m68k
+		vendor=next
+		case $os in
+		    openstep*)
+		        ;;
+		    nextstep*)
+			;;
+		    ns2*)
+		      os=nextstep2
+			;;
+		    *)
+		      os=nextstep3
+			;;
+		esac
+		;;
+	np1)
+		cpu=np1
+		vendor=gould
+		;;
+	op50n-* | op60c-*)
+		cpu=hppa1.1
+		vendor=oki
+		os=proelf
+		;;
+	pa-hitachi)
+		cpu=hppa1.1
+		vendor=hitachi
+		os=hiuxwe2
+		;;
+	pbd)
+		cpu=sparc
+		vendor=tti
+		;;
+	pbb)
+		cpu=m68k
+		vendor=tti
+		;;
+	pc532)
+		cpu=ns32k
+		vendor=pc532
+		;;
+	pn)
+		cpu=pn
+		vendor=gould
+		;;
+	power)
+		cpu=power
+		vendor=ibm
+		;;
+	ps2)
+		cpu=i386
+		vendor=ibm
+		;;
+	rm[46]00)
+		cpu=mips
+		vendor=siemens
+		;;
+	rtpc | rtpc-*)
+		cpu=romp
+		vendor=ibm
+		;;
+	sde)
+		cpu=mipsisa32
+		vendor=sde
+		os=${os:-elf}
+		;;
+	simso-wrs)
+		cpu=sparclite
+		vendor=wrs
+		os=vxworks
+		;;
+	tower | tower-32)
+		cpu=m68k
+		vendor=ncr
+		;;
+	vpp*|vx|vx-*)
+		cpu=f301
+		vendor=fujitsu
+		;;
+	w65)
+		cpu=w65
+		vendor=wdc
+		;;
+	w89k-*)
+		cpu=hppa1.1
+		vendor=winbond
+		os=proelf
+		;;
+	none)
+		cpu=none
+		vendor=none
+		;;
+	leon|leon[3-9])
+		cpu=sparc
+		vendor=$basic_machine
+		;;
+	leon-*|leon[3-9]-*)
+		cpu=sparc
+		vendor=`echo "$basic_machine" | sed 's/-.*//'`
+		;;
+
+	*-*)
+		# shellcheck disable=SC2162
+		IFS="-" read cpu vendor <<EOF
+$basic_machine
+EOF
+		;;
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+		cpu=$basic_machine
+		vendor=pc
+		;;
+	# These rules are duplicated from below for sake of the special case above;
+	# i.e. things that normalized to x86 arches should also default to "pc"
+	pc98)
+		cpu=i386
+		vendor=pc
+		;;
+	x64 | amd64)
+		cpu=x86_64
+		vendor=pc
+		;;
+	# Recognize the basic CPU types without company name.
+	*)
+		cpu=$basic_machine
+		vendor=unknown
+		;;
+esac
+
+unset -v basic_machine
+
+# Decode basic machines in the full and proper CPU-Company form.
+case $cpu-$vendor in
+	# Here we handle the default manufacturer of certain CPU types in canonical form. It is in
+	# some cases the only manufacturer, in others, it is the most popular.
+	craynv-unknown)
+		vendor=cray
+		os=${os:-unicosmp}
+		;;
+	c90-unknown | c90-cray)
+		vendor=cray
+		os=${os:-unicos}
+		;;
+	fx80-unknown)
+		vendor=alliant
+		;;
+	romp-unknown)
+		vendor=ibm
+		;;
+	mmix-unknown)
+		vendor=knuth
+		;;
+	microblaze-unknown | microblazeel-unknown)
+		vendor=xilinx
+		;;
+	rs6000-unknown)
+		vendor=ibm
+		;;
+	vax-unknown)
+		vendor=dec
+		;;
+	pdp11-unknown)
+		vendor=dec
+		;;
+	we32k-unknown)
+		vendor=att
+		;;
+	cydra-unknown)
+		vendor=cydrome
+		;;
+	i370-ibm*)
+		vendor=ibm
+		;;
+	orion-unknown)
+		vendor=highlevel
+		;;
+	xps-unknown | xps100-unknown)
+		cpu=xps100
+		vendor=honeywell
+		;;
+
+	# Here we normalize CPU types with a missing or matching vendor
+	dpx20-unknown | dpx20-bull)
+		cpu=rs6000
+		vendor=bull
+		os=${os:-bosx}
+		;;
+
+	# Here we normalize CPU types irrespective of the vendor
+	amd64-*)
+		cpu=x86_64
+		;;
+	blackfin-*)
+		cpu=bfin
+		os=linux
+		;;
+	c54x-*)
+		cpu=tic54x
+		;;
+	c55x-*)
+		cpu=tic55x
+		;;
+	c6x-*)
+		cpu=tic6x
+		;;
+	e500v[12]-*)
+		cpu=powerpc
+		os=$os"spe"
+		;;
+	mips3*-*)
+		cpu=mips64
+		;;
+	ms1-*)
+		cpu=mt
+		;;
+	m68knommu-*)
+		cpu=m68k
+		os=linux
+		;;
+	m9s12z-* | m68hcs12z-* | hcs12z-* | s12z-*)
+		cpu=s12z
+		;;
+	openrisc-*)
+		cpu=or32
+		;;
+	parisc-*)
+		cpu=hppa
+		os=linux
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		cpu=i586
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-* | athalon_*-*)
+		cpu=i686
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		cpu=i686
+		;;
+	pentium4-*)
+		cpu=i786
+		;;
+	pc98-*)
+		cpu=i386
+		;;
+	ppc-* | ppcbe-*)
+		cpu=powerpc
+		;;
+	ppcle-* | powerpclittle-*)
+		cpu=powerpcle
+		;;
+	ppc64-*)
+		cpu=powerpc64
+		;;
+	ppc64le-* | powerpc64little-*)
+		cpu=powerpc64le
+		;;
+	sb1-*)
+		cpu=mipsisa64sb1
+		;;
+	sb1el-*)
+		cpu=mipsisa64sb1el
+		;;
+	sh5e[lb]-*)
+		cpu=`echo "$cpu" | sed 's/^\(sh.\)e\(.\)$/\1\2e/'`
+		;;
+	spur-*)
+		cpu=spur
+		;;
+	strongarm-* | thumb-*)
+		cpu=arm
+		;;
+	tx39-*)
+		cpu=mipstx39
+		;;
+	tx39el-*)
+		cpu=mipstx39el
+		;;
+	x64-*)
+		cpu=x86_64
+		;;
+	xscale-* | xscalee[bl]-*)
+		cpu=`echo "$cpu" | sed 's/^xscale/arm/'`
+		;;
+
+	# Recognize the canonical CPU Types that limit and/or modify the
+	# company names they are paired with.
+	cr16-*)
+		os=${os:-elf}
+		;;
+	crisv32-* | etraxfs*-*)
+		cpu=crisv32
+		vendor=axis
+		;;
+	cris-* | etrax*-*)
+		cpu=cris
+		vendor=axis
+		;;
+	crx-*)
+		os=${os:-elf}
+		;;
+	neo-tandem)
+		cpu=neo
+		vendor=tandem
+		;;
+	nse-tandem)
+		cpu=nse
+		vendor=tandem
+		;;
+	nsr-tandem)
+		cpu=nsr
+		vendor=tandem
+		;;
+	nsv-tandem)
+		cpu=nsv
+		vendor=tandem
+		;;
+	nsx-tandem)
+		cpu=nsx
+		vendor=tandem
+		;;
+	s390-*)
+		cpu=s390
+		vendor=ibm
+		;;
+	s390x-*)
+		cpu=s390x
+		vendor=ibm
+		;;
+	tile*-*)
+		os=${os:-linux-gnu}
+		;;
+
+	*)
+		# Recognize the canonical CPU types that are allowed with any
+		# company name.
+		case $cpu in
+			1750a | 580 \
+			| a29k \
+			| aarch64 | aarch64_be \
+			| abacus \
+			| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \
+			| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \
+			| alphapca5[67] | alpha64pca5[67] \
+			| am33_2.0 \
+			| amdgcn \
+			| arc | arceb \
+			| arm  | arm[lb]e | arme[lb] | armv* \
+			| avr | avr32 \
+			| asmjs \
+			| ba \
+			| be32 | be64 \
+			| bfin | bpf | bs2000 \
+			| c[123]* | c30 | [cjt]90 | c4x \
+			| c8051 | clipper | craynv | csky | cydra \
+			| d10v | d30v | dlx | dsp16xx \
+			| e2k | elxsi | epiphany \
+			| f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \
+			| h8300 | h8500 \
+			| hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+			| hexagon \
+			| i370 | i*86 | i860 | i960 | ia16 | ia64 \
+			| ip2k | iq2000 \
+			| k1om \
+			| le32 | le64 \
+			| lm32 \
+			| m32c | m32r | m32rle \
+			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
+			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
+			| m88110 | m88k | maxq | mb | mcore | mep | metag \
+			| microblaze | microblazeel \
+			| mips | mipsbe | mipseb | mipsel | mipsle \
+			| mips16 \
+			| mips64 | mips64eb | mips64el \
+			| mips64octeon | mips64octeonel \
+			| mips64orion | mips64orionel \
+			| mips64r5900 | mips64r5900el \
+			| mips64vr | mips64vrel \
+			| mips64vr4100 | mips64vr4100el \
+			| mips64vr4300 | mips64vr4300el \
+			| mips64vr5000 | mips64vr5000el \
+			| mips64vr5900 | mips64vr5900el \
+			| mipsisa32 | mipsisa32el \
+			| mipsisa32r2 | mipsisa32r2el \
+			| mipsisa32r6 | mipsisa32r6el \
+			| mipsisa64 | mipsisa64el \
+			| mipsisa64r2 | mipsisa64r2el \
+			| mipsisa64r6 | mipsisa64r6el \
+			| mipsisa64sb1 | mipsisa64sb1el \
+			| mipsisa64sr71k | mipsisa64sr71kel \
+			| mipsr5900 | mipsr5900el \
+			| mipstx39 | mipstx39el \
+			| mmix \
+			| mn10200 | mn10300 \
+			| moxie \
+			| mt \
+			| msp430 \
+			| nds32 | nds32le | nds32be \
+			| nfp \
+			| nios | nios2 | nios2eb | nios2el \
+			| none | np1 | ns16k | ns32k | nvptx \
+			| open8 \
+			| or1k* \
+			| or32 \
+			| orion \
+			| picochip \
+			| pdp10 | pdp11 | pj | pjl | pn | power \
+			| powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \
+			| pru \
+			| pyramid \
+			| riscv | riscv32 | riscv64 \
+			| rl78 | romp | rs6000 | rx \
+			| score \
+			| sh | shl \
+			| sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \
+			| sh[1234]e[lb] |  sh[12345][lb]e | sh[23]ele | sh64 | sh64le \
+			| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \
+			| sparclite \
+			| sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \
+			| spu \
+			| tahoe \
+			| tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \
+			| tron \
+			| ubicom32 \
+			| v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \
+			| vax \
+			| visium \
+			| w65 \
+			| wasm32 | wasm64 \
+			| we32k \
+			| x86 | x86_64 | xc16x | xgate | xps100 \
+			| xstormy16 | xtensa* \
+			| ymp \
+			| z8k | z80)
+				;;
+
+			*)
+				echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2
+				exit 1
+				;;
+		esac
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $vendor in
+	digital*)
+		vendor=dec
+		;;
+	commodore*)
+		vendor=cbm
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x$os != x ]
+then
+case $os in
+	# First match some system type aliases that might get confused
+	# with valid system types.
+	# solaris* is a basic system type, with this one exception.
+	auroraux)
+		os=auroraux
+		;;
+	bluegene*)
+		os=cnk
+		;;
+	solaris1 | solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	solaris)
+		os=solaris2
+		;;
+	unixware*)
+		os=sysv4.2uw
+		;;
+	gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# es1800 is here to avoid being matched by es* (a different OS)
+	es1800*)
+		os=ose
+		;;
+	# Some version numbers need modification
+	chorusos*)
+		os=chorusos
+		;;
+	isc)
+		os=isc2.2
+		;;
+	sco6)
+		os=sco5v6
+		;;
+	sco5)
+		os=sco3.2v5
+		;;
+	sco4)
+		os=sco3.2v4
+		;;
+	sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		;;
+	sco3.2v[4-9]* | sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		;;
+	scout)
+		# Don't match below
+		;;
+	sco*)
+		os=sco3.2v2
+		;;
+	psos*)
+		os=psos
+		;;
+	# Now accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST end in a * to match a version number.
+	# sysv* is not here because it comes later, after sysvr4.
+	gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \
+	     | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\
+	     | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \
+	     | sym* | kopensolaris* | plan9* \
+	     | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \
+	     | aos* | aros* | cloudabi* | sortix* | twizzler* \
+	     | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \
+	     | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \
+	     | knetbsd* | mirbsd* | netbsd* \
+	     | bitrig* | openbsd* | solidbsd* | libertybsd* | os108* \
+	     | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \
+	     | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \
+	     | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \
+	     | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \
+	     | chorusrdb* | cegcc* | glidix* \
+	     | cygwin* | msys* | pe* | moss* | proelf* | rtems* \
+	     | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \
+	     | linux-newlib* | linux-musl* | linux-uclibc* \
+	     | uxpv* | beos* | mpeix* | udk* | moxiebox* \
+	     | interix* | uwin* | mks* | rhapsody* | darwin* \
+	     | openstep* | oskit* | conix* | pw32* | nonstopux* \
+	     | storm-chaos* | tops10* | tenex* | tops20* | its* \
+	     | os2* | vos* | palmos* | uclinux* | nucleus* \
+	     | morphos* | superux* | rtmk* | windiss* \
+	     | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \
+	     | skyos* | haiku* | rdos* | toppers* | drops* | es* \
+	     | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
+	     | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
+	     | nsk* | powerunix)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	qnx*)
+		case $cpu in
+		    x86 | i*86)
+			;;
+		    *)
+			os=nto-$os
+			;;
+		esac
+		;;
+	hiux*)
+		os=hiuxwe2
+		;;
+	nto-qnx*)
+		;;
+	nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	sim | xray | os68k* | v88r* \
+	    | windows* | osx | abug | netware* | os9* \
+	    | macos* | mpw* | magic* | mmixware* | mon960* | lnews*)
+		;;
+	linux-dietlibc)
+		os=linux-dietlibc
+		;;
+	linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	lynx*178)
+		os=lynxos178
+		;;
+	lynx*5)
+		os=lynxos5
+		;;
+	lynx*)
+		os=lynxos
+		;;
+	mac*)
+		os=`echo "$os" | sed -e 's|mac|macos|'`
+		;;
+	opened*)
+		os=openedition
+		;;
+	os400*)
+		os=os400
+		;;
+	sunos5*)
+		os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
+		;;
+	sunos6*)
+		os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
+		;;
+	wince*)
+		os=wince
+		;;
+	utek*)
+		os=bsd
+		;;
+	dynix*)
+		os=bsd
+		;;
+	acis*)
+		os=aos
+		;;
+	atheos*)
+		os=atheos
+		;;
+	syllable*)
+		os=syllable
+		;;
+	386bsd)
+		os=bsd
+		;;
+	ctix* | uts*)
+		os=sysv
+		;;
+	nova*)
+		os=rtmk-nova
+		;;
+	ns2)
+		os=nextstep2
+		;;
+	# Preserve the version number of sinix5.
+	sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	sinix*)
+		os=sysv4
+		;;
+	tpf*)
+		os=tpf
+		;;
+	triton*)
+		os=sysv3
+		;;
+	oss*)
+		os=sysv3
+		;;
+	svr4*)
+		os=sysv4
+		;;
+	svr3)
+		os=sysv3
+		;;
+	sysvr4)
+		os=sysv4
+		;;
+	# This must come after sysvr4.
+	sysv*)
+		;;
+	ose*)
+		os=ose
+		;;
+	*mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+		os=mint
+		;;
+	zvmoe)
+		os=zvmoe
+		;;
+	dicos*)
+		os=dicos
+		;;
+	pikeos*)
+		# Until real need of OS specific support for
+		# particular features comes up, bare metal
+		# configurations are quite functional.
+		case $cpu in
+		    arm*)
+			os=eabi
+			;;
+		    *)
+			os=elf
+			;;
+		esac
+		;;
+	nacl*)
+		;;
+	ios)
+		;;
+	none)
+		;;
+	*-eabi)
+		;;
+	*)
+		echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $cpu-$vendor in
+	score-*)
+		os=elf
+		;;
+	spu-*)
+		os=elf
+		;;
+	*-acorn)
+		os=riscix1.2
+		;;
+	arm*-rebel)
+		os=linux
+		;;
+	arm*-semi)
+		os=aout
+		;;
+	c4x-* | tic4x-*)
+		os=coff
+		;;
+	c8051-*)
+		os=elf
+		;;
+	clipper-intergraph)
+		os=clix
+		;;
+	hexagon-*)
+		os=elf
+		;;
+	tic54x-*)
+		os=coff
+		;;
+	tic55x-*)
+		os=coff
+		;;
+	tic6x-*)
+		os=coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=tops20
+		;;
+	pdp11-*)
+		os=none
+		;;
+	*-dec | vax-*)
+		os=ultrix4.2
+		;;
+	m68*-apollo)
+		os=domain
+		;;
+	i386-sun)
+		os=sunos4.0.2
+		;;
+	m68000-sun)
+		os=sunos3
+		;;
+	m68*-cisco)
+		os=aout
+		;;
+	mep-*)
+		os=elf
+		;;
+	mips*-cisco)
+		os=elf
+		;;
+	mips*-*)
+		os=elf
+		;;
+	or32-*)
+		os=coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=sysv3
+		;;
+	sparc-* | *-sun)
+		os=sunos4.1.1
+		;;
+	pru-*)
+		os=elf
+		;;
+	*-be)
+		os=beos
+		;;
+	*-ibm)
+		os=aix
+		;;
+	*-knuth)
+		os=mmixware
+		;;
+	*-wec)
+		os=proelf
+		;;
+	*-winbond)
+		os=proelf
+		;;
+	*-oki)
+		os=proelf
+		;;
+	*-hp)
+		os=hpux
+		;;
+	*-hitachi)
+		os=hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=sysv
+		;;
+	*-cbm)
+		os=amigaos
+		;;
+	*-dg)
+		os=dgux
+		;;
+	*-dolphin)
+		os=sysv3
+		;;
+	m68k-ccur)
+		os=rtu
+		;;
+	m88k-omron*)
+		os=luna
+		;;
+	*-next)
+		os=nextstep
+		;;
+	*-sequent)
+		os=ptx
+		;;
+	*-crds)
+		os=unos
+		;;
+	*-ns)
+		os=genix
+		;;
+	i370-*)
+		os=mvs
+		;;
+	*-gould)
+		os=sysv
+		;;
+	*-highlevel)
+		os=bsd
+		;;
+	*-encore)
+		os=bsd
+		;;
+	*-sgi)
+		os=irix
+		;;
+	*-siemens)
+		os=sysv4
+		;;
+	*-masscomp)
+		os=rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=uxpv
+		;;
+	*-rom68k)
+		os=coff
+		;;
+	*-*bug)
+		os=coff
+		;;
+	*-apple)
+		os=macos
+		;;
+	*-atari*)
+		os=mint
+		;;
+	*-wrs)
+		os=vxworks
+		;;
+	*)
+		os=none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+case $vendor in
+	unknown)
+		case $os in
+			riscix*)
+				vendor=acorn
+				;;
+			sunos*)
+				vendor=sun
+				;;
+			cnk*|-aix*)
+				vendor=ibm
+				;;
+			beos*)
+				vendor=be
+				;;
+			hpux*)
+				vendor=hp
+				;;
+			mpeix*)
+				vendor=hp
+				;;
+			hiux*)
+				vendor=hitachi
+				;;
+			unos*)
+				vendor=crds
+				;;
+			dgux*)
+				vendor=dg
+				;;
+			luna*)
+				vendor=omron
+				;;
+			genix*)
+				vendor=ns
+				;;
+			clix*)
+				vendor=intergraph
+				;;
+			mvs* | opened*)
+				vendor=ibm
+				;;
+			os400*)
+				vendor=ibm
+				;;
+			ptx*)
+				vendor=sequent
+				;;
+			tpf*)
+				vendor=ibm
+				;;
+			vxsim* | vxworks* | windiss*)
+				vendor=wrs
+				;;
+			aux*)
+				vendor=apple
+				;;
+			hms*)
+				vendor=hitachi
+				;;
+			mpw* | macos*)
+				vendor=apple
+				;;
+			*mint | mint[0-9]* | *MiNT | MiNT[0-9]*)
+				vendor=atari
+				;;
+			vos*)
+				vendor=stratus
+				;;
+		esac
+		;;
+esac
+
+echo "$cpu-$vendor-$os"
+exit
+
+# Local variables:
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/contrib/ldapc++/configure b/contrib/ldapc++/configure
new file mode 100755
index 0000000..8cca14d
--- /dev/null
+++ b/contrib/ldapc++/configure
@@ -0,0 +1,18656 @@
+#! /bin/sh
+# From configure.ac Id: 9e53b7243116521c824456d5fb2d4d3c358c0d76 .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.69 for ldapcpplib  .
+#
+# Report bugs to <http://www.openldap.org/its/ >.
+#
+# Copyright 2000-2022 The OpenLDAP Foundation. All rights reserved.
+# Restrictions apply, see COPYRIGHT and LICENSE files.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+    _as_can_reexec=no; export _as_can_reexec;
+    # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+          { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+
+  test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || (
+    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+    ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+    ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO
+    PATH=/empty FPATH=/empty; export PATH FPATH
+    test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\
+      || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  export CONFIG_SHELL
+             # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://www.openldap.org/its/ about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+  # already done that, so ensure we don't try to do so again and fall
+  # in an infinite loop.  This has already happened in practice.
+  _as_can_reexec=no; export _as_can_reexec
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='ldapcpplib'
+PACKAGE_TARNAME='ldapcpplib'
+PACKAGE_VERSION=' '
+PACKAGE_STRING='ldapcpplib  '
+PACKAGE_BUGREPORT='http://www.openldap.org/its/ '
+PACKAGE_URL=''
+
+ac_unique_file="src/LDAPConnection.h"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+CXXCPP
+CPP
+LT_SYS_LIBRARY_PATH
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+MANIFEST_TOOL
+RANLIB
+ac_ct_AR
+AR
+DLLTOOL
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+EGREP
+GREP
+SED
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+ac_ct_CC
+CFLAGS
+CC
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+LIBTOOL
+am__fastdepCXX_FALSE
+am__fastdepCXX_TRUE
+CXXDEPMODE
+am__nodep
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CXX
+CPPFLAGS
+LDFLAGS
+CXXFLAGS
+CXX
+OPENLDAP_CPP_API_VERSION
+AM_BACKSLASH
+AM_DEFAULT_VERBOSITY
+AM_DEFAULT_V
+AM_V
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+runstatedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_silent_rules
+enable_dependency_tracking
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_aix_soname
+with_gnu_ld
+with_sysroot
+enable_libtool_lock
+enable_debug
+with_libldap
+with_ldap_includes
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CXX
+CXXFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CCC
+CC
+CFLAGS
+LT_SYS_LIBRARY_PATH
+CPP
+CXXCPP'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir runstatedir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures ldapcpplib   to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/ldapcpplib]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of ldapcpplib  :";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-silent-rules   less verbose build output (undo: "make V=1")
+  --disable-silent-rules  verbose build output (undo: "make V=0")
+  --enable-dependency-tracking
+                          do not reject slow dependency extractors
+  --disable-dependency-tracking
+                          speeds up one-time build
+  --enable-shared[=PKGS]  build shared libraries [default=yes]
+  --enable-static[=PKGS]  build static libraries [default=yes]
+  --enable-fast-install[=PKGS]
+                          optimize for fast installation [default=yes]
+  --disable-libtool-lock  avoid locking (might break parallel builds)
+  --enable-debug
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-pic[=PKGS]       try to use only PIC/non-PIC objects [default=use
+                          both]
+  --with-aix-soname=aix|svr4|both
+                          shared library versioning (aka "SONAME") variant to
+                          provide on AIX, [default=aix].
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+  --with-sysroot[=DIR]    Search for dependent libraries within DIR (or the
+                          compiler's sysroot if not specified).
+  --with-libldap=DIR          Path to the libldap library /usr/local/lib
+  --with-ldap-includes=DIR    Path to the libldap include files /usr/local/include
+
+Some influential environment variables:
+  CXX         C++ compiler command
+  CXXFLAGS    C++ compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LT_SYS_LIBRARY_PATH
+              User-defined run-time library search path.
+  CPP         C preprocessor
+  CXXCPP      C++ preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://www.openldap.org/its/ >.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+ldapcpplib configure
+generated by GNU Autoconf 2.69
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+
+Copyright 2000-2022 The OpenLDAP Foundation. All rights reserved.
+Restrictions apply, see COPYRIGHT and LICENSE files.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 test -x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: program exited with status $ac_status" >&5
+       $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+       ac_retval=$ac_status
+fi
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $2 (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_func
+
+# ac_fn_cxx_try_cpp LINENO
+# ------------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } > conftest.i && {
+	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_cpp
+
+# ac_fn_cxx_try_link LINENO
+# -------------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 test -x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_link
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if eval \${$3+:} false; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_header_compiler=yes
+else
+  ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  ac_header_preproc=yes
+else
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+  yes:no: )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+    ;;
+  no:yes:* )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2:     check for missing prerequisite headers?" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## -------------------------------------------- ##
+## Report this to http://www.openldap.org/its/  ##
+## -------------------------------------------- ##"
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval \${$3+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+
+} # ac_fn_c_check_header_mongrel
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by ldapcpplib $as_me  , which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  # We do not want a PATH search for config.site.
+  case $CONFIG_SITE in #((
+    -*)  ac_site_file1=./$CONFIG_SITE;;
+    */*) ac_site_file1=$CONFIG_SITE;;
+    *)   ac_site_file1=./$CONFIG_SITE;;
+  esac
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+am__api_version='1.15'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+  ./ | .// | /[cC]/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+  done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;;
+esac
+
+# Do 'set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   am_has_slept=no
+   for am_try in 1 2; do
+     echo "timestamp, slept: $am_has_slept" > conftest.file
+     set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+     if test "$*" = "X"; then
+	# -L didn't work.
+	set X `ls -t "$srcdir/configure" conftest.file`
+     fi
+     if test "$*" != "X $srcdir/configure conftest.file" \
+	&& test "$*" != "X conftest.file $srcdir/configure"; then
+
+	# If neither matched, then we have a broken ls.  This can happen
+	# if, for instance, CONFIG_SHELL is bash and it inherits a
+	# broken ls alias from the environment.  This has actually
+	# happened.  Such a system could not be considered "sane".
+	as_fn_error $? "ls -t appears to fail.  Make sure there is not a broken
+  alias in your environment" "$LINENO" 5
+     fi
+     if test "$2" = conftest.file || test $am_try -eq 2; then
+       break
+     fi
+     # Just in case.
+     sleep 1
+     am_has_slept=yes
+   done
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+# If we didn't sleep, we still need to ensure time stamps of config.status and
+# generated files are strictly newer.
+am_sleep_pid=
+if grep 'slept: no' conftest.file >/dev/null 2>&1; then
+  ( sleep 1 ) &
+  am_sleep_pid=$!
+fi
+
+rm -f conftest.file
+
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# Expand $ac_aux_dir to an absolute path.
+am_aux_dir=`cd "$ac_aux_dir" && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --is-lightweight"; then
+  am_missing_run="$MISSING "
+else
+  am_missing_run=
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using 'strip' when the user
+# run "make install-strip".  However 'strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the 'STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_STRIP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if ${ac_cv_path_mkdir+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+  done
+IFS=$as_save_IFS
+
+fi
+
+  test -d ./--version && rmdir ./--version
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AWK+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+# Check whether --enable-silent-rules was given.
+if test "${enable_silent_rules+set}" = set; then :
+  enableval=$enable_silent_rules;
+fi
+
+case $enable_silent_rules in # (((
+  yes) AM_DEFAULT_VERBOSITY=0;;
+   no) AM_DEFAULT_VERBOSITY=1;;
+    *) AM_DEFAULT_VERBOSITY=1;;
+esac
+am_make=${MAKE-make}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5
+$as_echo_n "checking whether $am_make supports nested variables... " >&6; }
+if ${am_cv_make_support_nested_variables+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if $as_echo 'TRUE=$(BAR$(V))
+BAR0=false
+BAR1=true
+V=1
+am__doit:
+	@$(TRUE)
+.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then
+  am_cv_make_support_nested_variables=yes
+else
+  am_cv_make_support_nested_variables=no
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5
+$as_echo "$am_cv_make_support_nested_variables" >&6; }
+if test $am_cv_make_support_nested_variables = yes; then
+    AM_V='$(V)'
+  AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)'
+else
+  AM_V=$AM_DEFAULT_VERBOSITY
+  AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY
+fi
+AM_BACKSLASH='\'
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='ldapcpplib'
+ VERSION=' '
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# For better backward compatibility.  To be removed once Automake 1.9.x
+# dies out for good.  For more background, see:
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+mkdir_p='$(MKDIR_P)'
+
+# We need awk for the "check" target (and possibly the TAP driver).  The
+# system "awk" is bad on some platforms.
+# Always define AMTAR for backward compatibility.  Yes, it's still used
+# in the wild :-(  We should find a proper way to deprecate it ...
+AMTAR='$${TAR-tar}'
+
+
+# We'll loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar  pax cpio none'
+
+am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'
+
+
+
+
+
+
+# POSIX will say in a future version that running "rm -f" with no argument
+# is OK; and we want to be able to make that assumption in our Makefile
+# recipes.  So use an aggressive probe to check that the usage we want is
+# actually supported "in the wild" to an acceptable degree.
+# See automake bug#10828.
+# To make any issue more visible, cause the running configure to be aborted
+# by default if the 'rm' program in use doesn't match our expectations; the
+# user can still override this though.
+if rm -f && rm -fr && rm -rf; then : OK; else
+  cat >&2 <<'END'
+Oops!
+
+Your 'rm' program seems unable to run without file operands specified
+on the command line, even when the '-f' option is present.  This is contrary
+to the behaviour of most rm programs out there, and not conforming with
+the upcoming POSIX standard: <http://austingroupbugs.net/view.php?id=542>
+
+Please tell bug-automake@gnu.org about your system, including the value
+of your $PATH and any error possibly output before this message.  This
+can help us improve future automake versions.
+
+END
+  if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then
+    echo 'Configuration will proceed anyway, since you have set the' >&2
+    echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2
+    echo >&2
+  else
+    cat >&2 <<'END'
+Aborting the configuration process, to ensure you take notice of the issue.
+
+You can download and install GNU coreutils to get an 'rm' implementation
+that behaves properly: <http://www.gnu.org/software/coreutils/>.
+
+If you want to complete the configuration process using your problematic
+'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
+to "yes", and re-run configure.
+
+END
+    as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5
+  fi
+fi
+
+ac_config_headers="$ac_config_headers src/config.h"
+
+
+eval `$ac_aux_dir/version.sh`
+if test -z "$OL_CPP_API_RELEASE"; then
+        as_fn_error $? "could not determine version" "$LINENO" 5
+fi
+
+VERSION=$OL_CPP_API_RELEASE
+OPENLDAP_CPP_API_VERSION=$OL_CPP_API_VERSION
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+  if test -n "$CCC"; then
+    CXX=$CCC
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CXX" && break
+done
+
+  if test "x$ac_ct_CXX" = x; then
+    CXX="g++"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CXX=$ac_ct_CXX
+  fi
+fi
+
+  fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C++ compiler works" >&5
+$as_echo_n "checking whether the C++ compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+if test -z "$ac_file"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C++ compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler default output file name" >&5
+$as_echo_n "checking for C++ compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if ${ac_cv_cxx_compiler_gnu+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GXX=yes
+else
+  GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if ${ac_cv_prog_cxx_g+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+   ac_cxx_werror_flag=yes
+   ac_cv_prog_cxx_g=no
+   CXXFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+else
+  CXXFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+	 CXXFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from 'make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+  am__nodep='_no'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+
+depcc="$CXX"  am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if ${am_cv_CXX_dependencies_compiler_type+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named 'D' -- because '-MD' means "put the output
+  # in D".
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CXX_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+      # Solaris 10 /bin/sh.
+      echo '/* dummy */' > sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with '-c' and '-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle '-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs.
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # After this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested.
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+      # This compiler won't grok '-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CXX_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+  am__fastdepCXX_TRUE=
+  am__fastdepCXX_FALSE='#'
+else
+  am__fastdepCXX_TRUE='#'
+  am__fastdepCXX_FALSE=
+fi
+
+
+case `pwd` in
+  *\ * | *\	*)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.4.6'
+macro_revision='2.4.6'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain=$ac_aux_dir/ltmain.sh
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+# Backslashify metacharacters that are still active within
+# double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
+ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5
+$as_echo_n "checking how to print strings... " >&6; }
+# Test print first, because it will be a builtin if present.
+if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
+   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
+  ECHO='print -r --'
+elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
+  ECHO='printf %s\n'
+else
+  # Use this function as a fallback that always works.
+  func_fallback_echo ()
+  {
+    eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+  }
+  ECHO='func_fallback_echo'
+fi
+
+# func_echo_all arg...
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+    $ECHO ""
+}
+
+case $ECHO in
+  printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5
+$as_echo "printf" >&6; } ;;
+  print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5
+$as_echo "print -r" >&6; } ;;
+  *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5
+$as_echo "cat" >&6; } ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+else
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5
+$as_echo_n "checking whether $CC understands -c and -o together... " >&6; }
+if ${am_cv_prog_cc_c_o+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+  # Make sure it works both with $CC and with simple cc.
+  # Following AC_PROG_CC_C_O, we do the test twice because some
+  # compilers refuse to overwrite an existing .o file with -o,
+  # though they will create one.
+  am_cv_prog_cc_c_o=yes
+  for am_i in 1 2; do
+    if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5
+   ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5
+   ac_status=$?
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   (exit $ac_status); } \
+         && test -f conftest2.$ac_objext; then
+      : OK
+    else
+      am_cv_prog_cc_c_o=no
+      break
+    fi
+  done
+  rm -f core conftest*
+  unset am_i
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5
+$as_echo "$am_cv_prog_cc_c_o" >&6; }
+if test "$am_cv_prog_cc_c_o" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if ${am_cv_CC_dependencies_compiler_type+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named 'D' -- because '-MD' means "put the output
+  # in D".
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with
+      # Solaris 10 /bin/sh.
+      echo '/* dummy */' > sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with '-c' and '-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle '-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs.
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # After this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested.
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvc7 | msvc7msys | msvisualcpp | msvcmsys)
+      # This compiler won't grok '-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if ${ac_cv_path_SED+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_SED" || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if ${ac_cv_path_GREP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$GREP"; then
+  ac_path_GREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in grep ggrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_GREP" || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_GREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_GREP"; then
+    as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if ${ac_cv_path_EGREP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     if test -z "$EGREP"; then
+  ac_path_EGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in egrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_EGREP" || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP"; then
+    as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if ${ac_cv_path_FGREP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+   then ac_cv_path_FGREP="$GREP -F"
+   else
+     if test -z "$FGREP"; then
+  ac_path_FGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in fgrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_FGREP" || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+  # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'FGREP' >> "conftest.nl"
+    "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_FGREP="$ac_path_FGREP"
+      ac_path_FGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_FGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_FGREP"; then
+    as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_FGREP=$FGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+  withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test yes = "$GCC"; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return, which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD=$ac_prog
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test yes = "$with_gnu_ld"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if ${lt_cv_path_LD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD=$ac_dir/$ac_prog
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test no != "$with_gnu_ld" && break
+	;;
+      *)
+	test yes != "$with_gnu_ld" && break
+	;;
+      esac
+    fi
+  done
+  IFS=$lt_save_ifs
+else
+  lt_cv_path_LD=$LD # Let the user override the test with a path.
+fi
+fi
+
+LD=$lt_cv_path_LD
+if test -n "$LD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if ${lt_cv_prog_gnu_ld+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if ${lt_cv_path_NM+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM=$NM
+else
+  lt_nm_to_check=${ac_tool_prefix}nm
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS=$lt_save_ifs
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm=$ac_dir/$lt_tmp_nm
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
+	case $build_os in
+	mingw*) lt_bad_file=conftest.nm/nofile ;;
+	*) lt_bad_file=/dev/null ;;
+	esac
+	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
+	*$lt_bad_file* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break 2
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break 2
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS=$lt_save_ifs
+  done
+  : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test no != "$lt_cv_path_NM"; then
+  NM=$lt_cv_path_NM
+else
+  # Didn't find any BSD compatible name lister, look for dumpbin.
+  if test -n "$DUMPBIN"; then :
+    # Let the user override the test.
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in dumpbin "link -dump"
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DUMPBIN+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DUMPBIN"; then
+  ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$DUMPBIN" && break
+  done
+fi
+if test -z "$DUMPBIN"; then
+  ac_ct_DUMPBIN=$DUMPBIN
+  for ac_prog in dumpbin "link -dump"
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DUMPBIN"; then
+  ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_DUMPBIN" && break
+done
+
+  if test "x$ac_ct_DUMPBIN" = x; then
+    DUMPBIN=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DUMPBIN=$ac_ct_DUMPBIN
+  fi
+fi
+
+    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
+    *COFF*)
+      DUMPBIN="$DUMPBIN -symbols -headers"
+      ;;
+    *)
+      DUMPBIN=:
+      ;;
+    esac
+  fi
+
+  if test : != "$DUMPBIN"; then
+    NM=$DUMPBIN
+  fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if ${lt_cv_nm_interface+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_nm_interface="BSD nm"
+  echo "int some_variable = 0;" > conftest.$ac_ext
+  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5)
+  (eval "$ac_compile" 2>conftest.err)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:$LINENO: output\"" >&5)
+  cat conftest.out >&5
+  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+    lt_cv_nm_interface="MS dumpbin"
+  fi
+  rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if ${lt_cv_sys_max_cmd_len+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+    i=0
+  teststring=ABCD
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw* | cegcc*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  mint*)
+    # On MiNT this can take a long time and run out of memory.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  os2*)
+    # The test takes a long time on OS/2.
+    lt_cv_sys_max_cmd_len=8192
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len" && \
+       test undefined != "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      # Make teststring a little bigger before we do anything with it.
+      # a 1K string should be a reasonable start.
+      for i in 1 2 3 4 5 6 7 8; do
+        teststring=$teststring$teststring
+      done
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      # If test is not a shell built-in, we'll probably end up computing a
+      # maximum length that is only half of the actual maximum length, but
+      # we can't tell.
+      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
+	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
+	      test 17 != "$i" # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      # Only check the string length outside the loop.
+      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on
+      # massive amounts of additional arguments before passing them to the
+      # linker.  It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
+    ;;
+  esac
+
+fi
+
+if test -n "$lt_cv_sys_max_cmd_len"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  lt_unset=unset
+else
+  lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  lt_SP2NL='tr \040 \012'
+  lt_NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  lt_SP2NL='tr \100 \n'
+  lt_NL2SP='tr \r\n \100\100'
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5
+$as_echo_n "checking how to convert $build file names to $host format... " >&6; }
+if ${lt_cv_to_host_file_cmd+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $host in
+  *-*-mingw* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
+        ;;
+      *-*-cygwin* )
+        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
+        ;;
+      * ) # otherwise, assume *nix
+        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
+        ;;
+    esac
+    ;;
+  *-*-cygwin* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
+        ;;
+      *-*-cygwin* )
+        lt_cv_to_host_file_cmd=func_convert_file_noop
+        ;;
+      * ) # otherwise, assume *nix
+        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
+        ;;
+    esac
+    ;;
+  * ) # unhandled hosts (and "normal" native builds)
+    lt_cv_to_host_file_cmd=func_convert_file_noop
+    ;;
+esac
+
+fi
+
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5
+$as_echo "$lt_cv_to_host_file_cmd" >&6; }
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5
+$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; }
+if ${lt_cv_to_tool_file_cmd+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  #assume ordinary cross tools, or native build.
+lt_cv_to_tool_file_cmd=func_convert_file_noop
+case $host in
+  *-*-mingw* )
+    case $build in
+      *-*-mingw* ) # actually msys
+        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
+        ;;
+    esac
+    ;;
+esac
+
+fi
+
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5
+$as_echo "$lt_cv_to_tool_file_cmd" >&6; }
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if ${lt_cv_ld_reload_flag+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    if test yes != "$GCC"; then
+      reload_cmds=false
+    fi
+    ;;
+  darwin*)
+    if test yes = "$GCC"; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OBJDUMP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OBJDUMP"; then
+  ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+  ac_ct_OBJDUMP=$OBJDUMP
+  # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OBJDUMP"; then
+  ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_OBJDUMP="objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OBJDUMP" = x; then
+    OBJDUMP="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OBJDUMP=$ac_ct_OBJDUMP
+  fi
+else
+  OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if ${lt_cv_deplibs_check_method+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# 'unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# that responds to the $file_magic_cmd with a given extended regex.
+# If you have 'file' or equivalent on your system and you're not sure
+# whether 'pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[45]*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    # Keep this pattern in sync with the one in func_win32_libid.
+    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
+  ;;
+
+cegcc*)
+  # use the weaker test based on 'objdump'. See mingw*.
+  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | dragonfly*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+haiku*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix[3-9]*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd* | netbsdelf*-gnu)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+*nto* | *qnx*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+openbsd* | bitrig*)
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+tpf*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+os2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+
+file_magic_glob=
+want_nocaseglob=no
+if test "$build" = "$host"; then
+  case $host_os in
+  mingw* | pw32*)
+    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
+      want_nocaseglob=yes
+    else
+      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"`
+    fi
+    ;;
+  esac
+fi
+
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dlltool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DLLTOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DLLTOOL"; then
+  ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DLLTOOL=$ac_cv_prog_DLLTOOL
+if test -n "$DLLTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5
+$as_echo "$DLLTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DLLTOOL"; then
+  ac_ct_DLLTOOL=$DLLTOOL
+  # Extract the first word of "dlltool", so it can be a program name with args.
+set dummy dlltool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DLLTOOL"; then
+  ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_DLLTOOL="dlltool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL
+if test -n "$ac_ct_DLLTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5
+$as_echo "$ac_ct_DLLTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_DLLTOOL" = x; then
+    DLLTOOL="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DLLTOOL=$ac_ct_DLLTOOL
+  fi
+else
+  DLLTOOL="$ac_cv_prog_DLLTOOL"
+fi
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5
+$as_echo_n "checking how to associate runtime and link libraries... " >&6; }
+if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_sharedlib_from_linklib_cmd='unknown'
+
+case $host_os in
+cygwin* | mingw* | pw32* | cegcc*)
+  # two different shell functions defined in ltmain.sh;
+  # decide which one to use based on capabilities of $DLLTOOL
+  case `$DLLTOOL --help 2>&1` in
+  *--identify-strict*)
+    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
+    ;;
+  *)
+    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
+    ;;
+  esac
+  ;;
+*)
+  # fallback: assume linklib IS sharedlib
+  lt_cv_sharedlib_from_linklib_cmd=$ECHO
+  ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5
+$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; }
+sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
+test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  for ac_prog in ar
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_AR="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$AR" && break
+  done
+fi
+if test -z "$AR"; then
+  ac_ct_AR=$AR
+  for ac_prog in ar
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_AR+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_AR="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_AR" && break
+done
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+fi
+
+: ${AR=ar}
+: ${AR_FLAGS=cru}
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5
+$as_echo_n "checking for archiver @FILE support... " >&6; }
+if ${lt_cv_ar_at_file+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ar_at_file=no
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  echo conftest.$ac_objext > conftest.lst
+      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5'
+      { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+  (eval $lt_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+      if test 0 -eq "$ac_status"; then
+	# Ensure the archiver fails upon bogus file names.
+	rm -f conftest.$ac_objext libconftest.a
+	{ { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5
+  (eval $lt_ar_try) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+	if test 0 -ne "$ac_status"; then
+          lt_cv_ar_at_file=@
+        fi
+      fi
+      rm -f conftest.* libconftest.a
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5
+$as_echo "$lt_cv_ar_at_file" >&6; }
+
+if test no = "$lt_cv_ar_at_file"; then
+  archiver_list_spec=
+else
+  archiver_list_spec=$lt_cv_ar_at_file
+fi
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_STRIP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_STRIP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  bitrig* | openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
+fi
+
+case $host_os in
+  darwin*)
+    lock_old_archive_extraction=yes ;;
+  *)
+    lock_old_archive_extraction=no ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if ${lt_cv_sys_global_symbol_pipe+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[BCDT]'
+  ;;
+cygwin* | mingw* | pw32* | cegcc*)
+  symcode='[ABCDGISTW]'
+  ;;
+hpux*)
+  if test ia64 = "$host_cpu"; then
+    symcode='[ABCDEGRST]'
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[BCDEGRST]'
+  ;;
+osf*)
+  symcode='[BCDEGQRST]'
+  ;;
+solaris*)
+  symcode='[BDRT]'
+  ;;
+sco3.2v5*)
+  symcode='[DT]'
+  ;;
+sysv4.2uw2*)
+  symcode='[DT]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[ABDT]'
+  ;;
+sysv4)
+  symcode='[DFNSTU]'
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[ABCDGIRSTW]' ;;
+esac
+
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+  # Gets list of data symbols to import.
+  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
+  # Adjust the below global symbol transforms to fixup imported variables.
+  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
+  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
+  lt_c_name_lib_hook="\
+  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
+  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
+else
+  # Disable hooks by default.
+  lt_cv_sys_global_symbol_to_import=
+  lt_cdecl_hook=
+  lt_c_name_hook=
+  lt_c_name_lib_hook=
+fi
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n"\
+$lt_cdecl_hook\
+" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
+$lt_c_name_hook\
+" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
+
+# Transform an extracted symbol line into symbol name with lib prefix and
+# symbol address.
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
+$lt_c_name_lib_hook\
+" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
+" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
+" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+    # Fake it for dumpbin and say T for any non-static function,
+    # D for any global variable and I for any imported variable.
+    # Also find C++ and __fastcall symbols from MSVC++,
+    # which start with @ or ?.
+    lt_cv_sys_global_symbol_pipe="$AWK '"\
+"     {last_section=section; section=\$ 3};"\
+"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
+"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
+"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
+"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
+"     \$ 0!~/External *\|/{next};"\
+"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+"     {if(hide[section]) next};"\
+"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
+"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
+"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
+"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
+"     ' prfx=^$ac_symprfx"
+  else
+    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+  fi
+  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5
+  (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<_LT_EOF > conftest.$ac_ext
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
+   relocations are performed -- see ld's documentation on pseudo-relocs.  */
+# define LT_DLSYM_CONST
+#elif defined __osf__
+/* This system does not cope well with relocations in const data.  */
+# define LT_DLSYM_CONST
+#else
+# define LT_DLSYM_CONST const
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+	  cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols.  */
+LT_DLSYM_CONST struct {
+  const char *name;
+  void       *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+  { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+	  cat <<\_LT_EOF >> conftest.$ac_ext
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_globsym_save_LIBS=$LIBS
+	  lt_globsym_save_CFLAGS=$CFLAGS
+	  LIBS=conftstm.$ac_objext
+	  CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+	  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest$ac_exeext; then
+	    pipe_works=yes
+	  fi
+	  LIBS=$lt_globsym_save_LIBS
+	  CFLAGS=$lt_globsym_save_CFLAGS
+	else
+	  echo "cannot find nm_test_func in $nlist" >&5
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&5
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+    fi
+  else
+    echo "$progname: failed program was:" >&5
+    cat conftest.$ac_ext >&5
+  fi
+  rm -rf conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test yes = "$pipe_works"; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+# Response file support.
+if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+  nm_file_list_spec='@'
+elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then
+  nm_file_list_spec='@'
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5
+$as_echo_n "checking for sysroot... " >&6; }
+
+# Check whether --with-sysroot was given.
+if test "${with_sysroot+set}" = set; then :
+  withval=$with_sysroot;
+else
+  with_sysroot=no
+fi
+
+
+lt_sysroot=
+case $with_sysroot in #(
+ yes)
+   if test yes = "$GCC"; then
+     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
+   fi
+   ;; #(
+ /*)
+   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
+   ;; #(
+ no|'')
+   ;; #(
+ *)
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5
+$as_echo "$with_sysroot" >&6; }
+   as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5
+   ;;
+esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5
+$as_echo "${lt_sysroot:-no}" >&6; }
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5
+$as_echo_n "checking for a working dd... " >&6; }
+if ${ac_cv_path_lt_DD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+: ${lt_DD:=$DD}
+if test -z "$lt_DD"; then
+  ac_path_lt_DD_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in dd; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext"
+      as_fn_executable_p "$ac_path_lt_DD" || continue
+if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+  cmp -s conftest.i conftest.out \
+  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
+fi
+      $ac_path_lt_DD_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_lt_DD"; then
+    :
+  fi
+else
+  ac_cv_path_lt_DD=$lt_DD
+fi
+
+rm -f conftest.i conftest2.i conftest.out
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5
+$as_echo "$ac_cv_path_lt_DD" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5
+$as_echo_n "checking how to truncate binary pipes... " >&6; }
+if ${lt_cv_truncate_bin+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  printf 0123456789abcdef0123456789abcdef >conftest.i
+cat conftest.i conftest.i >conftest2.i
+lt_cv_truncate_bin=
+if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
+  cmp -s conftest.i conftest.out \
+  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
+fi
+rm -f conftest.i conftest2.i conftest.out
+test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5
+$as_echo "$lt_cv_truncate_bin" >&6; }
+
+
+
+
+
+
+
+# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+    for cc_temp in $*""; do
+      case $cc_temp in
+        compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+        distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+        \-*) ;;
+        *) break;;
+      esac
+    done
+    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+  enableval=$enable_libtool_lock;
+fi
+
+test no = "$enable_libtool_lock" || enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out what ABI is being produced by ac_compile, and set mode
+  # options accordingly.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.$ac_objext` in
+      *ELF-32*)
+	HPUX_IA64_MODE=32
+	;;
+      *ELF-64*)
+	HPUX_IA64_MODE=64
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    if test yes = "$lt_cv_prog_gnu_ld"; then
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -melf32bsmip"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -melf32bmipn32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -melf64bmip"
+	;;
+      esac
+    else
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -32"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -n32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -64"
+	  ;;
+      esac
+    fi
+  fi
+  rm -rf conftest*
+  ;;
+
+mips64*-*linux*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo '#line '$LINENO' "configure"' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    emul=elf
+    case `/usr/bin/file conftest.$ac_objext` in
+      *32-bit*)
+	emul="${emul}32"
+	;;
+      *64-bit*)
+	emul="${emul}64"
+	;;
+    esac
+    case `/usr/bin/file conftest.$ac_objext` in
+      *MSB*)
+	emul="${emul}btsmip"
+	;;
+      *LSB*)
+	emul="${emul}ltsmip"
+	;;
+    esac
+    case `/usr/bin/file conftest.$ac_objext` in
+      *N32*)
+	emul="${emul}n32"
+	;;
+    esac
+    LD="${LD-ld} -m $emul"
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.  Note that the listed cases only cover the
+  # situations where additional linker options are needed (such as when
+  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
+  # vice versa); the common cases where no linker options are needed do
+  # not appear in the list.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+      *32-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_i386_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    case `/usr/bin/file conftest.o` in
+	      *x86-64*)
+		LD="${LD-ld} -m elf32_x86_64"
+		;;
+	      *)
+		LD="${LD-ld} -m elf_i386"
+		;;
+	    esac
+	    ;;
+	  powerpc64le-*linux*)
+	    LD="${LD-ld} -m elf32lppclinux"
+	    ;;
+	  powerpc64-*linux*)
+	    LD="${LD-ld} -m elf32ppclinux"
+	    ;;
+	  s390x-*linux*)
+	    LD="${LD-ld} -m elf_s390"
+	    ;;
+	  sparc64-*linux*)
+	    LD="${LD-ld} -m elf32_sparc"
+	    ;;
+	esac
+	;;
+      *64-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_x86_64_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_x86_64"
+	    ;;
+	  powerpcle-*linux*)
+	    LD="${LD-ld} -m elf64lppc"
+	    ;;
+	  powerpc-*linux*)
+	    LD="${LD-ld} -m elf64ppc"
+	    ;;
+	  s390*-*linux*|s390*-*tpf*)
+	    LD="${LD-ld} -m elf64_s390"
+	    ;;
+	  sparc*-*linux*)
+	    LD="${LD-ld} -m elf64_sparc"
+	    ;;
+	esac
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS=$CFLAGS
+  CFLAGS="$CFLAGS -belf"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if ${lt_cv_cc_needs_belf+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_cc_needs_belf=yes
+else
+  lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+  if test yes != "$lt_cv_cc_needs_belf"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS=$SAVE_CFLAGS
+  fi
+  ;;
+*-*solaris*)
+  # Find out what ABI is being produced by ac_compile, and set linker
+  # options accordingly.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*)
+        case $host in
+        i?86-*-solaris*|x86_64-*-solaris*)
+          LD="${LD-ld} -m elf_x86_64"
+          ;;
+        sparc*-*-solaris*)
+          LD="${LD-ld} -m elf64_sparc"
+          ;;
+        esac
+        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
+        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
+          LD=${LD-ld}_sol2
+        fi
+        ;;
+      *)
+	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+esac
+
+need_locks=$enable_libtool_lock
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args.
+set dummy ${ac_tool_prefix}mt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_MANIFEST_TOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$MANIFEST_TOOL"; then
+  ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL
+if test -n "$MANIFEST_TOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5
+$as_echo "$MANIFEST_TOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_MANIFEST_TOOL"; then
+  ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL
+  # Extract the first word of "mt", so it can be a program name with args.
+set dummy mt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_MANIFEST_TOOL"; then
+  ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_MANIFEST_TOOL="mt"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL
+if test -n "$ac_ct_MANIFEST_TOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5
+$as_echo "$ac_ct_MANIFEST_TOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_MANIFEST_TOOL" = x; then
+    MANIFEST_TOOL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL
+  fi
+else
+  MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL"
+fi
+
+test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5
+$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; }
+if ${lt_cv_path_mainfest_tool+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_path_mainfest_tool=no
+  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5
+  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
+  cat conftest.err >&5
+  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
+    lt_cv_path_mainfest_tool=yes
+  fi
+  rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5
+$as_echo "$lt_cv_path_mainfest_tool" >&6; }
+if test yes != "$lt_cv_path_mainfest_tool"; then
+  MANIFEST_TOOL=:
+fi
+
+
+
+
+
+
+  case $host_os in
+    rhapsody* | darwin*)
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_DSYMUTIL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DSYMUTIL"; then
+  ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+  ac_ct_DSYMUTIL=$DSYMUTIL
+  # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DSYMUTIL"; then
+  ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_DSYMUTIL" = x; then
+    DSYMUTIL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DSYMUTIL=$ac_ct_DSYMUTIL
+  fi
+else
+  DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_NMEDIT+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NMEDIT"; then
+  ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+  ac_ct_NMEDIT=$NMEDIT
+  # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_NMEDIT"; then
+  ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_NMEDIT="nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_NMEDIT" = x; then
+    NMEDIT=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    NMEDIT=$ac_ct_NMEDIT
+  fi
+else
+  NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_LIPO+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$LIPO"; then
+  ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+  ac_ct_LIPO=$LIPO
+  # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_LIPO+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_LIPO"; then
+  ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_LIPO="lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_LIPO" = x; then
+    LIPO=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    LIPO=$ac_ct_LIPO
+  fi
+else
+  LIPO="$ac_cv_prog_LIPO"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OTOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL"; then
+  ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+  ac_ct_OTOOL=$OTOOL
+  # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OTOOL+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL"; then
+  ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_OTOOL="otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL" = x; then
+    OTOOL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL=$ac_ct_OTOOL
+  fi
+else
+  OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_OTOOL64+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL64"; then
+  ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+  ac_ct_OTOOL64=$OTOOL64
+  # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL64"; then
+  ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_OTOOL64="otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL64" = x; then
+    OTOOL64=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL64=$ac_ct_OTOOL64
+  fi
+else
+  OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if ${lt_cv_apple_cc_single_mod+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_apple_cc_single_mod=no
+      if test -z "$LT_MULTI_MODULE"; then
+	# By default we will add the -single_module flag. You can override
+	# by either setting the environment variable LT_MULTI_MODULE
+	# non-empty at configure time, or by adding -multi_module to the
+	# link flags.
+	rm -rf libconftest.dylib*
+	echo "int foo(void){return 1;}" > conftest.c
+	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+        _lt_result=$?
+	# If there is a non-empty error log, and "single_module"
+	# appears in it, assume the flag caused a linker warning
+        if test -s conftest.err && $GREP single_module conftest.err; then
+	  cat conftest.err >&5
+	# Otherwise, if the output was created with a 0 exit code from
+	# the compiler, it worked.
+	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
+	  lt_cv_apple_cc_single_mod=yes
+	else
+	  cat conftest.err >&5
+	fi
+	rm -rf libconftest.dylib*
+	rm -f conftest.*
+      fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if ${lt_cv_ld_exported_symbols_list+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_ld_exported_symbols_list=yes
+else
+  lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+	LDFLAGS=$save_LDFLAGS
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5
+$as_echo_n "checking for -force_load linker flag... " >&6; }
+if ${lt_cv_ld_force_load+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_force_load=no
+      cat > conftest.c << _LT_EOF
+int forced_loaded() { return 2;}
+_LT_EOF
+      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5
+      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5
+      echo "$AR cru libconftest.a conftest.o" >&5
+      $AR cru libconftest.a conftest.o 2>&5
+      echo "$RANLIB libconftest.a" >&5
+      $RANLIB libconftest.a 2>&5
+      cat > conftest.c << _LT_EOF
+int main() { return 0;}
+_LT_EOF
+      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5
+      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
+      _lt_result=$?
+      if test -s conftest.err && $GREP force_load conftest.err; then
+	cat conftest.err >&5
+      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
+	lt_cv_ld_force_load=yes
+      else
+	cat conftest.err >&5
+      fi
+        rm -f conftest.err libconftest.a conftest conftest.c
+        rm -rf conftest.dSYM
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5
+$as_echo "$lt_cv_ld_force_load" >&6; }
+    case $host_os in
+    rhapsody* | darwin1.[012])
+      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
+    darwin1.*)
+      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+    darwin*) # darwin 5.x on
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+	10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+	10.[012][,.]*)
+	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
+	10.*)
+	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test yes = "$lt_cv_apple_cc_single_mod"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test yes = "$lt_cv_ld_exported_symbols_list"; then
+      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
+    else
+      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
+    fi
+    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
+      _lt_dsymutil='~$DSYMUTIL $lib || :'
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+#       string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+#       string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+#       "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+#       VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+    case x$2 in
+    x)
+        ;;
+    *:)
+        eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
+        ;;
+    x:*)
+        eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
+        ;;
+    *::*)
+        eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+        eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
+        ;;
+    *)
+        eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
+        ;;
+    esac
+}
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if ${ac_cv_prog_CPP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if ${ac_cv_header_stdc+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in dlfcn.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+func_stripname_cnf ()
+{
+  case $2 in
+  .*) func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%\\\\$2\$%%"`;;
+  *)  func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%$2\$%%"`;;
+  esac
+} # func_stripname_cnf
+
+
+
+
+
+# Set options
+
+
+
+        enable_dlopen=no
+
+
+  enable_win32_dll=no
+
+
+            # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+  enableval=$enable_shared; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac
+else
+  enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+  # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+  enableval=$enable_static; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac
+else
+  enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+  withval=$with_pic; lt_p=${PACKAGE-default}
+    case $withval in
+    yes|no) pic_mode=$withval ;;
+    *)
+      pic_mode=default
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for lt_pkg in $withval; do
+	IFS=$lt_save_ifs
+	if test "X$lt_pkg" = "X$lt_p"; then
+	  pic_mode=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac
+else
+  pic_mode=default
+fi
+
+
+
+
+
+
+
+
+  # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+  enableval=$enable_fast_install; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
+      for pkg in $enableval; do
+	IFS=$lt_save_ifs
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS=$lt_save_ifs
+      ;;
+    esac
+else
+  enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+  shared_archive_member_spec=
+case $host,$enable_shared in
+power*-*-aix[5-9]*,yes)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5
+$as_echo_n "checking which variant of shared library versioning to provide... " >&6; }
+
+# Check whether --with-aix-soname was given.
+if test "${with_aix_soname+set}" = set; then :
+  withval=$with_aix_soname; case $withval in
+    aix|svr4|both)
+      ;;
+    *)
+      as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5
+      ;;
+    esac
+    lt_cv_with_aix_soname=$with_aix_soname
+else
+  if ${lt_cv_with_aix_soname+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_with_aix_soname=aix
+fi
+
+    with_aix_soname=$lt_cv_with_aix_soname
+fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5
+$as_echo "$with_aix_soname" >&6; }
+  if test aix != "$with_aix_soname"; then
+    # For the AIX way of multilib, we name the shared archive member
+    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
+    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
+    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
+    # the AIX toolchain works better with OBJECT_MODE set (default 32).
+    if test 64 = "${OBJECT_MODE-32}"; then
+      shared_archive_member_spec=shr_64
+    else
+      shared_archive_member_spec=shr
+    fi
+  fi
+  ;;
+*)
+  with_aix_soname=aix
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS=$ltmain
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}"; then
+   setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if ${lt_cv_objdir+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test set != "${COLLECT_NAMES+set}"; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a '.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+old_CC=$CC
+old_CFLAGS=$CFLAGS
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+func_cc_basename $compiler
+cc_basename=$func_cc_basename_result
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if ${lt_cv_path_MAGIC_CMD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD=$MAGIC_CMD
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/${ac_tool_prefix}file"; then
+      lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS=$lt_save_ifs
+  MAGIC_CMD=$lt_save_MAGIC_CMD
+  ;;
+esac
+fi
+
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if ${lt_cv_path_MAGIC_CMD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD=$MAGIC_CMD
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/file"; then
+      lt_cv_path_MAGIC_CMD=$ac_dir/"file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS=$lt_save_ifs
+  MAGIC_CMD=$lt_save_MAGIC_CMD
+  ;;
+esac
+fi
+
+MAGIC_CMD=$lt_cv_path_MAGIC_CMD
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  else
+    MAGIC_CMD=:
+  fi
+fi
+
+  fi
+  ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC=$CC
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test yes = "$GCC"; then
+  case $cc_basename in
+  nvcc*)
+    lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;;
+  *)
+    lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;;
+  esac
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_rtti_exceptions=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="-fno-rtti -fno-exceptions"  ## exclude from sc_useless_quotes_in_assignment
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_rtti_exceptions=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then
+    lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+    :
+fi
+
+fi
+
+
+
+
+
+
+  lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+
+  if test yes = "$GCC"; then
+    lt_prog_compiler_wl='-Wl,'
+    lt_prog_compiler_static='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the '-m68020' flag to GCC prevents building anything better,
+            # like '-m68040'.
+            lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      case $host_os in
+      os2*)
+	lt_prog_compiler_static='$wl-static'
+	;;
+      esac
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      ;;
+
+    haiku*)
+      # PIC is the default for Haiku.
+      # The "-static" flag exists, but is broken.
+      lt_prog_compiler_static=
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+    esac
+
+    case $cc_basename in
+    nvcc*) # Cuda Compiler Driver 2.2
+      lt_prog_compiler_wl='-Xlinker '
+      if test -n "$lt_prog_compiler_pic"; then
+        lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic"
+      fi
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl='-Wl,'
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      else
+	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      case $cc_basename in
+      nagfor*)
+        # NAG Fortran compiler
+        lt_prog_compiler_wl='-Wl,-Wl,,'
+        lt_prog_compiler_pic='-PIC'
+        lt_prog_compiler_static='-Bstatic'
+        ;;
+      esac
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      case $host_os in
+      os2*)
+	lt_prog_compiler_static='$wl-static'
+	;;
+      esac
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static='$wl-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+      case $cc_basename in
+      # old Intel for x86_64, which still supported -KPIC.
+      ecc*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-KPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='--shared'
+	lt_prog_compiler_static='--static'
+	;;
+      nagfor*)
+	# NAG Fortran compiler
+	lt_prog_compiler_wl='-Wl,-Wl,,'
+	lt_prog_compiler_pic='-PIC'
+	lt_prog_compiler_static='-Bstatic'
+	;;
+      tcc*)
+	# Fabrice Bellard et al's Tiny C Compiler
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fpic'
+	lt_prog_compiler_static='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static='-non_shared'
+        ;;
+      xl* | bgxl* | bgf* | mpixl*)
+	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-qpic'
+	lt_prog_compiler_static='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl=''
+	  ;;
+	*Sun\ F* | *Sun*Fortran*)
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Qoption ld '
+	  ;;
+	*Sun\ C*)
+	  # Sun C 5.9
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Wl,'
+	  ;;
+        *Intel*\ [CF]*Compiler*)
+	  lt_prog_compiler_wl='-Wl,'
+	  lt_prog_compiler_pic='-fPIC'
+	  lt_prog_compiler_static='-static'
+	  ;;
+	*Portland\ Group*)
+	  lt_prog_compiler_wl='-Wl,'
+	  lt_prog_compiler_pic='-fpic'
+	  lt_prog_compiler_static='-Bstatic'
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    rdos*)
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+	lt_prog_compiler_wl='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl='-Qoption ld '
+      lt_prog_compiler_pic='-PIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic='-Kconform_pic'
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_can_build_shared=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic='-pic'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared=no
+      ;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms that do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic=
+    ;;
+  *)
+    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+if ${lt_cv_prog_compiler_pic+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic=$lt_prog_compiler_pic
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5
+$as_echo "$lt_cv_prog_compiler_pic" >&6; }
+lt_prog_compiler_pic=$lt_cv_prog_compiler_pic
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if ${lt_cv_prog_compiler_pic_works+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_works=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"  ## exclude from sc_useless_quotes_in_assignment
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_pic_works"; then
+    case $lt_prog_compiler_pic in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+     esac
+else
+    lt_prog_compiler_pic=
+     lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if ${lt_cv_prog_compiler_static_works+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_static_works=no
+   save_LDFLAGS=$LDFLAGS
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS=$save_LDFLAGS
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_static_works"; then
+    :
+else
+    lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links=nottested
+if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then
+  # do not overwrite the value of need_locks provided by the user
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+  if test no = "$hard_links"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+  runpath_var=
+  allow_undefined_flag=
+  always_export_symbols=no
+  archive_cmds=
+  archive_expsym_cmds=
+  compiler_needs_object=no
+  enable_shared_with_static_runtimes=no
+  export_dynamic_flag_spec=
+  export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  hardcode_automatic=no
+  hardcode_direct=no
+  hardcode_direct_absolute=no
+  hardcode_libdir_flag_spec=
+  hardcode_libdir_separator=
+  hardcode_minus_L=no
+  hardcode_shlibpath_var=unsupported
+  inherit_rpath=no
+  link_all_deplibs=unknown
+  module_cmds=
+  module_expsym_cmds=
+  old_archive_from_new_cmds=
+  old_archive_from_expsyms_cmds=
+  thread_safe_flag_spec=
+  whole_archive_flag_spec=
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ' (' and ')$', so one must not match beginning or
+  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
+  # as well as any symbol that contains 'd'.
+  exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+  extract_expsyms_cmds=
+
+  case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test yes != "$GCC"; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd* | bitrig*)
+    with_gnu_ld=no
+    ;;
+  linux* | k*bsd*-gnu | gnu*)
+    link_all_deplibs=no
+    ;;
+  esac
+
+  ld_shlibs=yes
+
+  # On some targets, GNU ld is compatible enough with the native linker
+  # that we're better off using the native interface for both.
+  lt_use_gnu_ld_interface=no
+  if test yes = "$with_gnu_ld"; then
+    case $host_os in
+      aix*)
+	# The AIX port of GNU ld has always aspired to compatibility
+	# with the native linker.  However, as the warning in the GNU ld
+	# block says, versions before 2.19.5* couldn't really create working
+	# shared libraries, regardless of the interface used.
+	case `$LD -v 2>&1` in
+	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
+	  *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;;
+	  *\ \(GNU\ Binutils\)\ [3-9]*) ;;
+	  *)
+	    lt_use_gnu_ld_interface=yes
+	    ;;
+	esac
+	;;
+      *)
+	lt_use_gnu_ld_interface=yes
+	;;
+    esac
+  fi
+
+  if test yes = "$lt_use_gnu_ld_interface"; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='$wl'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+    export_dynamic_flag_spec='$wl--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+      whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+    else
+      whole_archive_flag_spec=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in
+      *GNU\ gold*) supports_anon_versioning=yes ;;
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix[3-9]*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test ia64 != "$host_cpu"; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.19, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to install binutils
+*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
+*** You will then need to restart the configuration process.
+
+_LT_EOF
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec='-L$libdir'
+      export_dynamic_flag_spec='$wl--export-all-symbols'
+      allow_undefined_flag=unsupported
+      always_export_symbols=no
+      enable_shared_with_static_runtimes=yes
+      export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+      exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
+
+      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+        archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file, use it as
+	# is; otherwise, prepend EXPORTS...
+	archive_expsym_cmds='if   test DEF = "`$SED -n     -e '\''s/^[	 ]*//'\''     -e '\''/^\(;.*\)*$/d'\''     -e '\''s/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p'\''     -e q     $export_symbols`" ; then
+          cp $export_symbols $output_objdir/$soname.def;
+        else
+          echo EXPORTS > $output_objdir/$soname.def;
+          cat $export_symbols >> $output_objdir/$soname.def;
+        fi~
+        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    haiku*)
+      archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+      link_all_deplibs=yes
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      allow_undefined_flag=unsupported
+      shrext_cmds=.dll
+      archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	prefix_cmds="$SED"~
+	if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	  prefix_cmds="$prefix_cmds -e 1d";
+	fi~
+	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      enable_shared_with_static_runtimes=yes
+      ;;
+
+    interix[3-9]*)
+      hardcode_direct=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+      export_dynamic_flag_spec='$wl-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+      tmp_diet=no
+      if test linux-dietlibc = "$host_os"; then
+	case $cc_basename in
+	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
+	esac
+      fi
+      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+	 && test no = "$tmp_diet"
+      then
+	tmp_addflag=' $pic_flag'
+	tmp_sharedflag='-shared'
+	case $cc_basename,$host_cpu in
+        pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95* | pgfortran*)
+					# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	lf95*)				# Lahey Fortran 8.1
+	  whole_archive_flag_spec=
+	  tmp_sharedflag='--shared' ;;
+        nagfor*)                        # NAGFOR 5.3
+          tmp_sharedflag='-Wl,-shared' ;;
+	xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+	  tmp_sharedflag='-qmkshrobj'
+	  tmp_addflag= ;;
+	nvcc*)	# Cuda Compiler Driver 2.2
+	  whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  compiler_needs_object=yes
+	  ;;
+	esac
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	  compiler_needs_object=yes
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	esac
+	archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+
+        if test yes = "$supports_anon_versioning"; then
+          archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+            echo "local: *; };" >> $output_objdir/$libname.ver~
+            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
+        fi
+
+	case $cc_basename in
+	tcc*)
+	  export_dynamic_flag_spec='-rdynamic'
+	  ;;
+	xlf* | bgf* | bgxlf* | mpixlf*)
+	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+	  whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+	  hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+	  archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
+	  if test yes = "$supports_anon_versioning"; then
+	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+              echo "local: *; };" >> $output_objdir/$libname.ver~
+              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+	  fi
+	  ;;
+	esac
+      else
+        ld_shlibs=no
+      fi
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  # For security reasons, it is highly recommended that you always
+	  # use absolute paths for naming shared libraries, and exclude the
+	  # DT_RUNPATH tag from executables and libraries.  But doing so
+	  # requires that you compile everything twice, which is a pain.
+	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+	    archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	    archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	  else
+	    ld_shlibs=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+    esac
+
+    if test no = "$ld_shlibs"; then
+      runpath_var=
+      hardcode_libdir_flag_spec=
+      export_dynamic_flag_spec=
+      whole_archive_flag_spec=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag=unsupported
+      always_export_symbols=yes
+      archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L=yes
+      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct=unsupported
+      fi
+      ;;
+
+    aix[4-9]*)
+      if test ia64 = "$host_cpu"; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
+	# Without the "-l" option, or with the "-B" option, AIX nm treats
+	# weak defined symbols like other global defined symbols, whereas
+	# GNU nm marks them as "W".
+	# While the 'weak' keyword is ignored in the Export File, we need
+	# it in the Import File for the 'aix-soname' feature, so we have
+	# to replace the "-B" option with "-P" for AIX nm.
+	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# have runtime linking enabled, and use it for executables.
+	# For shared libraries, we enable/disable runtime linking
+	# depending on the kind of the shared library created -
+	# when "with_aix_soname,aix_use_runtimelinking" is:
+	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
+	# "aix,yes"  lib.so          shared, rtl:yes, for executables
+	#            lib.a           static archive
+	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
+	#            lib.a(lib.so.V) shared, rtl:no,  for executables
+	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+	#            lib.a(lib.so.V) shared, rtl:no
+	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
+	#            lib.a           static archive
+	case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+	  for ld_flag in $LDFLAGS; do
+	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
+	    aix_use_runtimelinking=yes
+	    break
+	  fi
+	  done
+	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
+	    # so we don't have lib.a shared libs to link our executables.
+	    # We have to force runtime linking in this case.
+	    aix_use_runtimelinking=yes
+	    LDFLAGS="$LDFLAGS -Wl,-brtl"
+	  fi
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds=''
+      hardcode_direct=yes
+      hardcode_direct_absolute=yes
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      file_list_spec='$wl-f,'
+      case $with_aix_soname,$aix_use_runtimelinking in
+      aix,*) ;; # traditional, no import file
+      svr4,* | *,yes) # use import file
+	# The Import File defines what to hardcode.
+	hardcode_direct=no
+	hardcode_direct_absolute=no
+	;;
+      esac
+
+      if test yes = "$GCC"; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`$CC -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	  # We have reworked collect2
+	  :
+	  else
+	  # We have old collect2
+	  hardcode_direct=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  hardcode_minus_L=yes
+	  hardcode_libdir_flag_spec='-L$libdir'
+	  hardcode_libdir_separator=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test yes = "$aix_use_runtimelinking"; then
+	  shared_flag="$shared_flag "'$wl-G'
+	fi
+	# Need to ensure runtime linking is disabled for the traditional
+	# shared library, or the linker may eventually find shared libraries
+	# /with/ Import File - we do not want to mix them.
+	shared_flag_aix='-shared'
+	shared_flag_svr4='-shared $wl-G'
+      else
+	# not using gcc
+	if test ia64 = "$host_cpu"; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test yes = "$aix_use_runtimelinking"; then
+	    shared_flag='$wl-G'
+	  else
+	    shared_flag='$wl-bM:SRE'
+	  fi
+	  shared_flag_aix='$wl-bM:SRE'
+	  shared_flag_svr4='$wl-G'
+	fi
+      fi
+
+      export_dynamic_flag_spec='$wl-bexpall'
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols=yes
+      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag='-berok'
+        # Determine the default libpath from the value encoded in an
+        # empty executable.
+        if test set = "${lt_cv_aix_libpath+set}"; then
+  aix_libpath=$lt_cv_aix_libpath
+else
+  if ${lt_cv_aix_libpath_+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+  lt_aix_libpath_sed='
+      /Import File Strings/,/^$/ {
+	  /^0/ {
+	      s/^0  *\([^ ]*\) *$/\1/
+	      p
+	  }
+      }'
+  lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  # Check for a 64-bit object if we didn't find anything.
+  if test -z "$lt_cv_aix_libpath_"; then
+    lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  if test -z "$lt_cv_aix_libpath_"; then
+    lt_cv_aix_libpath_=/usr/lib:/lib
+  fi
+
+fi
+
+  aix_libpath=$lt_cv_aix_libpath_
+fi
+
+        hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
+        archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
+      else
+	if test ia64 = "$host_cpu"; then
+	  hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag="-z nodefs"
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an
+	 # empty executable.
+	 if test set = "${lt_cv_aix_libpath+set}"; then
+  aix_libpath=$lt_cv_aix_libpath
+else
+  if ${lt_cv_aix_libpath_+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+  lt_aix_libpath_sed='
+      /Import File Strings/,/^$/ {
+	  /^0/ {
+	      s/^0  *\([^ ]*\) *$/\1/
+	      p
+	  }
+      }'
+  lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  # Check for a 64-bit object if we didn't find anything.
+  if test -z "$lt_cv_aix_libpath_"; then
+    lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  if test -z "$lt_cv_aix_libpath_"; then
+    lt_cv_aix_libpath_=/usr/lib:/lib
+  fi
+
+fi
+
+  aix_libpath=$lt_cv_aix_libpath_
+fi
+
+	 hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag=' $wl-bernotok'
+	  allow_undefined_flag=' $wl-berok'
+	  if test yes = "$with_gnu_ld"; then
+	    # We only use this code for GNU lds that support --whole-archive.
+	    whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive'
+	  else
+	    # Exported symbols can be pulled into shared objects from archives
+	    whole_archive_flag_spec='$convenience'
+	  fi
+	  archive_cmds_need_lc=yes
+	  archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+	  # -brtl affects multiple linker settings, -berok does not and is overridden later
+	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
+	  if test svr4 != "$with_aix_soname"; then
+	    # This is similar to how AIX traditionally builds its shared libraries.
+	    archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+	  fi
+	  if test aix != "$with_aix_soname"; then
+	    archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
+	  else
+	    # used by -dlpreopen to get the symbols
+	    archive_expsym_cmds="$archive_expsym_cmds"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
+	  fi
+	  archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      case $cc_basename in
+      cl*)
+	# Native MSVC
+	hardcode_libdir_flag_spec=' '
+	allow_undefined_flag=unsupported
+	always_export_symbols=yes
+	file_list_spec='@'
+	# Tell ltmain to make .lib files, not .a files.
+	libext=lib
+	# Tell ltmain to make .dll files, not .so files.
+	shrext_cmds=.dll
+	# FIXME: Setting linknames here is a bad hack.
+	archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	archive_expsym_cmds='if   test DEF = "`$SED -n     -e '\''s/^[	 ]*//'\''     -e '\''/^\(;.*\)*$/d'\''     -e '\''s/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p'\''     -e q     $export_symbols`" ; then
+            cp "$export_symbols" "$output_objdir/$soname.def";
+            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+          else
+            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+          fi~
+          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+          linknames='
+	# The linker will not automatically build a static lib if we build a DLL.
+	# _LT_TAGVAR(old_archive_from_new_cmds, )='true'
+	enable_shared_with_static_runtimes=yes
+	exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+	export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+	# Don't use ranlib
+	old_postinstall_cmds='chmod 644 $oldlib'
+	postlink_cmds='lt_outputfile="@OUTPUT@"~
+          lt_tool_outputfile="@TOOL_OUTPUT@"~
+          case $lt_outputfile in
+            *.exe|*.EXE) ;;
+            *)
+              lt_outputfile=$lt_outputfile.exe
+              lt_tool_outputfile=$lt_tool_outputfile.exe
+              ;;
+          esac~
+          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+            $RM "$lt_outputfile.manifest";
+          fi'
+	;;
+      *)
+	# Assume MSVC wrapper
+	hardcode_libdir_flag_spec=' '
+	allow_undefined_flag=unsupported
+	# Tell ltmain to make .lib files, not .a files.
+	libext=lib
+	# Tell ltmain to make .dll files, not .so files.
+	shrext_cmds=.dll
+	# FIXME: Setting linknames here is a bad hack.
+	archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
+	# The linker will automatically build a .lib file if we build a DLL.
+	old_archive_from_new_cmds='true'
+	# FIXME: Should let the user specify the lib program.
+	old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+	enable_shared_with_static_runtimes=yes
+	;;
+      esac
+      ;;
+
+    darwin* | rhapsody*)
+
+
+  archive_cmds_need_lc=no
+  hardcode_direct=no
+  hardcode_automatic=yes
+  hardcode_shlibpath_var=unsupported
+  if test yes = "$lt_cv_ld_force_load"; then
+    whole_archive_flag_spec='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
+  else
+    whole_archive_flag_spec=''
+  fi
+  link_all_deplibs=yes
+  allow_undefined_flag=$_lt_dar_allow_undefined
+  case $cc_basename in
+     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test yes = "$_lt_dar_can_shared"; then
+    output_verbose_link_cmd=func_echo_all
+    archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+    module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+    archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+
+  else
+  ld_shlibs=no
+  fi
+
+      ;;
+
+    dgux*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2.*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | dragonfly*)
+      archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    hpux9*)
+      if test yes = "$GCC"; then
+	archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+      hardcode_libdir_separator=:
+      hardcode_direct=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L=yes
+      export_dynamic_flag_spec='$wl-E'
+      ;;
+
+    hpux10*)
+      if test yes,no = "$GCC,$with_gnu_ld"; then
+	archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test no = "$with_gnu_ld"; then
+	hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+	hardcode_libdir_separator=:
+	hardcode_direct=yes
+	hardcode_direct_absolute=yes
+	export_dynamic_flag_spec='$wl-E'
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test yes,no = "$GCC,$with_gnu_ld"; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+
+	  # Older versions of the 11.00 compiler do not understand -b yet
+	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5
+$as_echo_n "checking if $CC understands -b... " >&6; }
+if ${lt_cv_prog_compiler__b+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler__b=no
+   save_LDFLAGS=$LDFLAGS
+   LDFLAGS="$LDFLAGS -b"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler__b=yes
+       fi
+     else
+       lt_cv_prog_compiler__b=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS=$save_LDFLAGS
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5
+$as_echo "$lt_cv_prog_compiler__b" >&6; }
+
+if test yes = "$lt_cv_prog_compiler__b"; then
+    archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+else
+    archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+fi
+
+	  ;;
+	esac
+      fi
+      if test no = "$with_gnu_ld"; then
+	hardcode_libdir_flag_spec='$wl+b $wl$libdir'
+	hardcode_libdir_separator=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_direct=no
+	  hardcode_shlibpath_var=no
+	  ;;
+	*)
+	  hardcode_direct=yes
+	  hardcode_direct_absolute=yes
+	  export_dynamic_flag_spec='$wl-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test yes = "$GCC"; then
+	archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	# Try to use the -exported_symbol ld option, if it does not
+	# work, assume that -exports_file does not work either and
+	# implicitly export all symbols.
+	# This should be the same for all languages, so no per-tag cache variable.
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5
+$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; }
+if ${lt_cv_irix_exported_symbol+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  save_LDFLAGS=$LDFLAGS
+	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
+	   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int foo (void) { return 0; }
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_irix_exported_symbol=yes
+else
+  lt_cv_irix_exported_symbol=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+           LDFLAGS=$save_LDFLAGS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5
+$as_echo "$lt_cv_irix_exported_symbol" >&6; }
+	if test yes = "$lt_cv_irix_exported_symbol"; then
+          archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
+	fi
+	link_all_deplibs=no
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+      hardcode_libdir_separator=:
+      inherit_rpath=yes
+      link_all_deplibs=yes
+      ;;
+
+    linux*)
+      case $cc_basename in
+      tcc*)
+	# Fabrice Bellard et al's Tiny C Compiler
+	ld_shlibs=yes
+	archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	;;
+      esac
+      ;;
+
+    netbsd* | netbsdelf*-gnu)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    newsos6)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+      hardcode_libdir_separator=:
+      hardcode_shlibpath_var=no
+      ;;
+
+    *nto* | *qnx*)
+      ;;
+
+    openbsd* | bitrig*)
+      if test -f /usr/libexec/ld.so; then
+	hardcode_direct=yes
+	hardcode_shlibpath_var=no
+	hardcode_direct_absolute=yes
+	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+	  archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
+	  hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+	  export_dynamic_flag_spec='$wl-E'
+	else
+	  archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  hardcode_libdir_flag_spec='$wl-rpath,$libdir'
+	fi
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      allow_undefined_flag=unsupported
+      shrext_cmds=.dll
+      archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	$ECHO EXPORTS >> $output_objdir/$libname.def~
+	prefix_cmds="$SED"~
+	if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	  prefix_cmds="$prefix_cmds -e 1d";
+	fi~
+	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	emximp -o $lib $output_objdir/$libname.def'
+      old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+      enable_shared_with_static_runtimes=yes
+      ;;
+
+    osf3*)
+      if test yes = "$GCC"; then
+	allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+	archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+      hardcode_libdir_separator=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test yes = "$GCC"; then
+	allow_undefined_flag=' $wl-expect_unresolved $wl\*'
+	archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	hardcode_libdir_flag_spec='$wl-rpath $wl$libdir'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec='-rpath $libdir'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_separator=:
+      ;;
+
+    solaris*)
+      no_undefined_flag=' -z defs'
+      if test yes = "$GCC"; then
+	wlarc='$wl'
+	archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+      else
+	case `$CC -V 2>&1` in
+	*"Compilers 5.0"*)
+	  wlarc=''
+	  archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+	  ;;
+	*)
+	  wlarc='$wl'
+	  archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+	  ;;
+	esac
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_shlibpath_var=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+	# The compiler driver will combine and reorder linker options,
+	# but understands '-z linker_flag'.  GCC discards it without '$wl',
+	# but is careful enough not to reorder.
+	# Supported since Solaris 2.6 (maybe 2.5.1?)
+	if test yes = "$GCC"; then
+	  whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
+	else
+	  whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+	fi
+	;;
+      esac
+      link_all_deplibs=yes
+      ;;
+
+    sunos4*)
+      if test sequent = "$host_vendor"; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds='$CC -r -o $output$reload_objs'
+	  hardcode_direct=no
+        ;;
+	motorola)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var=no
+      export_dynamic_flag_spec='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+      no_undefined_flag='$wl-z,text'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      runpath_var='LD_RUN_PATH'
+
+      if test yes = "$GCC"; then
+	archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We CANNOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag='$wl-z,text'
+      allow_undefined_flag='$wl-z,nodefs'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='$wl-R,$libdir'
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      export_dynamic_flag_spec='$wl-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test yes = "$GCC"; then
+	archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      ld_shlibs=no
+      ;;
+    esac
+
+    if test sni = "$host_vendor"; then
+      case $host in
+      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+	export_dynamic_flag_spec='$wl-Blargedynsym'
+	;;
+      esac
+    fi
+  fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test no = "$ld_shlibs" && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc=yes
+
+  if test yes,yes = "$GCC,$enable_shared"; then
+    case $archive_cmds in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+if ${lt_cv_archive_cmds_need_lc+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  $RM conftest*
+	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+	if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } 2>conftest.err; then
+	  soname=conftest
+	  lib=conftest
+	  libobjs=conftest.$ac_objext
+	  deplibs=
+	  wl=$lt_prog_compiler_wl
+	  pic_flag=$lt_prog_compiler_pic
+	  compiler_flags=-v
+	  linker_flags=-v
+	  verstring=
+	  output_objdir=.
+	  libname=conftest
+	  lt_save_allow_undefined_flag=$allow_undefined_flag
+	  allow_undefined_flag=
+	  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+  (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+	  then
+	    lt_cv_archive_cmds_need_lc=no
+	  else
+	    lt_cv_archive_cmds_need_lc=yes
+	  fi
+	  allow_undefined_flag=$lt_save_allow_undefined_flag
+	else
+	  cat conftest.err 1>&5
+	fi
+	$RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5
+$as_echo "$lt_cv_archive_cmds_need_lc" >&6; }
+      archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test yes = "$GCC"; then
+  case $host_os in
+    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
+    *) lt_awk_arg='/^libraries:/' ;;
+  esac
+  case $host_os in
+    mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;;
+    *) lt_sed_strip_eq='s|=/|/|g' ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
+  case $lt_search_path_spec in
+  *\;*)
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
+    ;;
+  *)
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
+    ;;
+  esac
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary...
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  # ...but if some path component already ends with the multilib dir we assume
+  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
+  case "$lt_multi_os_dir; $lt_search_path_spec " in
+  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
+    lt_multi_os_dir=
+    ;;
+  esac
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
+    elif test -n "$lt_multi_os_dir"; then
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
+BEGIN {RS = " "; FS = "/|\n";} {
+  lt_foo = "";
+  lt_count = 0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo = "/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[lt_foo]++; }
+  if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+  # AWK program above erroneously prepends '/' to C:/dos/paths
+  # for these hosts.
+  case $host_os in
+    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
+      $SED 's|/\([A-Za-z]:\)|\1|g'` ;;
+  esac
+  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=.so
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+
+
+case $host_os in
+aix3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='$libname$release$shared_ext$major'
+  ;;
+
+aix[4-9]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test ia64 = "$host_cpu"; then
+    # AIX 5 supports IA64
+    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line '#! .'.  This would cause the generated library to
+    # depend on '.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # Using Import Files as archive members, it is possible to support
+    # filename-based versioning of shared library archives on AIX. While
+    # this would work for both with and without runtime linking, it will
+    # prevent static linking of such archives. So we do filename-based
+    # shared library versioning with .so extension only, which is used
+    # when both runtime linking and shared linking is enabled.
+    # Unfortunately, runtime linking may impact performance, so we do
+    # not want this to be the default eventually. Also, we use the
+    # versioned .so libs for executables only if there is the -brtl
+    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+    # To allow for filename-based versioning support, we need to create
+    # libNAME.so.V as an archive file, containing:
+    # *) an Import File, referring to the versioned filename of the
+    #    archive as well as the shared archive member, telling the
+    #    bitwidth (32 or 64) of that shared object, and providing the
+    #    list of exported symbols of that shared object, eventually
+    #    decorated with the 'weak' keyword
+    # *) the shared object with the F_LOADONLY flag set, to really avoid
+    #    it being seen by the linker.
+    # At run time we better use the real file rather than another symlink,
+    # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+    case $with_aix_soname,$aix_use_runtimelinking in
+    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    aix,yes) # traditional libtool
+      dynamic_linker='AIX unversionable lib.so'
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      ;;
+    aix,no) # traditional AIX only
+      dynamic_linker='AIX lib.a(lib.so.V)'
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      ;;
+    svr4,*) # full svr4 only
+      dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,yes) # both, prefer svr4
+      dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # unpreferred sharedlib libNAME.a needs extra handling
+      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,no) # both, prefer aix
+      dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+      ;;
+    esac
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='$libname$shared_ext'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$cc_basename in
+  yes,*)
+    # gcc
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+
+      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      ;;
+    esac
+    dynamic_linker='Win32 ld.exe'
+    ;;
+
+  *,cl*)
+    # Native MSVC
+    libname_spec='$name'
+    soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+    library_names_spec='$libname.dll.lib'
+
+    case $build_os in
+    mingw*)
+      sys_lib_search_path_spec=
+      lt_save_ifs=$IFS
+      IFS=';'
+      for lt_path in $LIB
+      do
+        IFS=$lt_save_ifs
+        # Let DOS variable expansion print the short 8.3 style file name.
+        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+      done
+      IFS=$lt_save_ifs
+      # Convert to MSYS style.
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+      ;;
+    cygwin*)
+      # Convert to unix form, then to dos form, then back to unix form
+      # but this time dos style (no spaces!) so that the unix form looks
+      # like /cygdrive/c/PROGRA~1:/cygdr...
+      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      ;;
+    *)
+      sys_lib_search_path_spec=$LIB
+      if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      # FIXME: find the short name or the path components, as spaces are
+      # common. (e.g. "Program Files" -> "PROGRA~1")
+      ;;
+    esac
+
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+    dynamic_linker='Win32 link.exe'
+    ;;
+
+  *)
+    # Assume MSVC wrapper
+    library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
+    dynamic_linker='Win32 ld.exe'
+    ;;
+  esac
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$major$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[23].*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      soname_spec='$libname$release$shared_ext$major'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2.*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+haiku*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  dynamic_linker="$host_os runtime_loader"
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    if test 32 = "$HPUX_IA64_MODE"; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
+    fi
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
+  postinstall_cmds='chmod 555 $lib'
+  # or fails outright, so override atomically:
+  install_override_mode=555
+  ;;
+
+interix[3-9]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test yes = "$lt_cv_prog_gnu_ld"; then
+		version_type=linux # correct to gnu/linux during the next big refactor
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+linux*android*)
+  version_type=none # Android doesn't support versioned libraries.
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext'
+  soname_spec='$libname$release$shared_ext'
+  finish_cmds=
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  dynamic_linker='Android linker'
+  # Don't embed -rpath directories since the linker doesn't support them.
+  hardcode_libdir_flag_spec='-L$libdir'
+  ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+
+  # Some binutils ld are patched to set DT_RUNPATH
+  if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_shlibpath_overrides_runpath=no
+    save_LDFLAGS=$LDFLAGS
+    save_libdir=$libdir
+    eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+	 LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  if  ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+  lt_cv_shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+    LDFLAGS=$save_LDFLAGS
+    libdir=$save_libdir
+
+fi
+
+  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Ideally, we could use ldconfig to report *all* directores which are
+  # searched for libraries, however this is still not possible.  Aside from not
+  # being certain /sbin/ldconfig is available, command
+  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+  # even though it is searched at run-time.  Try to do the best guess by
+  # appending ld.so.conf contents (and includes) to the search path.
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsdelf*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='NetBSD ld.elf_so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd* | bitrig*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec=/usr/lib
+  need_lib_prefix=no
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+    need_version=no
+  else
+    need_version=yes
+  fi
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+os2*)
+  libname_spec='$name'
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+  # OS/2 can only load a DLL with a base name of 8 characters or less.
+  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+    v=$($ECHO $release$versuffix | tr -d .-);
+    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+    $ECHO $n$v`$shared_ext'
+  library_names_spec='${libname}_dll.$libext'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=BEGINLIBPATH
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  postinstall_cmds='base_file=`basename \$file`~
+    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+    dldir=$destdir/`dirname \$dlpath`~
+    test -d \$dldir || mkdir -p \$dldir~
+    $install_prog $dir/$dlname \$dldir/$dlname~
+    chmod a+x \$dldir/$dlname~
+    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+    fi'
+  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+    dlpath=$dir/\$dldll~
+    $RM \$dlpath'
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test yes = "$with_gnu_ld"; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec; then
+    version_type=linux # correct to gnu/linux during the next big refactor
+    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+    soname_spec='$libname$shared_ext.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=sco
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test yes = "$with_gnu_ld"; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test no = "$dynamic_linker" && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test yes = "$GCC"; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
+fi
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
+fi
+
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+   test -n "$runpath_var" ||
+   test yes = "$hardcode_automatic"; then
+
+  # We can hardcode non-existent directories.
+  if test no != "$hardcode_direct" &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" &&
+     test no != "$hardcode_minus_L"; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test relink = "$hardcode_action" ||
+   test yes = "$inherit_rpath"; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test yes = "$shlibpath_overrides_runpath" ||
+     test no = "$enable_shared"; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+
+
+
+
+  if test yes != "$enable_dlopen"; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen=load_add_on
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32* | cegcc*)
+    lt_cv_dlopen=LoadLibrary
+    lt_cv_dlopen_libs=
+    ;;
+
+  cygwin*)
+    lt_cv_dlopen=dlopen
+    lt_cv_dlopen_libs=
+    ;;
+
+  darwin*)
+    # if libdl is installed we need to link against it
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+  lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
+else
+
+    lt_cv_dlopen=dyld
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+
+fi
+
+    ;;
+
+  tpf*)
+    # Don't try to run any link tests for TPF.  We know it's impossible
+    # because TPF is a cross-compiler, and we know how we open DSOs.
+    lt_cv_dlopen=dlopen
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=no
+    ;;
+
+  *)
+    ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = xyes; then :
+  lt_cv_dlopen=shl_load
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if ${ac_cv_lib_dld_shl_load+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_shl_load=yes
+else
+  ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = xyes; then :
+  lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld
+else
+  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = xyes; then :
+  lt_cv_dlopen=dlopen
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if ${ac_cv_lib_dl_dlopen+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = xyes; then :
+  lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if ${ac_cv_lib_svld_dlopen+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_svld_dlopen=yes
+else
+  ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = xyes; then :
+  lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if ${ac_cv_lib_dld_dld_link+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_dld_link=yes
+else
+  ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = xyes; then :
+  lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+    ;;
+  esac
+
+  if test no = "$lt_cv_dlopen"; then
+    enable_dlopen=no
+  else
+    enable_dlopen=yes
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS=$CPPFLAGS
+    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS=$LDFLAGS
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS=$LIBS
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if ${lt_cv_dlopen_self+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test yes = "$cross_compiling"; then :
+  lt_cv_dlopen_self=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+/* When -fvisibility=hidden is used, assume the code has been annotated
+   correspondingly for the symbols needed.  */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+
+int fnord () { return 42; }
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else
+        {
+	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
+          else puts (dlerror ());
+	}
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+    if test yes = "$lt_cv_dlopen_self"; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if ${lt_cv_dlopen_self_static+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test yes = "$cross_compiling"; then :
+  lt_cv_dlopen_self_static=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line $LINENO "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+/* When -fvisibility=hidden is used, assume the code has been annotated
+   correspondingly for the symbols needed.  */
+#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
+int fnord () __attribute__((visibility("default")));
+#endif
+
+int fnord () { return 42; }
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else
+        {
+	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
+          else puts (dlerror ());
+	}
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self_static=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+    fi
+
+    CPPFLAGS=$save_CPPFLAGS
+    LDFLAGS=$save_LDFLAGS
+    LIBS=$save_LIBS
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+  darwin*)
+    if test -n "$STRIP"; then
+      striplib="$STRIP -x"
+      old_striplib="$STRIP -S"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    else
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    fi
+    ;;
+  *)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+  # Report what library types will actually be built
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+  test no = "$can_build_shared" && enable_shared=no
+
+  # On AIX, shared libraries and static libraries use the same namespace, and
+  # are all built from PIC.
+  case $host_os in
+  aix3*)
+    test yes = "$enable_shared" && enable_static=no
+    if test -n "$RANLIB"; then
+      archive_cmds="$archive_cmds~\$RANLIB \$lib"
+      postinstall_cmds='$RANLIB $lib'
+    fi
+    ;;
+
+  aix[4-9]*)
+    if test ia64 != "$host_cpu"; then
+      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
+      yes,aix,yes) ;;			# shared object as lib.so file only
+      yes,svr4,*) ;;			# shared object as lib.so archive member only
+      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
+      esac
+    fi
+    ;;
+  esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+  # Make sure either enable_shared or enable_static is yes.
+  test yes = "$enable_shared" || enable_static=yes
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC=$lt_save_CC
+
+      if test -n "$CXX" && ( test no != "$CXX" &&
+    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
+    (test g++ != "$CXX"))); then
+  ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5
+$as_echo_n "checking how to run the C++ preprocessor... " >&6; }
+if test -z "$CXXCPP"; then
+  if ${ac_cv_prog_CXXCPP+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CXXCPP needs to be expanded
+    for CXXCPP in "$CXX -E" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+  CXXCPP=$ac_cv_prog_CXXCPP
+else
+  ac_cv_prog_CXXCPP=$CXXCPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5
+$as_echo "$CXXCPP" >&6; }
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C++ preprocessor \"$CXXCPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+else
+  _lt_caught_CXX_error=yes
+fi
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+compiler_needs_object_CXX=no
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_direct_absolute_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+inherit_rpath_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+reload_flag_CXX=$reload_flag
+reload_cmds_CXX=$reload_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test yes != "$_lt_caught_CXX_error"; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="int some_variable = 0;"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code='int main(int, char *[]) { return(0); }'
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+  # save warnings/boilerplate of simple test code
+  ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+  ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_CFLAGS=$CFLAGS
+  lt_save_LD=$LD
+  lt_save_GCC=$GCC
+  GCC=$GXX
+  lt_save_with_gnu_ld=$with_gnu_ld
+  lt_save_path_LD=$lt_cv_path_LD
+  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+  else
+    $as_unset lt_cv_prog_gnu_ld
+  fi
+  if test -n "${lt_cv_path_LDCXX+set}"; then
+    lt_cv_path_LD=$lt_cv_path_LDCXX
+  else
+    $as_unset lt_cv_path_LD
+  fi
+  test -z "${LDCXX+set}" || LD=$LDCXX
+  CC=${CXX-"c++"}
+  CFLAGS=$CXXFLAGS
+  compiler=$CC
+  compiler_CXX=$CC
+  func_cc_basename $compiler
+cc_basename=$func_cc_basename_result
+
+
+  if test -n "$compiler"; then
+    # We don't want -fno-exception when compiling C++ code, so set the
+    # no_builtin_flag separately
+    if test yes = "$GXX"; then
+      lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+    else
+      lt_prog_compiler_no_builtin_flag_CXX=
+    fi
+
+    if test yes = "$GXX"; then
+      # Set up default GNU C++ configuration
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+  withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test yes = "$GCC"; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return, which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD=$ac_prog
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test yes = "$with_gnu_ld"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if ${lt_cv_path_LD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS=$lt_save_ifs
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD=$ac_dir/$ac_prog
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test no != "$with_gnu_ld" && break
+	;;
+      *)
+	test yes != "$with_gnu_ld" && break
+	;;
+      esac
+    fi
+  done
+  IFS=$lt_save_ifs
+else
+  lt_cv_path_LD=$LD # Let the user override the test with a path.
+fi
+fi
+
+LD=$lt_cv_path_LD
+if test -n "$LD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if ${lt_cv_prog_gnu_ld+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+      # Check if GNU C++ uses GNU ld as the underlying linker, since the
+      # archiving commands below assume that GNU ld is being used.
+      if test yes = "$with_gnu_ld"; then
+        archive_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+        archive_expsym_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+
+        hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir'
+        export_dynamic_flag_spec_CXX='$wl--export-dynamic'
+
+        # If archive_cmds runs LD, not CC, wlarc should be empty
+        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+        #     investigate it a little bit more. (MM)
+        wlarc='$wl'
+
+        # ancient GNU ld didn't support --whole-archive et. al.
+        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+	  $GREP 'no-whole-archive' > /dev/null; then
+          whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+        else
+          whole_archive_flag_spec_CXX=
+        fi
+      else
+        with_gnu_ld=no
+        wlarc=
+
+        # A generic and very simple default shared library creation
+        # command for GNU C++ for the case where it uses the native
+        # linker, instead of GNU ld.  If possible, this setting should
+        # overridden to take advantage of the native linker features on
+        # the platform it is being used on.
+        archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+      fi
+
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+
+    else
+      GXX=no
+      with_gnu_ld=no
+      wlarc=
+    fi
+
+    # PORTME: fill in a description of your system's C++ link characteristics
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+    ld_shlibs_CXX=yes
+    case $host_os in
+      aix3*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+      aix[4-9]*)
+        if test ia64 = "$host_cpu"; then
+          # On IA64, the linker does run time linking by default, so we don't
+          # have to do anything special.
+          aix_use_runtimelinking=no
+          exp_sym_flag='-Bexport'
+          no_entry_flag=
+        else
+          aix_use_runtimelinking=no
+
+          # Test if we are trying to use run time linking or normal
+          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+          # have runtime linking enabled, and use it for executables.
+          # For shared libraries, we enable/disable runtime linking
+          # depending on the kind of the shared library created -
+          # when "with_aix_soname,aix_use_runtimelinking" is:
+          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
+          # "aix,yes"  lib.so          shared, rtl:yes, for executables
+          #            lib.a           static archive
+          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
+          #            lib.a(lib.so.V) shared, rtl:no,  for executables
+          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
+          #            lib.a(lib.so.V) shared, rtl:no
+          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
+          #            lib.a           static archive
+          case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+	    for ld_flag in $LDFLAGS; do
+	      case $ld_flag in
+	      *-brtl*)
+	        aix_use_runtimelinking=yes
+	        break
+	        ;;
+	      esac
+	    done
+	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
+	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
+	      # so we don't have lib.a shared libs to link our executables.
+	      # We have to force runtime linking in this case.
+	      aix_use_runtimelinking=yes
+	      LDFLAGS="$LDFLAGS -Wl,-brtl"
+	    fi
+	    ;;
+          esac
+
+          exp_sym_flag='-bexport'
+          no_entry_flag='-bnoentry'
+        fi
+
+        # When large executables or shared objects are built, AIX ld can
+        # have problems creating the table of contents.  If linking a library
+        # or program results in "error TOC overflow" add -mminimal-toc to
+        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+        archive_cmds_CXX=''
+        hardcode_direct_CXX=yes
+        hardcode_direct_absolute_CXX=yes
+        hardcode_libdir_separator_CXX=':'
+        link_all_deplibs_CXX=yes
+        file_list_spec_CXX='$wl-f,'
+        case $with_aix_soname,$aix_use_runtimelinking in
+        aix,*) ;;	# no import file
+        svr4,* | *,yes) # use import file
+          # The Import File defines what to hardcode.
+          hardcode_direct_CXX=no
+          hardcode_direct_absolute_CXX=no
+          ;;
+        esac
+
+        if test yes = "$GXX"; then
+          case $host_os in aix4.[012]|aix4.[012].*)
+          # We only want to do this on AIX 4.2 and lower, the check
+          # below for broken collect2 doesn't work under 4.3+
+	  collect2name=`$CC -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	    # We have reworked collect2
+	    :
+	  else
+	    # We have old collect2
+	    hardcode_direct_CXX=unsupported
+	    # It fails to find uninstalled libraries when the uninstalled
+	    # path is not listed in the libpath.  Setting hardcode_minus_L
+	    # to unsupported forces relinking
+	    hardcode_minus_L_CXX=yes
+	    hardcode_libdir_flag_spec_CXX='-L$libdir'
+	    hardcode_libdir_separator_CXX=
+	  fi
+          esac
+          shared_flag='-shared'
+	  if test yes = "$aix_use_runtimelinking"; then
+	    shared_flag=$shared_flag' $wl-G'
+	  fi
+	  # Need to ensure runtime linking is disabled for the traditional
+	  # shared library, or the linker may eventually find shared libraries
+	  # /with/ Import File - we do not want to mix them.
+	  shared_flag_aix='-shared'
+	  shared_flag_svr4='-shared $wl-G'
+        else
+          # not using gcc
+          if test ia64 = "$host_cpu"; then
+	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	  # chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+          else
+	    if test yes = "$aix_use_runtimelinking"; then
+	      shared_flag='$wl-G'
+	    else
+	      shared_flag='$wl-bM:SRE'
+	    fi
+	    shared_flag_aix='$wl-bM:SRE'
+	    shared_flag_svr4='$wl-G'
+          fi
+        fi
+
+        export_dynamic_flag_spec_CXX='$wl-bexpall'
+        # It seems that -bexpall does not export symbols beginning with
+        # underscore (_), so it is better to generate a list of symbols to
+	# export.
+        always_export_symbols_CXX=yes
+	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
+          # Warning - without using the other runtime loading flags (-brtl),
+          # -berok will link without error, but may produce a broken library.
+          # The "-G" linker flag allows undefined symbols.
+          no_undefined_flag_CXX='-bernotok'
+          # Determine the default libpath from the value encoded in an empty
+          # executable.
+          if test set = "${lt_cv_aix_libpath+set}"; then
+  aix_libpath=$lt_cv_aix_libpath
+else
+  if ${lt_cv_aix_libpath__CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+  lt_aix_libpath_sed='
+      /Import File Strings/,/^$/ {
+	  /^0/ {
+	      s/^0  *\([^ ]*\) *$/\1/
+	      p
+	  }
+      }'
+  lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  # Check for a 64-bit object if we didn't find anything.
+  if test -z "$lt_cv_aix_libpath__CXX"; then
+    lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  if test -z "$lt_cv_aix_libpath__CXX"; then
+    lt_cv_aix_libpath__CXX=/usr/lib:/lib
+  fi
+
+fi
+
+  aix_libpath=$lt_cv_aix_libpath__CXX
+fi
+
+          hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath"
+
+          archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
+        else
+          if test ia64 = "$host_cpu"; then
+	    hardcode_libdir_flag_spec_CXX='$wl-R $libdir:/usr/lib:/lib'
+	    allow_undefined_flag_CXX="-z nodefs"
+	    archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
+          else
+	    # Determine the default libpath from the value encoded in an
+	    # empty executable.
+	    if test set = "${lt_cv_aix_libpath+set}"; then
+  aix_libpath=$lt_cv_aix_libpath
+else
+  if ${lt_cv_aix_libpath__CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+  lt_aix_libpath_sed='
+      /Import File Strings/,/^$/ {
+	  /^0/ {
+	      s/^0  *\([^ ]*\) *$/\1/
+	      p
+	  }
+      }'
+  lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  # Check for a 64-bit object if we didn't find anything.
+  if test -z "$lt_cv_aix_libpath__CXX"; then
+    lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+  fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  if test -z "$lt_cv_aix_libpath__CXX"; then
+    lt_cv_aix_libpath__CXX=/usr/lib:/lib
+  fi
+
+fi
+
+  aix_libpath=$lt_cv_aix_libpath__CXX
+fi
+
+	    hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath"
+	    # Warning - without using the other run time loading flags,
+	    # -berok will link without error, but may produce a broken library.
+	    no_undefined_flag_CXX=' $wl-bernotok'
+	    allow_undefined_flag_CXX=' $wl-berok'
+	    if test yes = "$with_gnu_ld"; then
+	      # We only use this code for GNU lds that support --whole-archive.
+	      whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive'
+	    else
+	      # Exported symbols can be pulled into shared objects from archives
+	      whole_archive_flag_spec_CXX='$convenience'
+	    fi
+	    archive_cmds_need_lc_CXX=yes
+	    archive_expsym_cmds_CXX='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
+	    # -brtl affects multiple linker settings, -berok does not and is overridden later
+	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`'
+	    if test svr4 != "$with_aix_soname"; then
+	      # This is similar to how AIX traditionally builds its shared
+	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
+	      archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
+	    fi
+	    if test aix != "$with_aix_soname"; then
+	      archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
+	    else
+	      # used by -dlpreopen to get the symbols
+	      archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
+	    fi
+	    archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$RM -r $output_objdir/$realname.d'
+          fi
+        fi
+        ;;
+
+      beos*)
+	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	  allow_undefined_flag_CXX=unsupported
+	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	  # support --undefined.  This deserves some investigation.  FIXME
+	  archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	else
+	  ld_shlibs_CXX=no
+	fi
+	;;
+
+      chorus*)
+        case $cc_basename in
+          *)
+	  # FIXME: insert proper C++ library support
+	  ld_shlibs_CXX=no
+	  ;;
+        esac
+        ;;
+
+      cygwin* | mingw* | pw32* | cegcc*)
+	case $GXX,$cc_basename in
+	,cl* | no,cl*)
+	  # Native MSVC
+	  # hardcode_libdir_flag_spec is actually meaningless, as there is
+	  # no search path for DLLs.
+	  hardcode_libdir_flag_spec_CXX=' '
+	  allow_undefined_flag_CXX=unsupported
+	  always_export_symbols_CXX=yes
+	  file_list_spec_CXX='@'
+	  # Tell ltmain to make .lib files, not .a files.
+	  libext=lib
+	  # Tell ltmain to make .dll files, not .so files.
+	  shrext_cmds=.dll
+	  # FIXME: Setting linknames here is a bad hack.
+	  archive_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
+	  archive_expsym_cmds_CXX='if   test DEF = "`$SED -n     -e '\''s/^[	 ]*//'\''     -e '\''/^\(;.*\)*$/d'\''     -e '\''s/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p'\''     -e q     $export_symbols`" ; then
+              cp "$export_symbols" "$output_objdir/$soname.def";
+              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
+            else
+              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
+            fi~
+            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
+            linknames='
+	  # The linker will not automatically build a static lib if we build a DLL.
+	  # _LT_TAGVAR(old_archive_from_new_cmds, CXX)='true'
+	  enable_shared_with_static_runtimes_CXX=yes
+	  # Don't use ranlib
+	  old_postinstall_cmds_CXX='chmod 644 $oldlib'
+	  postlink_cmds_CXX='lt_outputfile="@OUTPUT@"~
+            lt_tool_outputfile="@TOOL_OUTPUT@"~
+            case $lt_outputfile in
+              *.exe|*.EXE) ;;
+              *)
+                lt_outputfile=$lt_outputfile.exe
+                lt_tool_outputfile=$lt_tool_outputfile.exe
+                ;;
+            esac~
+            func_to_tool_file "$lt_outputfile"~
+            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
+              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
+              $RM "$lt_outputfile.manifest";
+            fi'
+	  ;;
+	*)
+	  # g++
+	  # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+	  # as there is no search path for DLLs.
+	  hardcode_libdir_flag_spec_CXX='-L$libdir'
+	  export_dynamic_flag_spec_CXX='$wl--export-all-symbols'
+	  allow_undefined_flag_CXX=unsupported
+	  always_export_symbols_CXX=no
+	  enable_shared_with_static_runtimes_CXX=yes
+
+	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+	    archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	    # If the export-symbols file already is a .def file, use it as
+	    # is; otherwise, prepend EXPORTS...
+	    archive_expsym_cmds_CXX='if   test DEF = "`$SED -n     -e '\''s/^[	 ]*//'\''     -e '\''/^\(;.*\)*$/d'\''     -e '\''s/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p'\''     -e q     $export_symbols`" ; then
+              cp $export_symbols $output_objdir/$soname.def;
+            else
+              echo EXPORTS > $output_objdir/$soname.def;
+              cat $export_symbols >> $output_objdir/$soname.def;
+            fi~
+            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	  else
+	    ld_shlibs_CXX=no
+	  fi
+	  ;;
+	esac
+	;;
+      darwin* | rhapsody*)
+
+
+  archive_cmds_need_lc_CXX=no
+  hardcode_direct_CXX=no
+  hardcode_automatic_CXX=yes
+  hardcode_shlibpath_var_CXX=unsupported
+  if test yes = "$lt_cv_ld_force_load"; then
+    whole_archive_flag_spec_CXX='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
+
+  else
+    whole_archive_flag_spec_CXX=''
+  fi
+  link_all_deplibs_CXX=yes
+  allow_undefined_flag_CXX=$_lt_dar_allow_undefined
+  case $cc_basename in
+     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test yes = "$_lt_dar_can_shared"; then
+    output_verbose_link_cmd=func_echo_all
+    archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
+    module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
+    archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
+    module_expsym_cmds_CXX="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
+       if test yes != "$lt_cv_apple_cc_single_mod"; then
+      archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
+      archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
+    fi
+
+  else
+  ld_shlibs_CXX=no
+  fi
+
+	;;
+
+      os2*)
+	hardcode_libdir_flag_spec_CXX='-L$libdir'
+	hardcode_minus_L_CXX=yes
+	allow_undefined_flag_CXX=unsupported
+	shrext_cmds=.dll
+	archive_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	  $ECHO EXPORTS >> $output_objdir/$libname.def~
+	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
+	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	  emximp -o $lib $output_objdir/$libname.def'
+	archive_expsym_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
+	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
+	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
+	  $ECHO EXPORTS >> $output_objdir/$libname.def~
+	  prefix_cmds="$SED"~
+	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
+	    prefix_cmds="$prefix_cmds -e 1d";
+	  fi~
+	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
+	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
+	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
+	  emximp -o $lib $output_objdir/$libname.def'
+	old_archive_From_new_cmds_CXX='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
+	enable_shared_with_static_runtimes_CXX=yes
+	;;
+
+      dgux*)
+        case $cc_basename in
+          ec++*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          ghcx*)
+	    # Green Hills C++ Compiler
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      freebsd2.*)
+        # C++ shared libraries reported to be fairly broken before
+	# switch to ELF
+        ld_shlibs_CXX=no
+        ;;
+
+      freebsd-elf*)
+        archive_cmds_need_lc_CXX=no
+        ;;
+
+      freebsd* | dragonfly*)
+        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+        # conventions
+        ld_shlibs_CXX=yes
+        ;;
+
+      haiku*)
+        archive_cmds_CXX='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+        link_all_deplibs_CXX=yes
+        ;;
+
+      hpux9*)
+        hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir'
+        hardcode_libdir_separator_CXX=:
+        export_dynamic_flag_spec_CXX='$wl-E'
+        hardcode_direct_CXX=yes
+        hardcode_minus_L_CXX=yes # Not in the search PATH,
+				             # but as the default
+				             # location of the library.
+
+        case $cc_basename in
+          CC*)
+            # FIXME: insert proper C++ library support
+            ld_shlibs_CXX=no
+            ;;
+          aCC*)
+            archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+            # Commands to make compiler produce verbose output that lists
+            # what "hidden" libraries, object files and flags are used when
+            # linking a shared library.
+            #
+            # There doesn't appear to be a way to prevent this compiler from
+            # explicitly linking system object files so we need to strip them
+            # from the output so that they don't get included in the library
+            # dependencies.
+            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+            ;;
+          *)
+            if test yes = "$GXX"; then
+              archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
+            else
+              # FIXME: insert proper C++ library support
+              ld_shlibs_CXX=no
+            fi
+            ;;
+        esac
+        ;;
+
+      hpux10*|hpux11*)
+        if test no = "$with_gnu_ld"; then
+	  hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir'
+	  hardcode_libdir_separator_CXX=:
+
+          case $host_cpu in
+            hppa*64*|ia64*)
+              ;;
+            *)
+	      export_dynamic_flag_spec_CXX='$wl-E'
+              ;;
+          esac
+        fi
+        case $host_cpu in
+          hppa*64*|ia64*)
+            hardcode_direct_CXX=no
+            hardcode_shlibpath_var_CXX=no
+            ;;
+          *)
+            hardcode_direct_CXX=yes
+            hardcode_direct_absolute_CXX=yes
+            hardcode_minus_L_CXX=yes # Not in the search PATH,
+					         # but as the default
+					         # location of the library.
+            ;;
+        esac
+
+        case $cc_basename in
+          CC*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          aCC*)
+	    case $host_cpu in
+	      hppa*64*)
+	        archive_cmds_CXX='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      ia64*)
+	        archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      *)
+	        archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	    esac
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+	    ;;
+          *)
+	    if test yes = "$GXX"; then
+	      if test no = "$with_gnu_ld"; then
+	        case $host_cpu in
+	          hppa*64*)
+	            archive_cmds_CXX='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          ia64*)
+	            archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          *)
+	            archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	        esac
+	      fi
+	    else
+	      # FIXME: insert proper C++ library support
+	      ld_shlibs_CXX=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      interix[3-9]*)
+	hardcode_direct_CXX=no
+	hardcode_shlibpath_var_CXX=no
+	hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir'
+	export_dynamic_flag_spec_CXX='$wl-E'
+	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+	# Instead, shared libraries are loaded at an image base (0x10000000 by
+	# default) and relocated if they conflict, which is a slow very memory
+	# consuming and fragmenting process.  To avoid this, we pick a random,
+	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+	archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	archive_expsym_cmds_CXX='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	;;
+      irix5* | irix6*)
+        case $cc_basename in
+          CC*)
+	    # SGI C++
+	    archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    if test yes = "$GXX"; then
+	      if test no = "$with_gnu_ld"; then
+	        archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+	      else
+	        archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
+	      fi
+	    fi
+	    link_all_deplibs_CXX=yes
+	    ;;
+        esac
+        hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir'
+        hardcode_libdir_separator_CXX=:
+        inherit_rpath_CXX=yes
+        ;;
+
+      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	    archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+
+	    hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir'
+	    export_dynamic_flag_spec_CXX='$wl--export-dynamic'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	    old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+	    ;;
+	  icpc* | ecpc* )
+	    # Intel C++
+	    with_gnu_ld=yes
+	    # version 8.0 and above of icpc choke on multiply defined symbols
+	    # if we add $predep_objects and $postdep_objects, however 7.1 and
+	    # earlier do not add the objects themselves.
+	    case `$CC -V 2>&1` in
+	      *"Version 7."*)
+	        archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+		archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	      *)  # Version 8.0 or newer
+	        tmp_idyn=
+	        case $host_cpu in
+		  ia64*) tmp_idyn=' -i_dynamic';;
+		esac
+	        archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+		archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	    esac
+	    archive_cmds_need_lc_CXX=no
+	    hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir'
+	    export_dynamic_flag_spec_CXX='$wl--export-dynamic'
+	    whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive'
+	    ;;
+          pgCC* | pgcpp*)
+            # Portland Group C++ compiler
+	    case `$CC -V` in
+	    *pgCC\ [1-5].* | *pgcpp\ [1-5].*)
+	      prelink_cmds_CXX='tpldir=Template.dir~
+               rm -rf $tpldir~
+               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
+	      old_archive_cmds_CXX='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
+                $RANLIB $oldlib'
+	      archive_cmds_CXX='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	      archive_expsym_cmds_CXX='tpldir=Template.dir~
+                rm -rf $tpldir~
+                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	      ;;
+	    *) # Version 6 and above use weak symbols
+	      archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	      archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
+	      ;;
+	    esac
+
+	    hardcode_libdir_flag_spec_CXX='$wl--rpath $wl$libdir'
+	    export_dynamic_flag_spec_CXX='$wl--export-dynamic'
+	    whole_archive_flag_spec_CXX='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+            ;;
+	  cxx*)
+	    # Compaq C++
+	    archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
+	    archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
+
+	    runpath_var=LD_RUN_PATH
+	    hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+	    hardcode_libdir_separator_CXX=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
+	    ;;
+	  xl* | mpixl* | bgxl*)
+	    # IBM XL 8.0 on PPC, with GNU ld
+	    hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir'
+	    export_dynamic_flag_spec_CXX='$wl--export-dynamic'
+	    archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
+	    if test yes = "$supports_anon_versioning"; then
+	      archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~
+                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+                echo "local: *; };" >> $output_objdir/$libname.ver~
+                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
+	    fi
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      no_undefined_flag_CXX=' -zdefs'
+	      archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      archive_expsym_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
+	      hardcode_libdir_flag_spec_CXX='-R$libdir'
+	      whole_archive_flag_spec_CXX='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
+	      compiler_needs_object_CXX=yes
+
+	      # Not sure whether something based on
+	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+	      # would be better.
+	      output_verbose_link_cmd='func_echo_all'
+
+	      # Archives containing C++ object files must be created using
+	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	      # necessary to make sure instantiated templates are included
+	      # in the archive.
+	      old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+
+      lynxos*)
+        # FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+
+      m88k*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+	;;
+
+      mvs*)
+        case $cc_basename in
+          cxx*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+	  *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+	esac
+	;;
+
+      netbsd*)
+        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	  archive_cmds_CXX='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+	  wlarc=
+	  hardcode_libdir_flag_spec_CXX='-R$libdir'
+	  hardcode_direct_CXX=yes
+	  hardcode_shlibpath_var_CXX=no
+	fi
+	# Workaround some broken pre-1.5 toolchains
+	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+	;;
+
+      *nto* | *qnx*)
+        ld_shlibs_CXX=yes
+	;;
+
+      openbsd* | bitrig*)
+	if test -f /usr/libexec/ld.so; then
+	  hardcode_direct_CXX=yes
+	  hardcode_shlibpath_var_CXX=no
+	  hardcode_direct_absolute_CXX=yes
+	  archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+	  hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir'
+	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
+	    archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
+	    export_dynamic_flag_spec_CXX='$wl-E'
+	    whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
+	  fi
+	  output_verbose_link_cmd=func_echo_all
+	else
+	  ld_shlibs_CXX=no
+	fi
+	;;
+
+      osf3* | osf4* | osf5*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	    hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir'
+	    hardcode_libdir_separator_CXX=:
+
+	    # Archives containing C++ object files must be created using
+	    # the KAI C++ compiler.
+	    case $host in
+	      osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;;
+	      *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;;
+	    esac
+	    ;;
+          RCC*)
+	    # Rational C++ 2.4.1
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          cxx*)
+	    case $host in
+	      osf3*)
+	        allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*'
+	        archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	        hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir'
+		;;
+	      *)
+	        allow_undefined_flag_CXX=' -expect_unresolved \*'
+	        archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
+	        archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+                  echo "-hidden">> $lib.exp~
+                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
+                  $RM $lib.exp'
+	        hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+		;;
+	    esac
+
+	    hardcode_libdir_separator_CXX=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
+	    ;;
+	  *)
+	    if test yes,no = "$GXX,$with_gnu_ld"; then
+	      allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*'
+	      case $host in
+	        osf3*)
+	          archive_cmds_CXX='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+		  ;;
+	        *)
+	          archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
+		  ;;
+	      esac
+
+	      hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir'
+	      hardcode_libdir_separator_CXX=:
+
+	      # Commands to make compiler produce verbose output that lists
+	      # what "hidden" libraries, object files and flags are used when
+	      # linking a shared library.
+	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+
+	    else
+	      # FIXME: insert proper C++ library support
+	      ld_shlibs_CXX=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      psos*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+
+      sunos4*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.x
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          lcc*)
+	    # Lucid
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      solaris*)
+        case $cc_basename in
+          CC* | sunCC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+            archive_cmds_need_lc_CXX=yes
+	    no_undefined_flag_CXX=' -zdefs'
+	    archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	    archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	    hardcode_libdir_flag_spec_CXX='-R$libdir'
+	    hardcode_shlibpath_var_CXX=no
+	    case $host_os in
+	      solaris2.[0-5] | solaris2.[0-5].*) ;;
+	      *)
+		# The compiler driver will combine and reorder linker options,
+		# but understands '-z linker_flag'.
+	        # Supported since Solaris 2.6 (maybe 2.5.1?)
+		whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract'
+	        ;;
+	    esac
+	    link_all_deplibs_CXX=yes
+
+	    output_verbose_link_cmd='func_echo_all'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+	    ;;
+          gcx*)
+	    # Green Hills C++ Compiler
+	    archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+
+	    # The C++ compiler must be used to create the archive.
+	    old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    # GNU C++ compiler with Solaris linker
+	    if test yes,no = "$GXX,$with_gnu_ld"; then
+	      no_undefined_flag_CXX=' $wl-z ${wl}defs'
+	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+	        archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+	        archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	      else
+	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
+	        # platform.
+	        archive_cmds_CXX='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
+	        archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
+	      fi
+
+	      hardcode_libdir_flag_spec_CXX='$wl-R $wl$libdir'
+	      case $host_os in
+		solaris2.[0-5] | solaris2.[0-5].*) ;;
+		*)
+		  whole_archive_flag_spec_CXX='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
+		  ;;
+	      esac
+	    fi
+	    ;;
+        esac
+        ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+      no_undefined_flag_CXX='$wl-z,text'
+      archive_cmds_need_lc_CXX=no
+      hardcode_shlibpath_var_CXX=no
+      runpath_var='LD_RUN_PATH'
+
+      case $cc_basename in
+        CC*)
+	  archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+      esac
+      ;;
+
+      sysv5* | sco3.2v5* | sco5v6*)
+	# Note: We CANNOT use -z defs as we might desire, because we do not
+	# link with -lc, and that would cause any symbols used from libc to
+	# always be unresolved, which means just about no library would
+	# ever link correctly.  If we're not using GNU ld we use -z text
+	# though, which does catch some bad symbols but isn't as heavy-handed
+	# as -z defs.
+	no_undefined_flag_CXX='$wl-z,text'
+	allow_undefined_flag_CXX='$wl-z,nodefs'
+	archive_cmds_need_lc_CXX=no
+	hardcode_shlibpath_var_CXX=no
+	hardcode_libdir_flag_spec_CXX='$wl-R,$libdir'
+	hardcode_libdir_separator_CXX=':'
+	link_all_deplibs_CXX=yes
+	export_dynamic_flag_spec_CXX='$wl-Bexport'
+	runpath_var='LD_RUN_PATH'
+
+	case $cc_basename in
+          CC*)
+	    archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    old_archive_cmds_CXX='$CC -Tprelink_objects $oldobjs~
+              '"$old_archive_cmds_CXX"
+	    reload_cmds_CXX='$CC -Tprelink_objects $reload_objs~
+              '"$reload_cmds_CXX"
+	    ;;
+	  *)
+	    archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	esac
+      ;;
+
+      tandem*)
+        case $cc_basename in
+          NCC*)
+	    # NonStop-UX NCC 3.20
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      vxworks*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+
+      *)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+    esac
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+    test no = "$ld_shlibs_CXX" && can_build_shared=no
+
+    GCC_CXX=$GXX
+    LD_CXX=$LD
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    # Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+_LT_EOF
+
+
+_lt_libdeps_save_CFLAGS=$CFLAGS
+case "$CC $CFLAGS " in #(
+*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
+*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
+*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
+esac
+
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  for p in `eval "$output_verbose_link_cmd"`; do
+    case $prev$p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test x-L = "$p" ||
+          test x-R = "$p"; then
+	 prev=$p
+	 continue
+       fi
+
+       # Expand the sysroot to ease extracting the directories later.
+       if test -z "$prev"; then
+         case $p in
+         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
+         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
+         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
+         esac
+       fi
+       case $p in
+       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
+       esac
+       if test no = "$pre_test_object_deps_done"; then
+	 case $prev in
+	 -L | -R)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$compiler_lib_search_path_CXX"; then
+	     compiler_lib_search_path_CXX=$prev$p
+	   else
+	     compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} $prev$p"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$postdeps_CXX"; then
+	   postdeps_CXX=$prev$p
+	 else
+	   postdeps_CXX="${postdeps_CXX} $prev$p"
+	 fi
+       fi
+       prev=
+       ;;
+
+    *.lto.$objext) ;; # Ignore GCC LTO objects
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test no = "$pre_test_object_deps_done"; then
+	 if test -z "$predep_objects_CXX"; then
+	   predep_objects_CXX=$p
+	 else
+	   predep_objects_CXX="$predep_objects_CXX $p"
+	 fi
+       else
+	 if test -z "$postdep_objects_CXX"; then
+	   postdep_objects_CXX=$p
+	 else
+	   postdep_objects_CXX="$postdep_objects_CXX $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$RM -f confest.$objext
+CFLAGS=$_lt_libdeps_save_CFLAGS
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix[3-9]*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  predep_objects_CXX=
+  postdep_objects_CXX=
+  postdeps_CXX=
+  ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+ compiler_lib_search_dirs_CXX=
+if test -n "${compiler_lib_search_path_CXX}"; then
+ compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | $SED -e 's! -L! !g' -e 's!^ !!'`
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+
+  # C++ specific cases for pic, static, wl, etc.
+  if test yes = "$GXX"; then
+    lt_prog_compiler_wl_CXX='-Wl,'
+    lt_prog_compiler_static_CXX='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test ia64 = "$host_cpu"; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_CXX='-Bstatic'
+      fi
+      lt_prog_compiler_pic_CXX='-fPIC'
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic_CXX='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the '-m68020' flag to GCC prevents building anything better,
+            # like '-m68040'.
+            lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | cygwin* | os2* | pw32* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+      case $host_os in
+      os2*)
+	lt_prog_compiler_static_CXX='$wl-static'
+	;;
+      esac
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic_CXX='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      lt_prog_compiler_pic_CXX=
+      ;;
+    haiku*)
+      # PIC is the default for Haiku.
+      # The "-static" flag exists, but is broken.
+      lt_prog_compiler_static_CXX=
+      ;;
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic_CXX=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	;;
+      *)
+	lt_prog_compiler_pic_CXX='-fPIC'
+	;;
+      esac
+      ;;
+    *qnx* | *nto*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic_CXX='-fPIC -shared'
+      ;;
+    *)
+      lt_prog_compiler_pic_CXX='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix[4-9]*)
+	# All AIX code is PIC.
+	if test ia64 = "$host_cpu"; then
+	  # AIX 5 now supports IA64 processor
+	  lt_prog_compiler_static_CXX='-Bstatic'
+	else
+	  lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+      mingw* | cygwin* | os2* | pw32* | cegcc*)
+	# This hack is so that the source file can tell whether it is being
+	# built for inclusion in a dll (and should export symbols for example).
+	lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+	;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='$wl-a ${wl}archive'
+	    if test ia64 != "$host_cpu"; then
+	      lt_prog_compiler_pic_CXX='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='$wl-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      lt_prog_compiler_pic_CXX='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    lt_prog_compiler_pic_CXX='-fPIC'
+	    ;;
+	  ecpc* )
+	    # old Intel C++ for x86_64, which still supported -KPIC.
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-static'
+	    ;;
+	  icpc* )
+	    # Intel C++, used to be incompatible with GCC.
+	    # ICC 10 doesn't accept -KPIC any more.
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-fPIC'
+	    lt_prog_compiler_static_CXX='-static'
+	    ;;
+	  pgCC* | pgcpp*)
+	    # Portland Group C++ compiler
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-fpic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  xlc* | xlC* | bgxl[cC]* | mpixl[cC]*)
+	    # IBM XL 8.0, 9.0 on PPC and BlueGene
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-qpic'
+	    lt_prog_compiler_static_CXX='-qstaticlink'
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      lt_prog_compiler_pic_CXX='-KPIC'
+	      lt_prog_compiler_static_CXX='-Bstatic'
+	      lt_prog_compiler_wl_CXX='-Qoption ld '
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    lt_prog_compiler_pic_CXX='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd* | netbsdelf*-gnu)
+	;;
+      *qnx* | *nto*)
+        # QNX uses GNU C++, but need to define -shared option too, otherwise
+        # it will coredump.
+        lt_prog_compiler_pic_CXX='-fPIC -shared'
+        ;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC* | sunCC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    lt_prog_compiler_wl_CXX='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    lt_prog_compiler_pic_CXX='-pic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	lt_prog_compiler_can_build_shared_CXX=no
+	;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms that do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic_CXX=
+    ;;
+  *)
+    lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+if ${lt_cv_prog_compiler_pic_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_CXX=$lt_prog_compiler_pic_CXX
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_pic_CXX" >&6; }
+lt_prog_compiler_pic_CXX=$lt_cv_prog_compiler_pic_CXX
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; }
+if ${lt_cv_prog_compiler_pic_works_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_works_CXX=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"  ## exclude from sc_useless_quotes_in_assignment
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works_CXX=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_pic_works_CXX"; then
+    case $lt_prog_compiler_pic_CXX in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+     esac
+else
+    lt_prog_compiler_pic_CXX=
+     lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if ${lt_cv_prog_compiler_static_works_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_static_works_CXX=no
+   save_LDFLAGS=$LDFLAGS
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works_CXX=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works_CXX=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS=$save_LDFLAGS
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; }
+
+if test yes = "$lt_cv_prog_compiler_static_works_CXX"; then
+    :
+else
+    lt_prog_compiler_static_CXX=
+fi
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o_CXX=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_CXX=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if ${lt_cv_prog_compiler_c_o_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o_CXX=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:$LINENO: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_CXX=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+
+hard_links=nottested
+if test no = "$lt_cv_prog_compiler_c_o_CXX" && test no != "$need_locks"; then
+  # do not overwrite the value of need_locks provided by the user
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+  if test no = "$hard_links"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+  export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+  case $host_os in
+  aix[4-9]*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
+    # Without the "-l" option, or with the "-B" option, AIX nm treats
+    # weak defined symbols like other global defined symbols, whereas
+    # GNU nm marks them as "W".
+    # While the 'weak' keyword is ignored in the Export File, we need
+    # it in the Import File for the 'aix-soname' feature, so we have
+    # to replace the "-B" option with "-P" for AIX nm.
+    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+      export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
+    else
+      export_symbols_cmds_CXX='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    export_symbols_cmds_CXX=$ltdll_cmds
+    ;;
+  cygwin* | mingw* | cegcc*)
+    case $cc_basename in
+    cl*)
+      exclude_expsyms_CXX='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
+      ;;
+    *)
+      export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+      exclude_expsyms_CXX='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'
+      ;;
+    esac
+    ;;
+  linux* | k*bsd*-gnu | gnu*)
+    link_all_deplibs_CXX=no
+    ;;
+  *)
+    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+    ;;
+  esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+test no = "$ld_shlibs_CXX" && can_build_shared=no
+
+with_gnu_ld_CXX=$with_gnu_ld
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc_CXX=yes
+
+  if test yes,yes = "$GCC,$enable_shared"; then
+    case $archive_cmds_CXX in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+if ${lt_cv_archive_cmds_need_lc_CXX+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  $RM conftest*
+	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+	if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } 2>conftest.err; then
+	  soname=conftest
+	  lib=conftest
+	  libobjs=conftest.$ac_objext
+	  deplibs=
+	  wl=$lt_prog_compiler_wl_CXX
+	  pic_flag=$lt_prog_compiler_pic_CXX
+	  compiler_flags=-v
+	  linker_flags=-v
+	  verstring=
+	  output_objdir=.
+	  libname=conftest
+	  lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+	  allow_undefined_flag_CXX=
+	  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+  (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+	  then
+	    lt_cv_archive_cmds_need_lc_CXX=no
+	  else
+	    lt_cv_archive_cmds_need_lc_CXX=yes
+	  fi
+	  allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+	else
+	  cat conftest.err 1>&5
+	fi
+	$RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc_CXX" >&5
+$as_echo "$lt_cv_archive_cmds_need_lc_CXX" >&6; }
+      archive_cmds_need_lc_CXX=$lt_cv_archive_cmds_need_lc_CXX
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=.so
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+
+
+case $host_os in
+aix3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='$libname$release$shared_ext$major'
+  ;;
+
+aix[4-9]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test ia64 = "$host_cpu"; then
+    # AIX 5 supports IA64
+    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line '#! .'.  This would cause the generated library to
+    # depend on '.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # Using Import Files as archive members, it is possible to support
+    # filename-based versioning of shared library archives on AIX. While
+    # this would work for both with and without runtime linking, it will
+    # prevent static linking of such archives. So we do filename-based
+    # shared library versioning with .so extension only, which is used
+    # when both runtime linking and shared linking is enabled.
+    # Unfortunately, runtime linking may impact performance, so we do
+    # not want this to be the default eventually. Also, we use the
+    # versioned .so libs for executables only if there is the -brtl
+    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
+    # To allow for filename-based versioning support, we need to create
+    # libNAME.so.V as an archive file, containing:
+    # *) an Import File, referring to the versioned filename of the
+    #    archive as well as the shared archive member, telling the
+    #    bitwidth (32 or 64) of that shared object, and providing the
+    #    list of exported symbols of that shared object, eventually
+    #    decorated with the 'weak' keyword
+    # *) the shared object with the F_LOADONLY flag set, to really avoid
+    #    it being seen by the linker.
+    # At run time we better use the real file rather than another symlink,
+    # but for link time we create the symlink libNAME.so -> libNAME.so.V
+
+    case $with_aix_soname,$aix_use_runtimelinking in
+    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    aix,yes) # traditional libtool
+      dynamic_linker='AIX unversionable lib.so'
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      ;;
+    aix,no) # traditional AIX only
+      dynamic_linker='AIX lib.a(lib.so.V)'
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      ;;
+    svr4,*) # full svr4 only
+      dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,yes) # both, prefer svr4
+      dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)"
+      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
+      # unpreferred sharedlib libNAME.a needs extra handling
+      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
+      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
+      # We do not specify a path in Import Files, so LIBPATH fires.
+      shlibpath_overrides_runpath=yes
+      ;;
+    *,no) # both, prefer aix
+      dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)"
+      library_names_spec='$libname$release.a $libname.a'
+      soname_spec='$libname$release$shared_ext$major'
+      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
+      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
+      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
+      ;;
+    esac
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='$libname$shared_ext'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$cc_basename in
+  yes,*)
+    # gcc
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+      ;;
+    esac
+    dynamic_linker='Win32 ld.exe'
+    ;;
+
+  *,cl*)
+    # Native MSVC
+    libname_spec='$name'
+    soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext'
+    library_names_spec='$libname.dll.lib'
+
+    case $build_os in
+    mingw*)
+      sys_lib_search_path_spec=
+      lt_save_ifs=$IFS
+      IFS=';'
+      for lt_path in $LIB
+      do
+        IFS=$lt_save_ifs
+        # Let DOS variable expansion print the short 8.3 style file name.
+        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
+        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
+      done
+      IFS=$lt_save_ifs
+      # Convert to MSYS style.
+      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'`
+      ;;
+    cygwin*)
+      # Convert to unix form, then to dos form, then back to unix form
+      # but this time dos style (no spaces!) so that the unix form looks
+      # like /cygdrive/c/PROGRA~1:/cygdr...
+      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
+      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
+      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      ;;
+    *)
+      sys_lib_search_path_spec=$LIB
+      if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      # FIXME: find the short name or the path components, as spaces are
+      # common. (e.g. "Program Files" -> "PROGRA~1")
+      ;;
+    esac
+
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \$file`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+    dynamic_linker='Win32 link.exe'
+    ;;
+
+  *)
+    # Assume MSVC wrapper
+    library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib'
+    dynamic_linker='Win32 ld.exe'
+    ;;
+  esac
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$major$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[23].*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+      soname_spec='$libname$release$shared_ext$major'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2.*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+haiku*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  dynamic_linker="$host_os runtime_loader"
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    if test 32 = "$HPUX_IA64_MODE"; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
+    fi
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
+  postinstall_cmds='chmod 555 $lib'
+  # or fails outright, so override atomically:
+  install_override_mode=555
+  ;;
+
+interix[3-9]*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test yes = "$lt_cv_prog_gnu_ld"; then
+		version_type=linux # correct to gnu/linux during the next big refactor
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
+  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+linux*android*)
+  version_type=none # Android doesn't support versioned libraries.
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext'
+  soname_spec='$libname$release$shared_ext'
+  finish_cmds=
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  dynamic_linker='Android linker'
+  # Don't embed -rpath directories since the linker doesn't support them.
+  hardcode_libdir_flag_spec_CXX='-L$libdir'
+  ;;
+
+# This must be glibc/ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+
+  # Some binutils ld are patched to set DT_RUNPATH
+  if ${lt_cv_shlibpath_overrides_runpath+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_shlibpath_overrides_runpath=no
+    save_LDFLAGS=$LDFLAGS
+    save_libdir=$libdir
+    eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \
+	 LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\""
+    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+  if  ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+  lt_cv_shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+    LDFLAGS=$save_LDFLAGS
+    libdir=$save_libdir
+
+fi
+
+  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Ideally, we could use ldconfig to report *all* directores which are
+  # searched for libraries, however this is still not possible.  Aside from not
+  # being certain /sbin/ldconfig is available, command
+  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
+  # even though it is searched at run-time.  Try to do the best guess by
+  # appending ld.so.conf contents (and includes) to the search path.
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsdelf*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='NetBSD ld.elf_so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+    soname_spec='$libname$release$shared_ext$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd* | bitrig*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec=/usr/lib
+  need_lib_prefix=no
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
+    need_version=no
+  else
+    need_version=yes
+  fi
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+os2*)
+  libname_spec='$name'
+  version_type=windows
+  shrext_cmds=.dll
+  need_version=no
+  need_lib_prefix=no
+  # OS/2 can only load a DLL with a base name of 8 characters or less.
+  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
+    v=$($ECHO $release$versuffix | tr -d .-);
+    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
+    $ECHO $n$v`$shared_ext'
+  library_names_spec='${libname}_dll.$libext'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=BEGINLIBPATH
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  postinstall_cmds='base_file=`basename \$file`~
+    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
+    dldir=$destdir/`dirname \$dlpath`~
+    test -d \$dldir || mkdir -p \$dldir~
+    $install_prog $dir/$dlname \$dldir/$dlname~
+    chmod a+x \$dldir/$dlname~
+    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+    fi'
+  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
+    dlpath=$dir/\$dldll~
+    $RM \$dlpath'
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='$libname$release$shared_ext$major'
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test yes = "$with_gnu_ld"; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec; then
+    version_type=linux # correct to gnu/linux during the next big refactor
+    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
+    soname_spec='$libname$shared_ext.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=sco
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test yes = "$with_gnu_ld"; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux # correct to gnu/linux during the next big refactor
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux # correct to gnu/linux during the next big refactor
+  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
+  soname_spec='$libname$release$shared_ext$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test no = "$dynamic_linker" && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test yes = "$GCC"; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
+  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
+fi
+
+if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
+  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
+fi
+
+# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
+configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
+
+# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
+func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
+
+# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
+configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" ||
+   test -n "$runpath_var_CXX" ||
+   test yes = "$hardcode_automatic_CXX"; then
+
+  # We can hardcode non-existent directories.
+  if test no != "$hardcode_direct_CXX" &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" &&
+     test no != "$hardcode_minus_L_CXX"; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action_CXX=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action_CXX=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action_CXX=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5
+$as_echo "$hardcode_action_CXX" >&6; }
+
+if test relink = "$hardcode_action_CXX" ||
+   test yes = "$inherit_rpath_CXX"; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test yes = "$shlibpath_overrides_runpath" ||
+     test no = "$enable_shared"; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+
+
+
+
+
+  fi # test -n "$compiler"
+
+  CC=$lt_save_CC
+  CFLAGS=$lt_save_CFLAGS
+  LDCXX=$LD
+  LD=$lt_save_LD
+  GCC=$lt_save_GCC
+  with_gnu_ld=$lt_save_with_gnu_ld
+  lt_cv_path_LDCXX=$lt_cv_path_LD
+  lt_cv_path_LD=$lt_save_path_LD
+  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test yes != "$_lt_caught_CXX_error"
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+        ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+# Check whether --enable-debug was given.
+if test "${enable_debug+set}" = set; then :
+  enableval=$enable_debug;
+	CXXFLAGS="-g -O0 -Wall"
+
+$as_echo "#define WITH_DEBUG /**/" >>confdefs.h
+
+
+fi
+
+
+
+# Check whether --with-libldap was given.
+if test "${with_libldap+set}" = set; then :
+  withval=$with_libldap;
+	LIBS="-L$with_libldap $LIBS "
+
+else
+
+	LIBS="-L/usr/local/lib $LIBS "
+
+
+fi
+
+
+
+# Check whether --with-ldap-includes was given.
+if test "${with_ldap_includes+set}" = set; then :
+  withval=$with_ldap_includes;
+	CPPFLAGS="-I$with_ldap_includes $CPPFLAGS "
+
+else
+
+	CPPFLAGS="-I/usr/local/include $CPPFLAGS "
+
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lresolv" >&5
+$as_echo_n "checking for main in -lresolv... " >&6; }
+if ${ac_cv_lib_resolv_main+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lresolv  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+
+int
+main ()
+{
+return main ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_resolv_main=yes
+else
+  ac_cv_lib_resolv_main=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_main" >&5
+$as_echo "$ac_cv_lib_resolv_main" >&6; }
+if test "x$ac_cv_lib_resolv_main" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBRESOLV 1
+_ACEOF
+
+  LIBS="-lresolv $LIBS"
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_strdup in -llber" >&5
+$as_echo_n "checking for ber_strdup in -llber... " >&6; }
+if ${ac_cv_lib_lber_ber_strdup+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-llber  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ber_strdup ();
+int
+main ()
+{
+return ber_strdup ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_lber_ber_strdup=yes
+else
+  ac_cv_lib_lber_ber_strdup=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lber_ber_strdup" >&5
+$as_echo "$ac_cv_lib_lber_ber_strdup" >&6; }
+if test "x$ac_cv_lib_lber_ber_strdup" = xyes; then :
+
+        :
+
+else
+
+        echo "        didn't find ber_strdup in liblber !";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP libraries";
+        echo "        or try the --with-libldap option.";
+        exit
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_add_ext in -lldap" >&5
+$as_echo_n "checking for ldap_add_ext in -lldap... " >&6; }
+if ${ac_cv_lib_ldap_ldap_add_ext+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap
+    -llber
+     $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldap_add_ext ();
+int
+main ()
+{
+return ldap_add_ext ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_ldap_ldap_add_ext=yes
+else
+  ac_cv_lib_ldap_ldap_add_ext=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_add_ext" >&5
+$as_echo "$ac_cv_lib_ldap_ldap_add_ext" >&6; }
+if test "x$ac_cv_lib_ldap_ldap_add_ext" = xyes; then :
+
+        :
+
+else
+
+        echo "        didn't find ldap_add_ext in libldap !";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP libraries";
+        echo "        or try the --with-libldap option.";
+        exit
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if ${ac_cv_header_time+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_time=yes
+else
+  ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+for ac_header in termios.h ldap.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ldap.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "ldap_add_ext" >/dev/null 2>&1; then :
+
+        :
+
+else
+
+        echo "        didn't find ldap_add_ext in ldap.h!";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP includes";
+        echo "        or try --with-ldap-includes option.";
+        exit
+
+fi
+rm -f conftest*
+
+ac_fn_c_check_header_mongrel "$LINENO" "lber.h" "ac_cv_header_lber_h" "$ac_includes_default"
+if test "x$ac_cv_header_lber_h" = xyes; then :
+
+fi
+
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <lber.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "ber_strdup" >/dev/null 2>&1; then :
+
+        :
+
+else
+
+        echo "        didn't find ber_strdup in lber.h!";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP includes";
+        echo "        or try --with-ldap-includes option.";
+        exit
+
+fi
+rm -f conftest*
+
+
+
+
+ac_config_files="$ac_config_files Makefile src/Makefile examples/Makefile"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5
+$as_echo_n "checking that generated files are newer than configure... " >&6; }
+   if test -n "$am_sleep_pid"; then
+     # Hide warnings about reused PIDs.
+     wait $am_sleep_pid 2>/dev/null
+   fi
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5
+$as_echo "done" >&6; }
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+  as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by ldapcpplib $as_me  , which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://www.openldap.org/its/ >."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+ldapcpplib config.status
+configured by $0, generated by GNU Autoconf 2.69,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`'
+enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`'
+shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`'
+SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`'
+ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`'
+PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`'
+host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`'
+host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`'
+host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`'
+build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`'
+build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`'
+build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`'
+SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`'
+Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`'
+GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`'
+EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`'
+FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`'
+LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`'
+NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`'
+LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`'
+exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`'
+lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`'
+file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`'
+want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`'
+DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`'
+sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`'
+AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`'
+archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`'
+STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`'
+lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`'
+CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`'
+compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`'
+GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`'
+lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`'
+nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`'
+lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`'
+lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`'
+objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`'
+need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`'
+MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`'
+LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`'
+libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`'
+postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`'
+need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`'
+version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`'
+install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
+configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`'
+configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`'
+striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`'
+compiler_lib_search_dirs='`$ECHO "$compiler_lib_search_dirs" | $SED "$delay_single_quote_subst"`'
+predep_objects='`$ECHO "$predep_objects" | $SED "$delay_single_quote_subst"`'
+postdep_objects='`$ECHO "$postdep_objects" | $SED "$delay_single_quote_subst"`'
+predeps='`$ECHO "$predeps" | $SED "$delay_single_quote_subst"`'
+postdeps='`$ECHO "$postdeps" | $SED "$delay_single_quote_subst"`'
+compiler_lib_search_path='`$ECHO "$compiler_lib_search_path" | $SED "$delay_single_quote_subst"`'
+LD_CXX='`$ECHO "$LD_CXX" | $SED "$delay_single_quote_subst"`'
+reload_flag_CXX='`$ECHO "$reload_flag_CXX" | $SED "$delay_single_quote_subst"`'
+reload_cmds_CXX='`$ECHO "$reload_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+old_archive_cmds_CXX='`$ECHO "$old_archive_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+compiler_CXX='`$ECHO "$compiler_CXX" | $SED "$delay_single_quote_subst"`'
+GCC_CXX='`$ECHO "$GCC_CXX" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "$lt_prog_compiler_no_builtin_flag_CXX" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_pic_CXX='`$ECHO "$lt_prog_compiler_pic_CXX" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_wl_CXX='`$ECHO "$lt_prog_compiler_wl_CXX" | $SED "$delay_single_quote_subst"`'
+lt_prog_compiler_static_CXX='`$ECHO "$lt_prog_compiler_static_CXX" | $SED "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o_CXX='`$ECHO "$lt_cv_prog_compiler_c_o_CXX" | $SED "$delay_single_quote_subst"`'
+archive_cmds_need_lc_CXX='`$ECHO "$archive_cmds_need_lc_CXX" | $SED "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes_CXX='`$ECHO "$enable_shared_with_static_runtimes_CXX" | $SED "$delay_single_quote_subst"`'
+export_dynamic_flag_spec_CXX='`$ECHO "$export_dynamic_flag_spec_CXX" | $SED "$delay_single_quote_subst"`'
+whole_archive_flag_spec_CXX='`$ECHO "$whole_archive_flag_spec_CXX" | $SED "$delay_single_quote_subst"`'
+compiler_needs_object_CXX='`$ECHO "$compiler_needs_object_CXX" | $SED "$delay_single_quote_subst"`'
+old_archive_from_new_cmds_CXX='`$ECHO "$old_archive_from_new_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds_CXX='`$ECHO "$old_archive_from_expsyms_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+archive_cmds_CXX='`$ECHO "$archive_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+archive_expsym_cmds_CXX='`$ECHO "$archive_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+module_cmds_CXX='`$ECHO "$module_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+module_expsym_cmds_CXX='`$ECHO "$module_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+with_gnu_ld_CXX='`$ECHO "$with_gnu_ld_CXX" | $SED "$delay_single_quote_subst"`'
+allow_undefined_flag_CXX='`$ECHO "$allow_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`'
+no_undefined_flag_CXX='`$ECHO "$no_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_CXX='`$ECHO "$hardcode_libdir_flag_spec_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_libdir_separator_CXX='`$ECHO "$hardcode_libdir_separator_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_CXX='`$ECHO "$hardcode_direct_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_direct_absolute_CXX='`$ECHO "$hardcode_direct_absolute_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_minus_L_CXX='`$ECHO "$hardcode_minus_L_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_shlibpath_var_CXX='`$ECHO "$hardcode_shlibpath_var_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_automatic_CXX='`$ECHO "$hardcode_automatic_CXX" | $SED "$delay_single_quote_subst"`'
+inherit_rpath_CXX='`$ECHO "$inherit_rpath_CXX" | $SED "$delay_single_quote_subst"`'
+link_all_deplibs_CXX='`$ECHO "$link_all_deplibs_CXX" | $SED "$delay_single_quote_subst"`'
+always_export_symbols_CXX='`$ECHO "$always_export_symbols_CXX" | $SED "$delay_single_quote_subst"`'
+export_symbols_cmds_CXX='`$ECHO "$export_symbols_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+exclude_expsyms_CXX='`$ECHO "$exclude_expsyms_CXX" | $SED "$delay_single_quote_subst"`'
+include_expsyms_CXX='`$ECHO "$include_expsyms_CXX" | $SED "$delay_single_quote_subst"`'
+prelink_cmds_CXX='`$ECHO "$prelink_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+postlink_cmds_CXX='`$ECHO "$postlink_cmds_CXX" | $SED "$delay_single_quote_subst"`'
+file_list_spec_CXX='`$ECHO "$file_list_spec_CXX" | $SED "$delay_single_quote_subst"`'
+hardcode_action_CXX='`$ECHO "$hardcode_action_CXX" | $SED "$delay_single_quote_subst"`'
+compiler_lib_search_dirs_CXX='`$ECHO "$compiler_lib_search_dirs_CXX" | $SED "$delay_single_quote_subst"`'
+predep_objects_CXX='`$ECHO "$predep_objects_CXX" | $SED "$delay_single_quote_subst"`'
+postdep_objects_CXX='`$ECHO "$postdep_objects_CXX" | $SED "$delay_single_quote_subst"`'
+predeps_CXX='`$ECHO "$predeps_CXX" | $SED "$delay_single_quote_subst"`'
+postdeps_CXX='`$ECHO "$postdeps_CXX" | $SED "$delay_single_quote_subst"`'
+compiler_lib_search_path_CXX='`$ECHO "$compiler_lib_search_path_CXX" | $SED "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+  eval 'cat <<_LTECHO_EOF
+\$1
+_LTECHO_EOF'
+}
+
+# Quote evaled strings.
+for var in SHELL \
+ECHO \
+PATH_SEPARATOR \
+SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+file_magic_glob \
+want_nocaseglob \
+DLLTOOL \
+sharedlib_from_linklib_cmd \
+AR \
+AR_FLAGS \
+archiver_list_spec \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_import \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+lt_cv_nm_interface \
+nm_file_list_spec \
+lt_cv_truncate_bin \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_pic \
+lt_prog_compiler_wl \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+MANIFEST_TOOL \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_separator \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+install_override_mode \
+finish_eval \
+old_striplib \
+striplib \
+compiler_lib_search_dirs \
+predep_objects \
+postdep_objects \
+predeps \
+postdeps \
+compiler_lib_search_path \
+LD_CXX \
+reload_flag_CXX \
+compiler_CXX \
+lt_prog_compiler_no_builtin_flag_CXX \
+lt_prog_compiler_pic_CXX \
+lt_prog_compiler_wl_CXX \
+lt_prog_compiler_static_CXX \
+lt_cv_prog_compiler_c_o_CXX \
+export_dynamic_flag_spec_CXX \
+whole_archive_flag_spec_CXX \
+compiler_needs_object_CXX \
+with_gnu_ld_CXX \
+allow_undefined_flag_CXX \
+no_undefined_flag_CXX \
+hardcode_libdir_flag_spec_CXX \
+hardcode_libdir_separator_CXX \
+exclude_expsyms_CXX \
+include_expsyms_CXX \
+file_list_spec_CXX \
+compiler_lib_search_dirs_CXX \
+predep_objects_CXX \
+postdep_objects_CXX \
+predeps_CXX \
+postdeps_CXX \
+compiler_lib_search_path_CXX; do
+    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postlink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+configure_time_dlsearch_path \
+configure_time_lt_sys_library_path \
+reload_cmds_CXX \
+old_archive_cmds_CXX \
+old_archive_from_new_cmds_CXX \
+old_archive_from_expsyms_cmds_CXX \
+archive_cmds_CXX \
+archive_expsym_cmds_CXX \
+module_cmds_CXX \
+module_expsym_cmds_CXX \
+export_symbols_cmds_CXX \
+prelink_cmds_CXX \
+postlink_cmds_CXX; do
+    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+ac_aux_dir='$ac_aux_dir'
+
+# See if we are running on zsh, and set the options that allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}"; then
+   setopt NO_GLOB_SUBST
+fi
+
+
+    PACKAGE='$PACKAGE'
+    VERSION='$VERSION'
+    RM='$RM'
+    ofile='$ofile'
+
+
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "src/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+    "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$ac_tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_tt=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_tt"; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS    :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs"
+    } >"$ac_tmp/config.h" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$ac_tmp/config.h" "$ac_file" \
+	|| as_fn_error $? "could not create $ac_file" "$LINENO" 5
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \
+      || as_fn_error $? "could not create -" "$LINENO" 5
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+  :C)  { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Older Autoconf quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named 'Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running 'make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "$am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      as_dir=$dirpart/$fdir; as_fn_mkdir_p
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+    "libtool":C)
+
+    # See if we are running on zsh, and set the options that allow our
+    # commands through without removal of \ escapes.
+    if test -n "${ZSH_VERSION+set}"; then
+      setopt NO_GLOB_SUBST
+    fi
+
+    cfgfile=${ofile}T
+    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+    $RM "$cfgfile"
+
+    cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+# Generated automatically by $as_me ($PACKAGE) $VERSION
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit, 1996
+
+# Copyright (C) 2014 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program or library that is built
+# using GNU Libtool, you may include this file under the  same
+# distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags='CXX '
+
+# Configured defaults for sys_lib_dlsearch_path munging.
+: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# Shared archive member basename,for filename based shared library versioning on AIX.
+shared_archive_member_spec=$shared_archive_member_spec
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that protects backslashes.
+ECHO=$lt_ECHO
+
+# The PATH separator for the build system.
+PATH_SEPARATOR=$lt_PATH_SEPARATOR
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# convert \$build file names to \$host format.
+to_host_file_cmd=$lt_cv_to_host_file_cmd
+
+# convert \$build files to toolchain format.
+to_tool_file_cmd=$lt_cv_to_tool_file_cmd
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method = "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# How to find potential files when deplibs_check_method = "file_magic".
+file_magic_glob=$lt_file_magic_glob
+
+# Find potential files using nocaseglob when deplibs_check_method = "file_magic".
+want_nocaseglob=$lt_want_nocaseglob
+
+# DLL creation program.
+DLLTOOL=$lt_DLLTOOL
+
+# Command to associate shared and link libraries.
+sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd
+
+# The archiver.
+AR=$lt_AR
+
+# Flags to create an archive.
+AR_FLAGS=$lt_AR_FLAGS
+
+# How to feed a file listing to the archiver.
+archiver_list_spec=$lt_archiver_list_spec
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# Whether to use a lock for old archive extraction.
+lock_old_archive_extraction=$lock_old_archive_extraction
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm into a list of symbols to manually relocate.
+global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name lister interface.
+nm_interface=$lt_lt_cv_nm_interface
+
+# Specify filename containing input files for \$NM.
+nm_file_list_spec=$lt_nm_file_list_spec
+
+# The root where to search for dependent libraries,and where our libraries should be installed.
+lt_sysroot=$lt_sysroot
+
+# Command to truncate a binary pipe.
+lt_truncate_bin=$lt_lt_cv_truncate_bin
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Manifest tool.
+MANIFEST_TOOL=$lt_MANIFEST_TOOL
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Permission mode override for installation of shared libraries.
+install_override_mode=$lt_install_override_mode
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Detected run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path
+
+# Explicit LT_SYS_LIBRARY_PATH set during ./configure time.
+configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \$shlibpath_var if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Commands necessary for finishing linking programs.
+postlink_cmds=$lt_postlink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects
+postdep_objects=$lt_postdep_objects
+predeps=$lt_predeps
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+    cat <<'_LT_EOF' >> "$cfgfile"
+
+# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
+
+# func_munge_path_list VARIABLE PATH
+# -----------------------------------
+# VARIABLE is name of variable containing _space_ separated list of
+# directories to be munged by the contents of PATH, which is string
+# having a format:
+# "DIR[:DIR]:"
+#       string "DIR[ DIR]" will be prepended to VARIABLE
+# ":DIR[:DIR]"
+#       string "DIR[ DIR]" will be appended to VARIABLE
+# "DIRP[:DIRP]::[DIRA:]DIRA"
+#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
+#       "DIRA[ DIRA]" will be appended to VARIABLE
+# "DIR[:DIR]"
+#       VARIABLE will be replaced by "DIR[ DIR]"
+func_munge_path_list ()
+{
+    case x$2 in
+    x)
+        ;;
+    *:)
+        eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\"
+        ;;
+    x:*)
+        eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\"
+        ;;
+    *::*)
+        eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
+        eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\"
+        ;;
+    *)
+        eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\"
+        ;;
+    esac
+}
+
+
+# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
+func_cc_basename ()
+{
+    for cc_temp in $*""; do
+      case $cc_temp in
+        compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+        distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+        \-*) ;;
+        *) break;;
+      esac
+    done
+    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
+}
+
+
+# ### END FUNCTIONS SHARED WITH CONFIGURE
+
+_LT_EOF
+
+  case $host_os in
+  aix3*)
+    cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test set != "${COLLECT_NAMES+set}"; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+_LT_EOF
+    ;;
+  esac
+
+
+ltmain=$ac_aux_dir/ltmain.sh
+
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '$q' "$ltmain" >> "$cfgfile" \
+     || (rm -f "$cfgfile"; exit 1)
+
+   mv -f "$cfgfile" "$ofile" ||
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+
+
+    cat <<_LT_EOF >> "$ofile"
+
+# ### BEGIN LIBTOOL TAG CONFIG: CXX
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag_CXX
+reload_cmds=$lt_reload_cmds_CXX
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds_CXX
+
+# A language specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object_CXX
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld_CXX
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \$shlibpath_var if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute_CXX
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath_CXX
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds_CXX
+
+# Commands necessary for finishing linking programs.
+postlink_cmds=$lt_postlink_cmds_CXX
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec_CXX
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects_CXX
+postdep_objects=$lt_postdep_objects_CXX
+predeps=$lt_predeps_CXX
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# ### END LIBTOOL TAG CONFIG: CXX
+_LT_EOF
+
+ ;;
+
+  esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/contrib/ldapc++/configure.ac b/contrib/ldapc++/configure.ac
new file mode 100644
index 0000000..287a57a
--- /dev/null
+++ b/contrib/ldapc++/configure.ac
@@ -0,0 +1,101 @@
+dnl $OpenLDAP$
+
+dnl Copyright 2000-2022 The OpenLDAP Foundation. All Rights Reserved.
+dnl COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+dnl Process this file with autoconf to produce a configure script.
+
+AC_COPYRIGHT([[Copyright 2000-2022 The OpenLDAP Foundation. All rights reserved.
+Restrictions apply, see COPYRIGHT and LICENSE files.]])
+AC_REVISION([$Id: 98b3f7d81f7f9f1b793e68dc179b79b866fc8786 $])
+AC_INIT(ldapcpplib, [] , [http://www.openldap.org/its/] )
+AC_CONFIG_SRCDIR(src/LDAPConnection.h)
+AM_INIT_AUTOMAKE(foreign)
+AM_CONFIG_HEADER(src/config.h)
+
+eval `$ac_aux_dir/version.sh`
+if test -z "$OL_CPP_API_RELEASE"; then
+        AC_MSG_ERROR([could not determine version])
+fi
+
+VERSION=$OL_CPP_API_RELEASE
+OPENLDAP_CPP_API_VERSION=$OL_CPP_API_VERSION
+AC_SUBST(VERSION)
+AC_SUBST(OPENLDAP_CPP_API_VERSION)
+dnl Checks for programs.
+AC_PROG_INSTALL
+dnl AC_PROG_CC
+AC_PROG_CXX
+dnl AC_PROG_RANLIB
+dnl AM_DISABLE_SHARED
+AC_PROG_LIBTOOL
+dnl AC_PROG_MAKE_SET
+AC_ARG_ENABLE(debug,[  --enable-debug],[
+	CXXFLAGS="-g -O0 -Wall"
+    AC_DEFINE(WITH_DEBUG,[],[Define to 1 ot enable debug logging])
+	],
+)
+
+AC_ARG_WITH(libldap,[  --with-libldap=DIR          Path to the libldap library [/usr/local/lib]],[
+	LIBS="-L$with_libldap $LIBS "	
+	],[
+	LIBS="-L/usr/local/lib $LIBS "	
+	]
+)
+
+AC_ARG_WITH(ldap-includes,[  --with-ldap-includes=DIR    Path to the libldap include files [/usr/local/include]],[
+	CPPFLAGS="-I$with_ldap_includes $CPPFLAGS "	
+	],[
+	CPPFLAGS="-I/usr/local/include $CPPFLAGS "
+	]
+)
+dnl Checks for libraries.
+AC_CHECK_LIB(resolv,main)
+AC_CHECK_LIB(lber,ber_strdup,[
+dnl NOOP
+        :
+    ],[
+        echo "        didn't find ber_strdup in liblber !";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP libraries";
+        echo "        or try the --with-libldap option.";
+        exit
+    ])
+AC_CHECK_LIB(ldap,ldap_add_ext,[
+dnl NOOP
+        :
+    ],[
+        echo "        didn't find ldap_add_ext in libldap !";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP libraries";
+        echo "        or try the --with-libldap option.";
+        exit
+    ],[
+    -llber
+    ])
+dnl Checks for header files.
+AC_HEADER_TIME
+AC_CHECK_HEADERS(termios.h ldap.h)
+AC_EGREP_HEADER(ldap_add_ext,ldap.h,[
+dnl NOOP
+        :
+    ],[
+        echo "        didn't find ldap_add_ext in ldap.h!";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP includes";
+        echo "        or try --with-ldap-includes option.";
+        exit
+    ])
+AC_CHECK_HEADER(lber.h)
+AC_EGREP_HEADER(ber_strdup,lber.h,[
+dnl NOOP
+        :
+    ],[
+        echo "        didn't find ber_strdup in lber.h!";
+        echo "        Check for the right version (>= 2.0) of the OpenLDAP includes";
+        echo "        or try --with-ldap-includes option.";
+        exit
+    ])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+
+dnl Checks for library functions.
+
+AC_OUTPUT(Makefile src/Makefile examples/Makefile)
diff --git a/contrib/ldapc++/depcomp b/contrib/ldapc++/depcomp
new file mode 100755
index 0000000..04701da
--- /dev/null
+++ b/contrib/ldapc++/depcomp
@@ -0,0 +1,530 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2005-07-09.11
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+  "$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> $depfile
+    echo >> $depfile
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> $depfile
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
+  tmpdepfile="$stripped.u"
+  if test "$libtool" = yes; then
+    "$@" -Wc,-M
+  else
+    "$@" -M
+  fi
+  stat=$?
+
+  if test -f "$tmpdepfile"; then :
+  else
+    stripped=`echo "$stripped" | sed 's,^.*/,,'`
+    tmpdepfile="$stripped.u"
+  fi
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+
+  if test -f "$tmpdepfile"; then
+    outname="$stripped.o"
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
+    sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mecanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no
+  for arg in "$@"; do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix="`echo $object | sed 's/^.*\././'`"
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test $1 != '--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o,
+  # because we must use -o when running libtool.
+  "$@" || exit $?
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  . "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/contrib/ldapc++/doxygen.rc b/contrib/ldapc++/doxygen.rc
new file mode 100644
index 0000000..594a3de
--- /dev/null
+++ b/contrib/ldapc++/doxygen.rc
@@ -0,0 +1,1313 @@
+# $OpenLDAP$
+
+# Doxyfile 1.5.4
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file that 
+# follow. The default is UTF-8 which is also the encoding used for all text before 
+# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into 
+# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of 
+# possible encodings.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded 
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = ldapsdk
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. 
+# This could be handy for archiving the generated documentation or 
+# if some version control system is used.
+
+PROJECT_NUMBER         = 0.0.1
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
+# base path where the generated documentation will be put. 
+# If a relative path is entered, it will be relative to the location 
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = srcdoc
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 
+# 4096 sub-directories (in 2 levels) under the output directory of each output 
+# format and will distribute the generated files over these directories. 
+# Enabling this option can be useful when feeding doxygen a huge amount of 
+# source files, where putting all generated files in the same directory would 
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all 
+# documentation generated by doxygen is written. Doxygen will use this 
+# information to generate all constant output in the proper language. 
+# The default language is English, other supported languages are: 
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, 
+# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian, 
+# Italian, Japanese, Japanese-en (Japanese with English messages), Korean, 
+# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, 
+# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will 
+# include brief member descriptions after the members that are listed in 
+# the file and class documentation (similar to JavaDoc). 
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend 
+# the brief description of a member or function before the detailed description. 
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the 
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = yes
+
+# This tag implements a quasi-intelligent brief description abbreviator 
+# that is used to form the text in various listings. Each string 
+# in this list, if found as the leading text of the brief description, will be 
+# stripped from the text and the result after processing the whole list, is 
+# used as the annotated text. Otherwise, the brief description is used as-is. 
+# If left blank, the following values are used ("$name" is automatically 
+# replaced with the name of the entity): "The $name class" "The $name widget" 
+# "The $name file" "is" "provides" "specifies" "contains" 
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       = 
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then 
+# Doxygen will generate a detailed section even if there is only a brief 
+# description.
+
+ALWAYS_DETAILED_SEC    = yes
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all 
+# inherited members of a class in the documentation of that class as if those 
+# members were ordinary class members. Constructors, destructors and assignment 
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full 
+# path before files name in the file list and in the header files. If set 
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag 
+# can be used to strip a user-defined part of the path. Stripping is 
+# only done if one of the specified strings matches the left-hand part of 
+# the path. The tag can be used to show relative paths in the file list. 
+# If left blank the directory from which doxygen is run is used as the 
+# path to strip.
+
+STRIP_FROM_PATH        = 
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of 
+# the path mentioned in the documentation of a class, which tells 
+# the reader which header file to include in order to use a class. 
+# If left blank only the name of the header file containing the class 
+# definition is used. Otherwise one should specify the include paths that 
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    = 
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter 
+# (but less readable) file names. This can be useful is your file systems 
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen 
+# will interpret the first line (until the first dot) of a JavaDoc-style 
+# comment as the brief description. If set to NO, the JavaDoc 
+# comments will behave just like regular Qt-style comments 
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF      = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will 
+# interpret the first line (until the first dot) of a Qt-style 
+# comment as the brief description. If set to NO, the comments 
+# will behave just like regular Qt-style comments (thus requiring 
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen 
+# treat a multi-line C++ special comment block (i.e. a block of //! or /// 
+# comments) as a brief description. This used to be the default behaviour. 
+# The new default is to treat a multi-line C++ comment block as a detailed 
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen 
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member 
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented 
+# member inherits the documentation from any documented member that it 
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce 
+# a new page for each member. If set to NO, the documentation of a member will 
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. 
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 4
+
+# This tag can be used to specify a number of aliases that acts 
+# as commands in the documentation. An alias has the form "name=value". 
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to 
+# put the command \sideeffect (or @sideeffect) in the documentation, which 
+# will result in a user-defined paragraph with heading "Side Effects:". 
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                = 
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C 
+# sources only. Doxygen will then generate output that is more tailored for C. 
+# For instance, some of the names that are used will be different. The list 
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = NO
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java 
+# sources only. Doxygen will then generate output that is more tailored for Java. 
+# For instance, namespaces will be presented as packages, qualified scopes 
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to 
+# include (a tag file for) the STL sources as input, then you should 
+# set this tag to YES in order to let doxygen match functions declarations and 
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. 
+# func(std::string) {}). This also make the inheritance and collaboration 
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT        = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. 
+# Doxygen will parse them like normal C++ but will assume all classes use public 
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT            = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC 
+# tag is set to YES, then doxygen will reuse the documentation of the first 
+# member in the group (if any) for the other members of the group. By default 
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of 
+# the same type (for instance a group of public functions) to be put as a 
+# subgroup of that type (e.g. under the Public Functions section). Set it to 
+# NO to prevent subgrouping. Alternatively, this can be done per class using 
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct (or union) is 
+# documented as struct with the name of the typedef. So 
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct 
+# with name TypeT. When disabled the typedef will appear as a member of a file, 
+# namespace, or class. And the struct will be named TypeS. This can typically 
+# be useful for C code where the coding convention is that all structs are 
+# typedef'ed and only the typedef is referenced never the struct's name.
+
+TYPEDEF_HIDES_STRUCT   = NO
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in 
+# documentation are documented, even if no documentation was available. 
+# Private class members and static file members will be hidden unless 
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class 
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file 
+# will be included in the documentation.
+
+EXTRACT_STATIC         = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) 
+# defined locally in source files will be included in the documentation. 
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = NO
+
+# This flag is only useful for Objective-C code. When set to YES local 
+# methods, which are defined in the implementation section but not in 
+# the interface are included in the documentation. 
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be extracted 
+# and appear in the documentation as a namespace called 'anonymous_namespace{file}', 
+# where file will be replaced with the base name of the file that contains the anonymous 
+# namespace. By default anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all 
+# undocumented members of documented classes, files or namespaces. 
+# If set to NO (the default) these members will be included in the 
+# various overviews, but no documentation section is generated. 
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all 
+# undocumented classes that are normally visible in the class hierarchy. 
+# If set to NO (the default) these classes will be included in the various 
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all 
+# friend (class|struct|union) declarations. 
+# If set to NO (the default) these declarations will be included in the 
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any 
+# documentation blocks found inside the body of a function. 
+# If set to NO (the default) these blocks will be appended to the 
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation 
+# that is typed after a \internal command is included. If the tag is set 
+# to NO (the default) then the documentation will be excluded. 
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate 
+# file names in lower-case letters. If set to YES upper-case letters are also 
+# allowed. This is useful if you have classes or files whose names only differ 
+# in case and if your file system supports case sensitive file names. Windows 
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = NO
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen 
+# will show members with their full class and namespace scopes in the 
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen 
+# will put a list of the files that are included by a file in the documentation 
+# of that file.
+
+SHOW_INCLUDE_FILES     = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] 
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen 
+# will sort the (detailed) documentation of file and class members 
+# alphabetically by member name. If set to NO the members will appear in 
+# declaration order.
+
+SORT_MEMBER_DOCS       = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the 
+# brief documentation of file, namespace and class members alphabetically 
+# by member name. If set to NO (the default) the members will appear in 
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be 
+# sorted by fully-qualified names, including namespaces. If set to 
+# NO (the default), the class list will be sorted only by class name, 
+# not including the namespace part. 
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the 
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or 
+# disable (NO) the todo list. This list is created by putting \todo 
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or 
+# disable (NO) the test list. This list is created by putting \test 
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or 
+# disable (NO) the bug list. This list is created by putting \bug 
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or 
+# disable (NO) the deprecated list. This list is created by putting 
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional 
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       = 
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines 
+# the initial value of a variable or define consists of for it to appear in 
+# the documentation. If the initializer consists of more lines than specified 
+# here it will be hidden. Use a value of 0 to hide initializers completely. 
+# The appearance of the initializer of individual variables and defines in the 
+# documentation can be controlled using \showinitializer or \hideinitializer 
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated 
+# at the bottom of the documentation of classes and structs. If set to YES the 
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+# If the sources in your project are distributed over multiple directories 
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES       = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that 
+# doxygen should invoke to get the current version for each file (typically from the 
+# version control system). Doxygen will invoke the program by executing (via 
+# popen()) the command <command> <input-file>, where <command> is the value of 
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file 
+# provided by doxygen. Whatever the program writes to standard output 
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated 
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are 
+# generated by doxygen. Possible values are YES and NO. If left blank 
+# NO is used.
+
+WARNINGS               = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings 
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will 
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for 
+# potential errors in the documentation, such as not documenting some 
+# parameters in a documented function, or documenting parameters that 
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be enabled to get warnings for
+# functions that are documented, but have no documentation for their parameters 
+# or return value. If set to NO (the default) doxygen will only warn about 
+# wrong or incomplete parameter documentation, but not about the absence of 
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that 
+# doxygen can produce. The string should contain the $file, $line, and $text 
+# tags, which will be replaced by the file and line number from which the 
+# warning originated and the warning text. Optionally the format may contain 
+# $version, which will be replaced by the version of the file (if it could 
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text "
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning 
+# and error messages should be written. If left blank the output is written 
+# to stderr.
+
+WARN_LOGFILE           = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain 
+# documented source files. You may enter file names like "myfile.cpp" or 
+# directories like "/usr/src/myproject". Separate the files or directories 
+# with spaces.
+
+INPUT                  = ./src
+
+# This tag can be used to specify the character encoding of the source files that 
+# doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default 
+# input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding. 
+# See http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the 
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank the following patterns are tested: 
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx 
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS          = *.cpp \
+                         *.h
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories 
+# should be searched for input files as well. Possible values are YES and NO. 
+# If left blank NO is used.
+
+RECURSIVE              = yes
+
+# The EXCLUDE tag can be used to specify files and/or directories that should 
+# excluded from the INPUT source files. This way you can easily exclude a 
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = 
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or 
+# directories that are symbolic links (a Unix filesystem feature) are excluded 
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the 
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude 
+# certain files from those directories. Note that the wildcards are matched 
+# against the file with absolute path, so to exclude all test directories 
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       = 
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names 
+# (namespaces, classes, functions, etc.) that should be excluded from the output. 
+# The symbol name can be a fully qualified name, a word, or if the wildcard * is used, 
+# a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS        = 
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or 
+# directories that contain example code fragments that are included (see 
+# the \include command).
+
+EXAMPLE_PATH           = 
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the 
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp 
+# and *.h) to filter out the source-files in the directories. If left 
+# blank all files are included.
+
+EXAMPLE_PATTERNS       = 
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be 
+# searched for input files to be used with the \include or \dontinclude 
+# commands irrespective of the value of the RECURSIVE tag. 
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or 
+# directories that contain image that are included in the documentation (see 
+# the \image command).
+
+IMAGE_PATH             = 
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should 
+# invoke to filter for each input file. Doxygen will invoke the filter program 
+# by executing (via popen()) the command <filter> <input-file>, where <filter> 
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an 
+# input file. Doxygen will then use the output that the filter program writes 
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be 
+# ignored.
+
+INPUT_FILTER           = 
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern 
+# basis.  Doxygen will compare the file name with each pattern and apply the 
+# filter if there is a match.  The filters are a list of the form: 
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further 
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER 
+# is applied to all files.
+
+FILTER_PATTERNS        = 
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using 
+# INPUT_FILTER) will be used to filter the input files when producing source 
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will 
+# be generated. Documented entities will be cross-referenced with these sources. 
+# Note: To get rid of all source code in the generated output, make sure also 
+# VERBATIM_HEADERS is set to NO. If you have enabled CALL_GRAPH or CALLER_GRAPH 
+# then you must also enable this option. If you don't then doxygen will produce 
+# a warning and turn it on anyway
+
+SOURCE_BROWSER         = no
+
+# Setting the INLINE_SOURCES tag to YES will include the body 
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct 
+# doxygen to hide any special comment blocks from generated source code 
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default) 
+# then for each documented function all documented 
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default) 
+# then for each documented function all documented entities 
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code.  Otherwise they will link to the documentation.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code 
+# will point to the HTML generated by the htags(1) tool instead of doxygen 
+# built-in source browser. The htags tool is part of GNU's global source 
+# tagging system (see http://www.gnu.org/software/global/global.html). You 
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen 
+# will generate a verbatim copy of the header file for each class for 
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index 
+# of all compounds will be generated. Enable this if the project 
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then 
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns 
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all 
+# classes will be put under the same header in the alphabetical index. 
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that 
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will 
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = 
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for 
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank 
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard header.
+
+HTML_HEADER            = 
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for 
+# each generated HTML page. If it is left blank doxygen will generate a 
+# standard footer.
+
+HTML_FOOTER            = 
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading 
+# style sheet that is used by each HTML page. It can be used to 
+# fine-tune the look of the HTML output. If the tag is left blank doxygen 
+# will generate a default style sheet. Note that doxygen will try to copy 
+# the style sheet file to the HTML output directory, so don't put your own 
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        = 
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, 
+# files or namespaces will be aligned in HTML using tables. If set to 
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files 
+# will be generated that can be used as input for tools like the 
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm) 
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML 
+# documentation will contain sections that can be hidden and shown after the 
+# page has loaded. For this to work a browser that supports 
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox 
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can 
+# be used to specify the file name of the resulting .chm file. You 
+# can add a path in front of the file if the result should not be 
+# written to the html output directory.
+
+CHM_FILE               = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can 
+# be used to specify the location (absolute path including file name) of 
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run 
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           = 
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag 
+# controls if a separate .chi index file is generated (YES) or that 
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag 
+# controls whether a binary table of contents is generated (YES) or a 
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members 
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at 
+# top of each HTML page. The value NO (the default) enables the index and 
+# the value YES disables it.
+
+DISABLE_INDEX          = NO
+
+# This tag can be used to set the number of enum values (range [1..20]) 
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that 
+# is generated for HTML Help). For this to work a browser that supports 
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, 
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are 
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be 
+# used to set the initial width (in pixels) of the frame in which the tree 
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
+# generate Latex output.
+
+GENERATE_LATEX         = no
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = 
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be 
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to 
+# generate index for LaTeX. If left blank `makeindex' will be used as the 
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact 
+# LaTeX documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used 
+# by the printer. Possible values are: a4, a4wide, letter, legal and 
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX 
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         = 
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for 
+# the generated latex document. The header should contain everything until 
+# the first chapter. If it is left blank doxygen will generate a 
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           = 
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated 
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will 
+# contain links (just like the HTML output) instead of page references 
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = NO
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of 
+# plain latex in the generated Makefile. Set this option to YES to get a 
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = NO
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. 
+# command to the generated LaTeX files. This will instruct LaTeX to keep 
+# running if errors occur, instead of asking the user for help. 
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not 
+# include the index chapters (such as File Index, Compound Index, etc.) 
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output 
+# The RTF output is optimized for Word 97 and may not look very pretty with 
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact 
+# RTF documents. This may be useful for small projects and may help to 
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated 
+# will contain hyperlink fields. The RTF file will 
+# contain links (just like the HTML output) instead of page references. 
+# This makes the output suitable for online browsing using WORD or other 
+# programs which support those fields. 
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's 
+# config file, i.e. a series of assignments. You only have to provide 
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    = 
+
+# Set optional variables used in the generation of an rtf document. 
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    = 
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will 
+# generate man pages
+
+GENERATE_MAN           = no
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = 
+
+# The MAN_EXTENSION tag determines the extension that is added to 
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output, 
+# then it will generate one additional man file for each entity 
+# documented in the real man page(s). These additional files 
+# only source the real man page, but without them the man command 
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will 
+# generate an XML file that captures the structure of 
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put. 
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be 
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_SCHEMA             = 
+
+# The XML_DTD tag can be used to specify an XML DTD, 
+# which can be used by a validating XML parser to check the 
+# syntax of the XML files.
+
+XML_DTD                = 
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will 
+# dump the program listings (including syntax highlighting 
+# and cross-referencing information) to the XML output. Note that 
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will 
+# generate an AutoGen Definitions (see autogen.sf.net) file 
+# that captures the structure of the code including all 
+# documentation. Note that this feature is still experimental 
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will 
+# generate a Perl module file that captures the structure of 
+# the code including all documentation. Note that this 
+# feature is still experimental and incomplete at the 
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate 
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able 
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be 
+# nicely formatted so it can be parsed by a human reader.  This is useful 
+# if you want to understand what is going on.  On the other hand, if this 
+# tag is set to NO the size of the Perl module output will be much smaller 
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file 
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. 
+# This is useful so different doxyrules.make files included by the same 
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX = 
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor   
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will 
+# evaluate all C-preprocessor directives found in the sources and include 
+# files.
+
+ENABLE_PREPROCESSING   = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro 
+# names in the source code. If set to NO (the default) only conditional 
+# compilation will be performed. Macro expansion can be done in a controlled 
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES 
+# then the macro expansion is limited to the macros specified with the 
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files 
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that 
+# contain include files that are not input files but should be processed by 
+# the preprocessor.
+
+INCLUDE_PATH           = 
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard 
+# patterns (like *.h and *.hpp) to filter out the header-files in the 
+# directories. If left blank, the patterns specified with FILE_PATTERNS will 
+# be used.
+
+INCLUDE_FILE_PATTERNS  = 
+
+# The PREDEFINED tag can be used to specify one or more macro names that 
+# are defined before the preprocessor is started (similar to the -D option of 
+# gcc). The argument of the tag is a list of macros of the form: name 
+# or name=definition (no spaces). If the definition and the = are 
+# omitted =1 is assumed. To prevent a macro definition from being 
+# undefined via #undef or recursively expanded use the := operator 
+# instead of the = operator.
+
+PREDEFINED             = 
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then 
+# this tag can be used to specify a list of macro names that should be expanded. 
+# The macro definition that is found in the sources will be used. 
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      = 
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then 
+# doxygen's preprocessor will remove all function-like macros that are alone 
+# on a line, have an all uppercase name, and do not end with a semicolon. Such 
+# function macros are typically used for boiler-plate code, and will confuse 
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references   
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles. 
+# Optionally an initial location of the external documentation 
+# can be added for each tagfile. The format of a tag file without 
+# this location is as follows: 
+#   TAGFILES = file1 file2 ... 
+# Adding location for the tag files is done as follows: 
+#   TAGFILES = file1=loc1 "file2 = loc2" ... 
+# where "loc1" and "loc2" can be relative or absolute paths or 
+# URLs. If a location is present for each tag, the installdox tool 
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen 
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               = 
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create 
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       = 
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed 
+# in the class index. If set to NO only the inherited external classes 
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed 
+# in the modules index. If set to NO, only the current project's groups will 
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script 
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool   
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will 
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base 
+# or super classes. Setting the tag to NO turns the diagrams off. Note that 
+# this option is superseded by the HAVE_DOT option below. This is only a 
+# fallback. It is recommended to install and use dot, since it yields more 
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# You can define message sequence charts within doxygen comments using the \msc 
+# command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to 
+# produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to 
+# specify the directory where the mscgen tool resides. If left empty the tool is assumed to 
+# be found in the default search path.
+
+MSCGEN_PATH            = 
+
+# If set to YES, the inheritance and collaboration graphs will hide 
+# inheritance and usage relations if the target is undocumented 
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is 
+# available from the path. This tool is part of Graphviz, a graph visualization 
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section 
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect inheritance relations. Setting this tag to YES will force the 
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for each documented class showing the direct and 
+# indirect implementation dependencies (inheritance, containment, and 
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen 
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and 
+# collaboration diagrams in a style similar to the OMG's Unified Modeling 
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the 
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT 
+# tags are set to YES then doxygen will generate a graph for each documented 
+# file showing the direct and indirect include dependencies of the file with 
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and 
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each 
+# documented header file showing the documented files that directly or 
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the CALL_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will 
+# generate a call dependency graph for every global function or class method. 
+# Note that enabling this option will significantly increase the time of a run. 
+# So in most cases it will be better to enable call graphs for selected 
+# functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the CALLER_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will 
+# generate a caller dependency graph for every global function or class method. 
+# Note that enabling this option will significantly increase the time of a run. 
+# So in most cases it will be better to enable caller graphs for selected 
+# functions only using the \callergraph command.
+
+CALLER_GRAPH           = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen 
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES 
+# then doxygen will show the dependencies a directory has on other directories 
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images 
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be 
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               = 
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that 
+# contain dot files that are included in the documentation (see the 
+# \dotfile command).
+
+DOTFILE_DIRS           = 
+
+# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of 
+# nodes that will be shown in the graph. If the number of nodes in a graph 
+# becomes larger than this value, doxygen will truncate the graph, which is 
+# visualized by representing a node as a red box. Note that doxygen if the number 
+# of direct children of the root node in a graph is already larger than 
+# MAX_DOT_GRAPH_NOTES then the graph will not be shown at all. Also note 
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES    = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the 
+# graphs generated by dot. A depth value of 3 means that only nodes reachable 
+# from the root by following a path via at most 3 edges will be shown. Nodes 
+# that lay further from the root node will be omitted. Note that setting this 
+# option to 1 or 2 may greatly reduce the computation time needed for large 
+# code bases. Also note that the size of a graph can be further restricted by 
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent 
+# background. This is disabled by default, which results in a white background. 
+# Warning: Depending on the platform used, enabling this option may lead to 
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to 
+# read).
+
+DOT_TRANSPARENT        = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output 
+# files in one run (i.e. multiple -o and -T options on the command line). This 
+# makes dot run faster, but since only newer versions of dot (>1.8.10) 
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will 
+# generate a legend page explaining the meaning of the various boxes and 
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will 
+# remove the intermediate dot files that are used to generate 
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine   
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be 
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
diff --git a/contrib/ldapc++/examples/Makefile.am b/contrib/ldapc++/examples/Makefile.am
new file mode 100644
index 0000000..ae25cb4
--- /dev/null
+++ b/contrib/ldapc++/examples/Makefile.am
@@ -0,0 +1,20 @@
+# $OpenLDAP$
+
+##
+# Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+AM_CPPFLAGS = -I$(top_srcdir)/src
+noinst_PROGRAMS = main readSchema startTls urlTest
+
+main_SOURCES = main.cpp
+main_LDADD = ../src/libldapcpp.la
+
+readSchema_SOURCES = readSchema.cpp
+readSchema_LDADD = ../src/libldapcpp.la
+
+startTls_SOURCES = startTls.cpp
+startTls_LDADD = ../src/libldapcpp.la
+
+urlTest_SOURCES = urlTest.cpp
+urlTest_LDADD = ../src/libldapcpp.la
diff --git a/contrib/ldapc++/examples/Makefile.in b/contrib/ldapc++/examples/Makefile.in
new file mode 100644
index 0000000..3c7db97
--- /dev/null
+++ b/contrib/ldapc++/examples/Makefile.in
@@ -0,0 +1,506 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $OpenLDAP$
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = main$(EXEEXT) readSchema$(EXEEXT) startTls$(EXEEXT) \
+	urlTest$(EXEEXT)
+subdir = examples
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/src/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+PROGRAMS = $(noinst_PROGRAMS)
+am_main_OBJECTS = main.$(OBJEXT)
+main_OBJECTS = $(am_main_OBJECTS)
+main_DEPENDENCIES = ../src/libldapcpp.la
+am_readSchema_OBJECTS = readSchema.$(OBJEXT)
+readSchema_OBJECTS = $(am_readSchema_OBJECTS)
+readSchema_DEPENDENCIES = ../src/libldapcpp.la
+am_startTls_OBJECTS = startTls.$(OBJEXT)
+startTls_OBJECTS = $(am_startTls_OBJECTS)
+startTls_DEPENDENCIES = ../src/libldapcpp.la
+am_urlTest_OBJECTS = urlTest.$(OBJEXT)
+urlTest_OBJECTS = $(am_urlTest_OBJECTS)
+urlTest_DEPENDENCIES = ../src/libldapcpp.la
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(main_SOURCES) $(readSchema_SOURCES) $(startTls_SOURCES) \
+	$(urlTest_SOURCES)
+DIST_SOURCES = $(main_SOURCES) $(readSchema_SOURCES) \
+	$(startTls_SOURCES) $(urlTest_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENLDAP_CPP_API_VERSION = @OPENLDAP_CPP_API_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+# Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+AM_CPPFLAGS = -I$(top_srcdir)/src
+main_SOURCES = main.cpp
+main_LDADD = ../src/libldapcpp.la
+readSchema_SOURCES = readSchema.cpp
+readSchema_LDADD = ../src/libldapcpp.la
+startTls_SOURCES = startTls.cpp
+startTls_LDADD = ../src/libldapcpp.la
+urlTest_SOURCES = urlTest.cpp
+urlTest_LDADD = ../src/libldapcpp.la
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .cpp .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign examples/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign examples/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstPROGRAMS:
+	@list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+main$(EXEEXT): $(main_OBJECTS) $(main_DEPENDENCIES) 
+	@rm -f main$(EXEEXT)
+	$(CXXLINK) $(main_OBJECTS) $(main_LDADD) $(LIBS)
+readSchema$(EXEEXT): $(readSchema_OBJECTS) $(readSchema_DEPENDENCIES) 
+	@rm -f readSchema$(EXEEXT)
+	$(CXXLINK) $(readSchema_OBJECTS) $(readSchema_LDADD) $(LIBS)
+startTls$(EXEEXT): $(startTls_OBJECTS) $(startTls_DEPENDENCIES) 
+	@rm -f startTls$(EXEEXT)
+	$(CXXLINK) $(startTls_OBJECTS) $(startTls_LDADD) $(LIBS)
+urlTest$(EXEEXT): $(urlTest_OBJECTS) $(urlTest_DEPENDENCIES) 
+	@rm -f urlTest$(EXEEXT)
+	$(CXXLINK) $(urlTest_OBJECTS) $(urlTest_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/readSchema.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/startTls.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/urlTest.Po@am__quote@
+
+.cpp.o:
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+@am__fastdepCXX_TRUE@	$(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LTCXXCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libtool clean-noinstPROGRAMS ctags distclean \
+	distclean-compile distclean-generic distclean-libtool \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am install-man \
+	install-pdf install-pdf-am install-ps install-ps-am \
+	install-strip installcheck installcheck-am installdirs \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/ldapc++/examples/main.cpp b/contrib/ldapc++/examples/main.cpp
new file mode 100644
index 0000000..c4b8001
--- /dev/null
+++ b/contrib/ldapc++/examples/main.cpp
@@ -0,0 +1,134 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+#include <sstream>
+#include "LDAPConnection.h"
+#include "LDAPConstraints.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchResults.h"
+#include "LDAPAttribute.h"
+#include "LDAPAttributeList.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPModification.h"
+
+#include "debug.h"
+
+int main(){
+    LDAPConstraints* cons=new LDAPConstraints;
+    LDAPControlSet* ctrls=new LDAPControlSet;
+    ctrls->add(LDAPCtrl(LDAP_CONTROL_MANAGEDSAIT));
+    cons->setServerControls(ctrls);
+    LDAPConnection *lc=new LDAPConnection("localhost",9009);
+    lc->setConstraints(cons);
+    std::cout << "----------------------doing bind...." << std::endl;
+    try{
+        lc->bind("cn=Manager,o=Organisation,c=DE" , "secret",cons);
+        std::cout << lc->getHost() << std::endl;    
+        bool result = lc->compare("cn=Manager,o=Organisation,c=DE", 
+                LDAPAttribute("cn","Manager"));
+        std::cout << "Compare: " << result << std::endl;
+    
+        LDAPAttributeList* attrs=new LDAPAttributeList();
+        StringList values;
+        StringList s2;
+        values.add("top");
+        values.add("Person");
+        attrs->addAttribute(LDAPAttribute("objectClass",values));
+        attrs->addAttribute(LDAPAttribute("cn","Peter"));
+        attrs->addAttribute(LDAPAttribute("sn","Peter,hallo"));
+        LDAPEntry* entry=new LDAPEntry(
+                "cn=Peter , o=Organisation, c=DE", attrs);    
+//        lc->add(entry);
+        
+//        lc->del("ou=Groups,o=Organisation,c=DE");
+
+        LDAPSearchResults* entries = lc->search("o=Organisation,c=DE",
+                LDAPConnection::SEARCH_ONE);
+        if (entries != 0){
+            LDAPEntry* entry = entries->getNext();
+            if(entry != 0){
+                std::cout << *(entry) << std::endl;
+            }
+            while(entry){
+                try{
+                    entry = entries->getNext();
+                    if(entry != 0){
+                        std::cout << *(entry) << std::endl;
+                    }
+                    delete entry;
+                }catch(LDAPReferralException e){
+                    std::cout << "Caught Referral" << std::endl;
+                }
+            }
+        }
+        
+        lc->unbind();
+        delete lc;
+   }catch (LDAPException &e){
+        std::cout << "-------------- caught Exception ---------"<< std::endl;
+        std::cout << e << std::endl;
+    }
+
+    /*
+    std::cout << "--------------------starting search" << std::endl;
+    LDAPAttributeList* attrs=new LDAPAttributeList();
+    StringList values;
+    values.add("top");
+    values.add("organizationalUnit");
+    attrs->addAttribute(LDAPAttribute("objectClass",values));
+    attrs->addAttribute(LDAPAttribute("ou","Groups"));
+    LDAPEntry* entry=new LDAPEntry(
+            "ou=Groups, o=Organisation, c=DE", attrs);    
+
+    LDAPAttribute newattr("description");
+    LDAPModification::mod_op op = LDAPModification::OP_DELETE;
+    LDAPModList *mod=new LDAPModList();
+    mod->addModification(LDAPModification(newattr,op));
+    LDAPMessageQueue* q=0;
+    try{
+        q=lc->search("o=Organisation,c=de",LDAPAsynConnection::SEARCH_SUB,
+         "objectClass=*",StringList());
+//        q=lc->add(entry);
+//        q=lc->modify("cn=Manager,o=Organisation,c=DE",
+//                mod);
+        LDAPMsg *res=q->getNext();
+        bool cont=true;
+        while( cont  ) {
+            switch(res->getMessageType()){
+                LDAPSearchResult *res2;
+                const LDAPEntry *entry;
+                case LDAP_RES_SEARCH_ENTRY :
+                    res2= (LDAPSearchResult*)res;
+                    entry=  res2->getEntry();
+                    std::cout << "Entry:            " << *entry << std::endl; 
+                    delete res;
+                    res=q->getNext();
+                break;
+                case LDAP_RES_SEARCH_REFERENCE :
+                    std::cout << "Reference:         "  << std::endl;
+                    delete res;
+                    res=q->getNext();
+                break;
+                default :
+                    std::cout << ( *(LDAPResult*) res) << std::endl;
+                    delete res;
+                    std::cout  << "-----------------search done" << std::endl;
+                    cont=false;
+                break;
+            }
+        }
+        delete q;
+    }catch (LDAPException e){
+        std::cout << "----------------error during search" << std::endl;
+        delete q;
+        std::cout << e << std::endl;
+    }
+    lc->unbind();
+    */
+}
+
diff --git a/contrib/ldapc++/examples/readSchema.cpp b/contrib/ldapc++/examples/readSchema.cpp
new file mode 100644
index 0000000..4a69cf1
--- /dev/null
+++ b/contrib/ldapc++/examples/readSchema.cpp
@@ -0,0 +1,73 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+#include <sstream>
+#include "LDAPConnection.h"
+#include "LDAPConstraints.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchResults.h"
+#include "LDAPAttribute.h"
+#include "LDAPAttributeList.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPModification.h"
+#include "LDAPSchema.h"
+
+#include "debug.h"
+
+int main(){
+    LDAPConnection *lc=new LDAPConnection("192.168.3.128",389);
+    std::cout << "----------------------doing bind...." <<  std::endl;
+    try{
+        lc->bind("uid=admin,dc=home,dc=local" , "secret");
+        std::cout << lc->getHost() << std::endl;
+        StringList tmp;
+        tmp.add("subschemasubentry");
+        LDAPSearchResults* entries = lc->search("", 
+                        LDAPConnection::SEARCH_BASE,
+                        "(objectClass=*)",
+                        tmp );
+        LDAPEntry* rootDse = entries->getNext();
+        std::string schemabase="cn=subschema";
+
+        if(rootDse){
+            const LDAPAttribute* schemaAttr = rootDse->getAttributes()->getAttributeByName("subschemaSubentry");
+            schemabase = *(schemaAttr->getValues().begin());   
+        }
+        StringList attrs;
+        attrs.add("objectClasses");
+        attrs.add("attributeTypes");
+        entries = lc->search(schemabase, LDAPConnection::SEARCH_BASE, "(objectClass=*)",
+                        attrs);
+        if (entries != 0){
+            LDAPEntry* entry = entries->getNext();
+            if(entry != 0){
+                const LDAPAttribute* oc = entry->getAttributes()->getAttributeByName("objectClasses");
+                LDAPSchema schema;
+                schema.setObjectClasses((oc->getValues()));
+                LDAPObjClass test = schema.getObjectClassByName("inetOrgPerson");
+                std::cout << test.getDesc() << std::endl;
+//                StringList mustAttr = test.getMay();
+//                for( StringList::const_iterator i = mustAttr.begin(); i != mustAttr.end(); i++ ){
+//                    std::cout << *i << std::endl;
+//                }
+                StringList sup = test.getSup();
+                for( StringList::const_iterator i = sup.begin(); i != sup.end(); i++ ){
+                    std::cout << *i << std::endl;
+                }
+            }
+        }
+        
+        lc->unbind();
+        delete lc;
+   }catch (LDAPException e){
+        std::cout << "---------------- caught Exception ---------"<< std::endl;
+        std::cout << e << std::endl;
+    }
+
+}
+
diff --git a/contrib/ldapc++/examples/startTls.cpp b/contrib/ldapc++/examples/startTls.cpp
new file mode 100644
index 0000000..b864cb9
--- /dev/null
+++ b/contrib/ldapc++/examples/startTls.cpp
@@ -0,0 +1,79 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+#include <string>
+#include "LDAPAsynConnection.h"
+#include "TlsOptions.h"
+
+int main( int argc, char* argv[]){
+    if ( argc != 4 ){
+        std::cerr << "usage: " << argv[0] << " <ldap-uri> <cacertfile> <cacertdir>" << std::endl;
+        return(-1);
+    }
+    std::string uri(argv[1]);
+    std::string cacert(argv[2]);
+    std::string cadir(argv[3]);
+    TlsOptions tls;
+    std::cout << "Current global settings:" << std::endl;
+    std::cout << "    CaCertfile: " << tls.getStringOption( TlsOptions::CACERTFILE) << std::endl;
+    std::cout << "    CaCertDir: " << tls.getStringOption( TlsOptions::CACERTDIR ) << std::endl;
+    std::cout << "    Require Cert: " << tls.getIntOption( TlsOptions::REQUIRE_CERT ) << std::endl;
+    std::cout << "Applying new settings:" << std::endl;
+    tls.setOption( TlsOptions::CACERTFILE, cacert );
+    tls.setOption( TlsOptions::REQUIRE_CERT, TlsOptions::DEMAND );
+    std::cout << "    CaCertfile: " << tls.getStringOption( TlsOptions::CACERTFILE ) << std::endl;
+    std::cout << "    Require Cert: " << tls.getIntOption( TlsOptions::REQUIRE_CERT ) << std::endl;
+
+    try {
+        // 1. connect using global options
+        LDAPAsynConnection l(uri);
+        try {
+            l.start_tls();
+            std::cout << "StartTLS successful." << std::endl;
+            l.unbind();
+        } catch ( LDAPException e ) {
+            std::cerr << e << std::endl;
+        }
+
+        // 2. connect using connection specific option
+        LDAPAsynConnection l1(uri);
+        tls=l1.getTlsOptions();
+        std::cout << "Current connection specific settings:" << std::endl;
+        std::cout << "    CaCertfile: " << tls.getStringOption( TlsOptions::CACERTFILE) << std::endl;
+        std::cout << "    CaCertDir: " << tls.getStringOption( TlsOptions::CACERTDIR ) << std::endl;
+        std::cout << "    Require Cert: " << tls.getIntOption( TlsOptions::REQUIRE_CERT ) << std::endl;
+        std::cout << "Applying new settings:" << std::endl;
+        tls.setOption( TlsOptions::CACERTDIR, cadir );
+        tls.setOption( TlsOptions::REQUIRE_CERT, TlsOptions::DEMAND );
+        std::cout << "    CaCertDir: " << tls.getStringOption( TlsOptions::CACERTDIR ) << std::endl;
+        std::cout << "    Require Cert: " << tls.getIntOption( TlsOptions::REQUIRE_CERT ) << std::endl;
+        try {
+            l1.start_tls();
+            std::cout << "StartTLS successful." << std::endl;
+            l1.unbind();
+        } catch ( LDAPException e ) {
+            std::cerr << e << std::endl;
+        }
+
+        // 3. and once again using the globals
+        try {
+            LDAPAsynConnection l2(uri);
+            TlsOptions tls2;
+            std::cout << "Current global settings:" << std::endl;
+            std::cout << "    CaCertfile: " << tls2.getStringOption( TlsOptions::CACERTFILE) << std::endl;
+            std::cout << "    CaCertDir: " << tls2.getStringOption( TlsOptions::CACERTDIR ) << std::endl;
+            std::cout << "    Require Cert: " << tls2.getIntOption( TlsOptions::REQUIRE_CERT ) << std::endl;
+            l2.start_tls();
+            std::cout << "StartTLS successful." << std::endl;
+            l2.unbind();
+        } catch ( LDAPException e ) {
+            std::cerr << e << std::endl;
+        }
+    } catch ( LDAPException e ) {
+        std::cerr << e << std::endl;
+    }
+}
diff --git a/contrib/ldapc++/examples/urlTest.cpp b/contrib/ldapc++/examples/urlTest.cpp
new file mode 100644
index 0000000..6223630
--- /dev/null
+++ b/contrib/ldapc++/examples/urlTest.cpp
@@ -0,0 +1,41 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <LDAPUrl.h>
+#include <LDAPException.h>
+#include <cstdlib>
+#include <iostream>
+
+int main(int argc, char *argv[]) {
+    if ( argc != 2 ) {
+        std::cout << argc << std::endl;
+        std::cout << "urlTest <ldap-URI>" << std::endl;
+        exit(1);
+    }
+    std::string uristr = argv[1];
+    try {
+        LDAPUrl url(uristr);
+        std::cout << "Host: " << url.getHost() << std::endl;
+        std::cout << "Port: " << url.getPort() << std::endl;
+        std::cout << "BaseDN: " << url.getDN() << std::endl;
+        std::cout << "Scope: " << url.getScope() << std::endl;
+        StringList attrs = url.getAttrs();
+        std::cout << "Attrs: " << std::endl;
+        StringList::const_iterator i = attrs.begin();
+        for( ; i != attrs.end(); i++ ) {
+            std::cout << "    " << *i << std::endl;
+        }
+        std::cout << "Filter: " << url.getFilter() << std::endl;
+        std::cout << "Setting new BaseDN" << std::endl;
+        url.setDN("o=Beispiel, c=DE");
+        std::cout << "Url: " << url.getURLString() << std::endl;
+    } catch (LDAPUrlException e) {
+        std::cout << e.getCode() << std::endl;
+        std::cout << e.getErrorMessage() << std::endl;
+        std::cout << e.getAdditionalInfo() << std::endl;
+    }
+
+}
diff --git a/contrib/ldapc++/install-sh b/contrib/ldapc++/install-sh
new file mode 100755
index 0000000..4d4a951
--- /dev/null
+++ b/contrib/ldapc++/install-sh
@@ -0,0 +1,323 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2005-05-14.22
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+chmodcmd="$chmodprog 0755"
+chowncmd=
+chgrpcmd=
+stripcmd=
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=
+dst=
+dir_arg=
+dstarg=
+no_target_directory=
+
+usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+-c         (ignored)
+-d         create directories instead of installing files.
+-g GROUP   $chgrpprog installed files to GROUP.
+-m MODE    $chmodprog installed files to MODE.
+-o USER    $chownprog installed files to USER.
+-s         $stripprog installed files.
+-t DIRECTORY  install into DIRECTORY.
+-T         report an error if DSTFILE is a directory.
+--help     display this help and exit.
+--version  display version info and exit.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG
+"
+
+while test -n "$1"; do
+  case $1 in
+    -c) shift
+        continue;;
+
+    -d) dir_arg=true
+        shift
+        continue;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+        shift
+        shift
+        continue;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) chmodcmd="$chmodprog $2"
+        shift
+        shift
+        continue;;
+
+    -o) chowncmd="$chownprog $2"
+        shift
+        shift
+        continue;;
+
+    -s) stripcmd=$stripprog
+        shift
+        continue;;
+
+    -t) dstarg=$2
+	shift
+	shift
+	continue;;
+
+    -T) no_target_directory=true
+	shift
+	continue;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    *)  # When -d is used, all remaining arguments are directories to create.
+	# When -t is used, the destination is already specified.
+	test -n "$dir_arg$dstarg" && break
+        # Otherwise, the last argument is the destination.  Remove it from $@.
+	for arg
+	do
+          if test -n "$dstarg"; then
+	    # $@ is not empty: it contains at least $arg.
+	    set fnord "$@" "$dstarg"
+	    shift # fnord
+	  fi
+	  shift # arg
+	  dstarg=$arg
+	done
+	break;;
+  esac
+done
+
+if test -z "$1"; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src ;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    src=
+
+    if test -d "$dst"; then
+      mkdircmd=:
+      chmodcmd=
+    else
+      mkdircmd=$mkdirprog
+    fi
+  else
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dstarg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dstarg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst ;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dstarg: Is a directory" >&2
+	exit 1
+      fi
+      dst=$dst/`basename "$src"`
+    fi
+  fi
+
+  # This sed command emulates the dirname command.
+  dstdir=`echo "$dst" | sed -e 's,/*$,,;s,[^/]*$,,;s,/*$,,;s,^$,.,'`
+
+  # Make sure that the destination directory exists.
+
+  # Skip lots of stat calls in the usual case.
+  if test ! -d "$dstdir"; then
+    defaultIFS='
+	 '
+    IFS="${IFS-$defaultIFS}"
+
+    oIFS=$IFS
+    # Some sh's can't handle IFS=/ for some reason.
+    IFS='%'
+    set x `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'`
+    shift
+    IFS=$oIFS
+
+    pathcomp=
+
+    while test $# -ne 0 ; do
+      pathcomp=$pathcomp$1
+      shift
+      if test ! -d "$pathcomp"; then
+        $mkdirprog "$pathcomp"
+	# mkdir can fail with a `File exist' error in case several
+	# install-sh are creating the directory concurrently.  This
+	# is OK.
+	test -d "$pathcomp" || exit
+      fi
+      pathcomp=$pathcomp/
+    done
+  fi
+
+  if test -n "$dir_arg"; then
+    $doit $mkdircmd "$dst" \
+      && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; }
+
+  else
+    dstfile=`basename "$dst"`
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+    trap '(exit $?); exit' 1 2 13 15
+
+    # Copy the file name to the temp name.
+    $doit $cpprog "$src" "$dsttmp" &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \
+      && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \
+      && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \
+      && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } &&
+
+    # Now rename the file to the real destination.
+    { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \
+      || {
+	   # The rename failed, perhaps because mv can't rename something else
+	   # to itself, or perhaps because mv is so ancient that it does not
+	   # support -f.
+
+	   # Now remove or move aside any old file at destination location.
+	   # We try this two ways since rm can't unlink itself on some
+	   # systems and the destination file might be busy for other
+	   # reasons.  In this case, the final cleanup might fail but the new
+	   # file should still install successfully.
+	   {
+	     if test -f "$dstdir/$dstfile"; then
+	       $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \
+	       || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \
+	       || {
+		 echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2
+		 (exit 1); exit 1
+	       }
+	     else
+	       :
+	     fi
+	   } &&
+
+	   # Now rename the file to the real destination.
+	   $doit $mvcmd "$dsttmp" "$dstdir/$dstfile"
+	 }
+    }
+  fi || { (exit 1); exit 1; }
+done
+
+# The final little trick to "correctly" pass the exit status to the exit trap.
+{
+  (exit 0); exit 0
+}
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-end: "$"
+# End:
diff --git a/contrib/ldapc++/ltmain.sh b/contrib/ldapc++/ltmain.sh
new file mode 100644
index 0000000..0f0a2da
--- /dev/null
+++ b/contrib/ldapc++/ltmain.sh
@@ -0,0 +1,11147 @@
+#! /bin/sh
+## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
+##               by inline-source v2014-01-03.01
+
+# libtool (GNU libtool) 2.4.6
+# Provide generalized library-building support services.
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996-2015 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+PROGRAM=libtool
+PACKAGE=libtool
+VERSION=2.4.6
+package_revision=2.4.6
+
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# Run './libtool --help' for help with using this script from the
+# command line.
+
+
+## ------------------------------- ##
+## User overridable command paths. ##
+## ------------------------------- ##
+
+# After configure completes, it has a better idea of some of the
+# shell tools we need than the defaults used by the functions shared
+# with bootstrap, so set those here where they can still be over-
+# ridden by the user, but otherwise take precedence.
+
+: ${AUTOCONF="autoconf"}
+: ${AUTOMAKE="automake"}
+
+
+## -------------------------- ##
+## Source external libraries. ##
+## -------------------------- ##
+
+# Much of our low-level functionality needs to be sourced from external
+# libraries, which are installed to $pkgauxdir.
+
+# Set a version string for this script.
+scriptversion=2015-01-20.17; # UTC
+
+# General shell script boiler plate, and helper functions.
+# Written by Gary V. Vaughan, 2004
+
+# Copyright (C) 2004-2015 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+
+# As a special exception to the GNU General Public License, if you distribute
+# this file as part of a program or library that is built using GNU Libtool,
+# you may include this file under the same distribution terms that you use
+# for the rest of that program.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Please report bugs or propose patches to gary@gnu.org.
+
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# Evaluate this file near the top of your script to gain access to
+# the functions and variables defined here:
+#
+#   . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh
+#
+# If you need to override any of the default environment variable
+# settings, do that before evaluating this file.
+
+
+## -------------------- ##
+## Shell normalisation. ##
+## -------------------- ##
+
+# Some shells need a little help to be as Bourne compatible as possible.
+# Before doing anything else, make sure all that help has been provided!
+
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac
+fi
+
+# NLS nuisances: We save the old values in case they are required later.
+_G_user_locale=
+_G_safe_locale=
+for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+  eval "if test set = \"\${$_G_var+set}\"; then
+          save_$_G_var=\$$_G_var
+          $_G_var=C
+	  export $_G_var
+	  _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\"
+	  _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\"
+	fi"
+done
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Make sure IFS has a sensible default
+sp=' '
+nl='
+'
+IFS="$sp	$nl"
+
+# There are apparently some retarded systems that use ';' as a PATH separator!
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+
+## ------------------------- ##
+## Locate command utilities. ##
+## ------------------------- ##
+
+
+# func_executable_p FILE
+# ----------------------
+# Check that FILE is an executable regular file.
+func_executable_p ()
+{
+    test -f "$1" && test -x "$1"
+}
+
+
+# func_path_progs PROGS_LIST CHECK_FUNC [PATH]
+# --------------------------------------------
+# Search for either a program that responds to --version with output
+# containing "GNU", or else returned by CHECK_FUNC otherwise, by
+# trying all the directories in PATH with each of the elements of
+# PROGS_LIST.
+#
+# CHECK_FUNC should accept the path to a candidate program, and
+# set $func_check_prog_result if it truncates its output less than
+# $_G_path_prog_max characters.
+func_path_progs ()
+{
+    _G_progs_list=$1
+    _G_check_func=$2
+    _G_PATH=${3-"$PATH"}
+
+    _G_path_prog_max=0
+    _G_path_prog_found=false
+    _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:}
+    for _G_dir in $_G_PATH; do
+      IFS=$_G_save_IFS
+      test -z "$_G_dir" && _G_dir=.
+      for _G_prog_name in $_G_progs_list; do
+        for _exeext in '' .EXE; do
+          _G_path_prog=$_G_dir/$_G_prog_name$_exeext
+          func_executable_p "$_G_path_prog" || continue
+          case `"$_G_path_prog" --version 2>&1` in
+            *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;;
+            *)     $_G_check_func $_G_path_prog
+		   func_path_progs_result=$func_check_prog_result
+		   ;;
+          esac
+          $_G_path_prog_found && break 3
+        done
+      done
+    done
+    IFS=$_G_save_IFS
+    test -z "$func_path_progs_result" && {
+      echo "no acceptable sed could be found in \$PATH" >&2
+      exit 1
+    }
+}
+
+
+# We want to be able to use the functions in this file before configure
+# has figured out where the best binaries are kept, which means we have
+# to search for them ourselves - except when the results are already set
+# where we skip the searches.
+
+# Unless the user overrides by setting SED, search the path for either GNU
+# sed, or the sed that truncates its output the least.
+test -z "$SED" && {
+  _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+  for _G_i in 1 2 3 4 5 6 7; do
+    _G_sed_script=$_G_sed_script$nl$_G_sed_script
+  done
+  echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed
+  _G_sed_script=
+
+  func_check_prog_sed ()
+  {
+    _G_path_prog=$1
+
+    _G_count=0
+    printf 0123456789 >conftest.in
+    while :
+    do
+      cat conftest.in conftest.in >conftest.tmp
+      mv conftest.tmp conftest.in
+      cp conftest.in conftest.nl
+      echo '' >> conftest.nl
+      "$_G_path_prog" -f conftest.sed <conftest.nl >conftest.out 2>/dev/null || break
+      diff conftest.out conftest.nl >/dev/null 2>&1 || break
+      _G_count=`expr $_G_count + 1`
+      if test "$_G_count" -gt "$_G_path_prog_max"; then
+        # Best one so far, save it but keep looking for a better one
+        func_check_prog_result=$_G_path_prog
+        _G_path_prog_max=$_G_count
+      fi
+      # 10*(2^10) chars as input seems more than enough
+      test 10 -lt "$_G_count" && break
+    done
+    rm -f conftest.in conftest.tmp conftest.nl conftest.out
+  }
+
+  func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin
+  rm -f conftest.sed
+  SED=$func_path_progs_result
+}
+
+
+# Unless the user overrides by setting GREP, search the path for either GNU
+# grep, or the grep that truncates its output the least.
+test -z "$GREP" && {
+  func_check_prog_grep ()
+  {
+    _G_path_prog=$1
+
+    _G_count=0
+    _G_path_prog_max=0
+    printf 0123456789 >conftest.in
+    while :
+    do
+      cat conftest.in conftest.in >conftest.tmp
+      mv conftest.tmp conftest.in
+      cp conftest.in conftest.nl
+      echo 'GREP' >> conftest.nl
+      "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' <conftest.nl >conftest.out 2>/dev/null || break
+      diff conftest.out conftest.nl >/dev/null 2>&1 || break
+      _G_count=`expr $_G_count + 1`
+      if test "$_G_count" -gt "$_G_path_prog_max"; then
+        # Best one so far, save it but keep looking for a better one
+        func_check_prog_result=$_G_path_prog
+        _G_path_prog_max=$_G_count
+      fi
+      # 10*(2^10) chars as input seems more than enough
+      test 10 -lt "$_G_count" && break
+    done
+    rm -f conftest.in conftest.tmp conftest.nl conftest.out
+  }
+
+  func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin
+  GREP=$func_path_progs_result
+}
+
+
+## ------------------------------- ##
+## User overridable command paths. ##
+## ------------------------------- ##
+
+# All uppercase variable names are used for environment variables.  These
+# variables can be overridden by the user before calling a script that
+# uses them if a suitable command of that name is not already available
+# in the command search PATH.
+
+: ${CP="cp -f"}
+: ${ECHO="printf %s\n"}
+: ${EGREP="$GREP -E"}
+: ${FGREP="$GREP -F"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+
+
+## -------------------- ##
+## Useful sed snippets. ##
+## -------------------- ##
+
+sed_dirname='s|/[^/]*$||'
+sed_basename='s|^.*/||'
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s|\([`"$\\]\)|\\\1|g'
+
+# Same as above, but do not quote variable references.
+sed_double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution that turns a string into a regex matching for the
+# string literally.
+sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g'
+
+# Sed substitution that converts a w32 file name or path
+# that contains forward slashes, into one that contains
+# (escaped) backslashes.  A very naive implementation.
+sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+
+# Re-'\' parameter expansions in output of sed_double_quote_subst that
+# were '\'-ed in input to the same.  If an odd number of '\' preceded a
+# '$' in input to sed_double_quote_subst, that '$' was protected from
+# expansion.  Since each input '\' is now two '\'s, look for any number
+# of runs of four '\'s followed by two '\'s and then a '$'.  '\' that '$'.
+_G_bs='\\'
+_G_bs2='\\\\'
+_G_bs4='\\\\\\\\'
+_G_dollar='\$'
+sed_double_backslash="\
+  s/$_G_bs4/&\\
+/g
+  s/^$_G_bs2$_G_dollar/$_G_bs&/
+  s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g
+  s/\n//g"
+
+
+## ----------------- ##
+## Global variables. ##
+## ----------------- ##
+
+# Except for the global variables explicitly listed below, the following
+# functions in the '^func_' namespace, and the '^require_' namespace
+# variables initialised in the 'Resource management' section, sourcing
+# this file will not pollute your global namespace with anything
+# else. There's no portable way to scope variables in Bourne shell
+# though, so actually running these functions will sometimes place
+# results into a variable named after the function, and often use
+# temporary variables in the '^_G_' namespace. If you are careful to
+# avoid using those namespaces casually in your sourcing script, things
+# should continue to work as you expect. And, of course, you can freely
+# overwrite any of the functions or variables defined here before
+# calling anything to customize them.
+
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63  # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77	  # $? = 77 is used to indicate a skipped test to automake.
+
+# Allow overriding, eg assuming that you follow the convention of
+# putting '$debug_cmd' at the start of all your functions, you can get
+# bash to show function call trace with:
+#
+#    debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name
+debug_cmd=${debug_cmd-":"}
+exit_cmd=:
+
+# By convention, finish your script with:
+#
+#    exit $exit_status
+#
+# so that you can set exit_status to non-zero if you want to indicate
+# something went wrong during execution without actually bailing out at
+# the point of failure.
+exit_status=$EXIT_SUCCESS
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath=$0
+
+# The name of this program.
+progname=`$ECHO "$progpath" |$SED "$sed_basename"`
+
+# Make sure we have an absolute progpath for reexecution:
+case $progpath in
+  [\\/]*|[A-Za-z]:\\*) ;;
+  *[\\/]*)
+     progdir=`$ECHO "$progpath" |$SED "$sed_dirname"`
+     progdir=`cd "$progdir" && pwd`
+     progpath=$progdir/$progname
+     ;;
+  *)
+     _G_IFS=$IFS
+     IFS=${PATH_SEPARATOR-:}
+     for progdir in $PATH; do
+       IFS=$_G_IFS
+       test -x "$progdir/$progname" && break
+     done
+     IFS=$_G_IFS
+     test -n "$progdir" || progdir=`pwd`
+     progpath=$progdir/$progname
+     ;;
+esac
+
+
+## ----------------- ##
+## Standard options. ##
+## ----------------- ##
+
+# The following options affect the operation of the functions defined
+# below, and should be set appropriately depending on run-time para-
+# meters passed on the command line.
+
+opt_dry_run=false
+opt_quiet=false
+opt_verbose=false
+
+# Categories 'all' and 'none' are always available.  Append any others
+# you will pass as the first argument to func_warning from your own
+# code.
+warning_categories=
+
+# By default, display warnings according to 'opt_warning_types'.  Set
+# 'warning_func'  to ':' to elide all warnings, or func_fatal_error to
+# treat the next displayed warning as a fatal error.
+warning_func=func_warn_and_continue
+
+# Set to 'all' to display all warnings, 'none' to suppress all
+# warnings, or a space delimited list of some subset of
+# 'warning_categories' to display only the listed warnings.
+opt_warning_types=all
+
+
+## -------------------- ##
+## Resource management. ##
+## -------------------- ##
+
+# This section contains definitions for functions that each ensure a
+# particular resource (a file, or a non-empty configuration variable for
+# example) is available, and if appropriate to extract default values
+# from pertinent package files. Call them using their associated
+# 'require_*' variable to ensure that they are executed, at most, once.
+#
+# It's entirely deliberate that calling these functions can set
+# variables that don't obey the namespace limitations obeyed by the rest
+# of this file, in order that that they be as useful as possible to
+# callers.
+
+
+# require_term_colors
+# -------------------
+# Allow display of bold text on terminals that support it.
+require_term_colors=func_require_term_colors
+func_require_term_colors ()
+{
+    $debug_cmd
+
+    test -t 1 && {
+      # COLORTERM and USE_ANSI_COLORS environment variables take
+      # precedence, because most terminfo databases neglect to describe
+      # whether color sequences are supported.
+      test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"}
+
+      if test 1 = "$USE_ANSI_COLORS"; then
+        # Standard ANSI escape sequences
+        tc_reset=''
+        tc_bold='';   tc_standout=''
+        tc_red='';   tc_green=''
+        tc_blue='';  tc_cyan=''
+      else
+        # Otherwise trust the terminfo database after all.
+        test -n "`tput sgr0 2>/dev/null`" && {
+          tc_reset=`tput sgr0`
+          test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold`
+          tc_standout=$tc_bold
+          test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso`
+          test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1`
+          test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2`
+          test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4`
+          test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5`
+        }
+      fi
+    }
+
+    require_term_colors=:
+}
+
+
+## ----------------- ##
+## Function library. ##
+## ----------------- ##
+
+# This section contains a variety of useful functions to call in your
+# scripts. Take note of the portable wrappers for features provided by
+# some modern shells, which will fall back to slower equivalents on
+# less featureful shells.
+
+
+# func_append VAR VALUE
+# ---------------------
+# Append VALUE onto the existing contents of VAR.
+
+  # We should try to minimise forks, especially on Windows where they are
+  # unreasonably slow, so skip the feature probes when bash or zsh are
+  # being used:
+  if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then
+    : ${_G_HAVE_ARITH_OP="yes"}
+    : ${_G_HAVE_XSI_OPS="yes"}
+    # The += operator was introduced in bash 3.1
+    case $BASH_VERSION in
+      [12].* | 3.0 | 3.0*) ;;
+      *)
+        : ${_G_HAVE_PLUSEQ_OP="yes"}
+        ;;
+    esac
+  fi
+
+  # _G_HAVE_PLUSEQ_OP
+  # Can be empty, in which case the shell is probed, "yes" if += is
+  # useable or anything else if it does not work.
+  test -z "$_G_HAVE_PLUSEQ_OP" \
+    && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \
+    && _G_HAVE_PLUSEQ_OP=yes
+
+if test yes = "$_G_HAVE_PLUSEQ_OP"
+then
+  # This is an XSI compatible shell, allowing a faster implementation...
+  eval 'func_append ()
+  {
+    $debug_cmd
+
+    eval "$1+=\$2"
+  }'
+else
+  # ...otherwise fall back to using expr, which is often a shell builtin.
+  func_append ()
+  {
+    $debug_cmd
+
+    eval "$1=\$$1\$2"
+  }
+fi
+
+
+# func_append_quoted VAR VALUE
+# ----------------------------
+# Quote VALUE and append to the end of shell variable VAR, separated
+# by a space.
+if test yes = "$_G_HAVE_PLUSEQ_OP"; then
+  eval 'func_append_quoted ()
+  {
+    $debug_cmd
+
+    func_quote_for_eval "$2"
+    eval "$1+=\\ \$func_quote_for_eval_result"
+  }'
+else
+  func_append_quoted ()
+  {
+    $debug_cmd
+
+    func_quote_for_eval "$2"
+    eval "$1=\$$1\\ \$func_quote_for_eval_result"
+  }
+fi
+
+
+# func_append_uniq VAR VALUE
+# --------------------------
+# Append unique VALUE onto the existing contents of VAR, assuming
+# entries are delimited by the first character of VALUE.  For example:
+#
+#   func_append_uniq options " --another-option option-argument"
+#
+# will only append to $options if " --another-option option-argument "
+# is not already present somewhere in $options already (note spaces at
+# each end implied by leading space in second argument).
+func_append_uniq ()
+{
+    $debug_cmd
+
+    eval _G_current_value='`$ECHO $'$1'`'
+    _G_delim=`expr "$2" : '\(.\)'`
+
+    case $_G_delim$_G_current_value$_G_delim in
+      *"$2$_G_delim"*) ;;
+      *) func_append "$@" ;;
+    esac
+}
+
+
+# func_arith TERM...
+# ------------------
+# Set func_arith_result to the result of evaluating TERMs.
+  test -z "$_G_HAVE_ARITH_OP" \
+    && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \
+    && _G_HAVE_ARITH_OP=yes
+
+if test yes = "$_G_HAVE_ARITH_OP"; then
+  eval 'func_arith ()
+  {
+    $debug_cmd
+
+    func_arith_result=$(( $* ))
+  }'
+else
+  func_arith ()
+  {
+    $debug_cmd
+
+    func_arith_result=`expr "$@"`
+  }
+fi
+
+
+# func_basename FILE
+# ------------------
+# Set func_basename_result to FILE with everything up to and including
+# the last / stripped.
+if test yes = "$_G_HAVE_XSI_OPS"; then
+  # If this shell supports suffix pattern removal, then use it to avoid
+  # forking. Hide the definitions single quotes in case the shell chokes
+  # on unsupported syntax...
+  _b='func_basename_result=${1##*/}'
+  _d='case $1 in
+        */*) func_dirname_result=${1%/*}$2 ;;
+        *  ) func_dirname_result=$3        ;;
+      esac'
+
+else
+  # ...otherwise fall back to using sed.
+  _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`'
+  _d='func_dirname_result=`$ECHO "$1"  |$SED "$sed_dirname"`
+      if test "X$func_dirname_result" = "X$1"; then
+        func_dirname_result=$3
+      else
+        func_append func_dirname_result "$2"
+      fi'
+fi
+
+eval 'func_basename ()
+{
+    $debug_cmd
+
+    '"$_b"'
+}'
+
+
+# func_dirname FILE APPEND NONDIR_REPLACEMENT
+# -------------------------------------------
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+eval 'func_dirname ()
+{
+    $debug_cmd
+
+    '"$_d"'
+}'
+
+
+# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT
+# --------------------------------------------------------
+# Perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# For efficiency, we do not delegate to the functions above but instead
+# duplicate the functionality here.
+eval 'func_dirname_and_basename ()
+{
+    $debug_cmd
+
+    '"$_b"'
+    '"$_d"'
+}'
+
+
+# func_echo ARG...
+# ----------------
+# Echo program name prefixed message.
+func_echo ()
+{
+    $debug_cmd
+
+    _G_message=$*
+
+    func_echo_IFS=$IFS
+    IFS=$nl
+    for _G_line in $_G_message; do
+      IFS=$func_echo_IFS
+      $ECHO "$progname: $_G_line"
+    done
+    IFS=$func_echo_IFS
+}
+
+
+# func_echo_all ARG...
+# --------------------
+# Invoke $ECHO with all args, space-separated.
+func_echo_all ()
+{
+    $ECHO "$*"
+}
+
+
+# func_echo_infix_1 INFIX ARG...
+# ------------------------------
+# Echo program name, followed by INFIX on the first line, with any
+# additional lines not showing INFIX.
+func_echo_infix_1 ()
+{
+    $debug_cmd
+
+    $require_term_colors
+
+    _G_infix=$1; shift
+    _G_indent=$_G_infix
+    _G_prefix="$progname: $_G_infix: "
+    _G_message=$*
+
+    # Strip color escape sequences before counting printable length
+    for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan"
+    do
+      test -n "$_G_tc" && {
+        _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"`
+        _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"`
+      }
+    done
+    _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`"  " ## exclude from sc_prohibit_nested_quotes
+
+    func_echo_infix_1_IFS=$IFS
+    IFS=$nl
+    for _G_line in $_G_message; do
+      IFS=$func_echo_infix_1_IFS
+      $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2
+      _G_prefix=$_G_indent
+    done
+    IFS=$func_echo_infix_1_IFS
+}
+
+
+# func_error ARG...
+# -----------------
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+    $debug_cmd
+
+    $require_term_colors
+
+    func_echo_infix_1 "  $tc_standout${tc_red}error$tc_reset" "$*" >&2
+}
+
+
+# func_fatal_error ARG...
+# -----------------------
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+    $debug_cmd
+
+    func_error "$*"
+    exit $EXIT_FAILURE
+}
+
+
+# func_grep EXPRESSION FILENAME
+# -----------------------------
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+    $debug_cmd
+
+    $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_len STRING
+# ---------------
+# Set func_len_result to the length of STRING. STRING may not
+# start with a hyphen.
+  test -z "$_G_HAVE_XSI_OPS" \
+    && (eval 'x=a/b/c;
+      test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
+    && _G_HAVE_XSI_OPS=yes
+
+if test yes = "$_G_HAVE_XSI_OPS"; then
+  eval 'func_len ()
+  {
+    $debug_cmd
+
+    func_len_result=${#1}
+  }'
+else
+  func_len ()
+  {
+    $debug_cmd
+
+    func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+  }
+fi
+
+
+# func_mkdir_p DIRECTORY-PATH
+# ---------------------------
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+    $debug_cmd
+
+    _G_directory_path=$1
+    _G_dir_list=
+
+    if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then
+
+      # Protect directory names starting with '-'
+      case $_G_directory_path in
+        -*) _G_directory_path=./$_G_directory_path ;;
+      esac
+
+      # While some portion of DIR does not yet exist...
+      while test ! -d "$_G_directory_path"; do
+        # ...make a list in topmost first order.  Use a colon delimited
+	# list incase some portion of path contains whitespace.
+        _G_dir_list=$_G_directory_path:$_G_dir_list
+
+        # If the last portion added has no slash in it, the list is done
+        case $_G_directory_path in */*) ;; *) break ;; esac
+
+        # ...otherwise throw away the child directory and loop
+        _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"`
+      done
+      _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'`
+
+      func_mkdir_p_IFS=$IFS; IFS=:
+      for _G_dir in $_G_dir_list; do
+	IFS=$func_mkdir_p_IFS
+        # mkdir can fail with a 'File exist' error if two processes
+        # try to create one of the directories concurrently.  Don't
+        # stop in that case!
+        $MKDIR "$_G_dir" 2>/dev/null || :
+      done
+      IFS=$func_mkdir_p_IFS
+
+      # Bail out if we (or some other process) failed to create a directory.
+      test -d "$_G_directory_path" || \
+        func_fatal_error "Failed to create '$1'"
+    fi
+}
+
+
+# func_mktempdir [BASENAME]
+# -------------------------
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, BASENAME is the basename for that directory.
+func_mktempdir ()
+{
+    $debug_cmd
+
+    _G_template=${TMPDIR-/tmp}/${1-$progname}
+
+    if test : = "$opt_dry_run"; then
+      # Return a directory name, but don't create it in dry-run mode
+      _G_tmpdir=$_G_template-$$
+    else
+
+      # If mktemp works, use that first and foremost
+      _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$_G_tmpdir"; then
+        # Failing that, at least try and use $RANDOM to avoid a race
+        _G_tmpdir=$_G_template-${RANDOM-0}$$
+
+        func_mktempdir_umask=`umask`
+        umask 0077
+        $MKDIR "$_G_tmpdir"
+        umask $func_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$_G_tmpdir" || \
+        func_fatal_error "cannot create temporary directory '$_G_tmpdir'"
+    fi
+
+    $ECHO "$_G_tmpdir"
+}
+
+
+# func_normal_abspath PATH
+# ------------------------
+# Remove doubled-up and trailing slashes, "." path components,
+# and cancel out any ".." path components in PATH after making
+# it an absolute path.
+func_normal_abspath ()
+{
+    $debug_cmd
+
+    # These SED scripts presuppose an absolute path with a trailing slash.
+    _G_pathcar='s|^/\([^/]*\).*$|\1|'
+    _G_pathcdr='s|^/[^/]*||'
+    _G_removedotparts=':dotsl
+		s|/\./|/|g
+		t dotsl
+		s|/\.$|/|'
+    _G_collapseslashes='s|/\{1,\}|/|g'
+    _G_finalslash='s|/*$|/|'
+
+    # Start from root dir and reassemble the path.
+    func_normal_abspath_result=
+    func_normal_abspath_tpath=$1
+    func_normal_abspath_altnamespace=
+    case $func_normal_abspath_tpath in
+      "")
+        # Empty path, that just means $cwd.
+        func_stripname '' '/' "`pwd`"
+        func_normal_abspath_result=$func_stripname_result
+        return
+        ;;
+      # The next three entries are used to spot a run of precisely
+      # two leading slashes without using negated character classes;
+      # we take advantage of case's first-match behaviour.
+      ///*)
+        # Unusual form of absolute path, do nothing.
+        ;;
+      //*)
+        # Not necessarily an ordinary path; POSIX reserves leading '//'
+        # and for example Cygwin uses it to access remote file shares
+        # over CIFS/SMB, so we conserve a leading double slash if found.
+        func_normal_abspath_altnamespace=/
+        ;;
+      /*)
+        # Absolute path, do nothing.
+        ;;
+      *)
+        # Relative path, prepend $cwd.
+        func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath
+        ;;
+    esac
+
+    # Cancel out all the simple stuff to save iterations.  We also want
+    # the path to end with a slash for ease of parsing, so make sure
+    # there is one (and only one) here.
+    func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+          -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"`
+    while :; do
+      # Processed it all yet?
+      if test / = "$func_normal_abspath_tpath"; then
+        # If we ascended to the root using ".." the result may be empty now.
+        if test -z "$func_normal_abspath_result"; then
+          func_normal_abspath_result=/
+        fi
+        break
+      fi
+      func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \
+          -e "$_G_pathcar"`
+      func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \
+          -e "$_G_pathcdr"`
+      # Figure out what to do with it
+      case $func_normal_abspath_tcomponent in
+        "")
+          # Trailing empty path component, ignore it.
+          ;;
+        ..)
+          # Parent dir; strip last assembled component from result.
+          func_dirname "$func_normal_abspath_result"
+          func_normal_abspath_result=$func_dirname_result
+          ;;
+        *)
+          # Actual path component, append it.
+          func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent"
+          ;;
+      esac
+    done
+    # Restore leading double-slash if one was found on entry.
+    func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result
+}
+
+
+# func_notquiet ARG...
+# --------------------
+# Echo program name prefixed message only when not in quiet mode.
+func_notquiet ()
+{
+    $debug_cmd
+
+    $opt_quiet || func_echo ${1+"$@"}
+
+    # A bug in bash halts the script if the last line of a function
+    # fails when set -e is in force, so we need another command to
+    # work around that:
+    :
+}
+
+
+# func_relative_path SRCDIR DSTDIR
+# --------------------------------
+# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR.
+func_relative_path ()
+{
+    $debug_cmd
+
+    func_relative_path_result=
+    func_normal_abspath "$1"
+    func_relative_path_tlibdir=$func_normal_abspath_result
+    func_normal_abspath "$2"
+    func_relative_path_tbindir=$func_normal_abspath_result
+
+    # Ascend the tree starting from libdir
+    while :; do
+      # check if we have found a prefix of bindir
+      case $func_relative_path_tbindir in
+        $func_relative_path_tlibdir)
+          # found an exact match
+          func_relative_path_tcancelled=
+          break
+          ;;
+        $func_relative_path_tlibdir*)
+          # found a matching prefix
+          func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir"
+          func_relative_path_tcancelled=$func_stripname_result
+          if test -z "$func_relative_path_result"; then
+            func_relative_path_result=.
+          fi
+          break
+          ;;
+        *)
+          func_dirname $func_relative_path_tlibdir
+          func_relative_path_tlibdir=$func_dirname_result
+          if test -z "$func_relative_path_tlibdir"; then
+            # Have to descend all the way to the root!
+            func_relative_path_result=../$func_relative_path_result
+            func_relative_path_tcancelled=$func_relative_path_tbindir
+            break
+          fi
+          func_relative_path_result=../$func_relative_path_result
+          ;;
+      esac
+    done
+
+    # Now calculate path; take care to avoid doubling-up slashes.
+    func_stripname '' '/' "$func_relative_path_result"
+    func_relative_path_result=$func_stripname_result
+    func_stripname '/' '/' "$func_relative_path_tcancelled"
+    if test -n "$func_stripname_result"; then
+      func_append func_relative_path_result "/$func_stripname_result"
+    fi
+
+    # Normalisation. If bindir is libdir, return '.' else relative path.
+    if test -n "$func_relative_path_result"; then
+      func_stripname './' '' "$func_relative_path_result"
+      func_relative_path_result=$func_stripname_result
+    fi
+
+    test -n "$func_relative_path_result" || func_relative_path_result=.
+
+    :
+}
+
+
+# func_quote_for_eval ARG...
+# --------------------------
+# Aesthetically quote ARGs to be evaled later.
+# This function returns two values:
+#   i) func_quote_for_eval_result
+#      double-quoted, suitable for a subsequent eval
+#  ii) func_quote_for_eval_unquoted_result
+#      has all characters that are still active within double
+#      quotes backslashified.
+func_quote_for_eval ()
+{
+    $debug_cmd
+
+    func_quote_for_eval_unquoted_result=
+    func_quote_for_eval_result=
+    while test 0 -lt $#; do
+      case $1 in
+        *[\\\`\"\$]*)
+	  _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;;
+        *)
+          _G_unquoted_arg=$1 ;;
+      esac
+      if test -n "$func_quote_for_eval_unquoted_result"; then
+	func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg"
+      else
+        func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg"
+      fi
+
+      case $_G_unquoted_arg in
+        # Double-quote args containing shell metacharacters to delay
+        # word splitting, command substitution and variable expansion
+        # for a subsequent eval.
+        # Many Bourne shells cannot handle close brackets correctly
+        # in scan sets, so we specify it separately.
+        *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+          _G_quoted_arg=\"$_G_unquoted_arg\"
+          ;;
+        *)
+          _G_quoted_arg=$_G_unquoted_arg
+	  ;;
+      esac
+
+      if test -n "$func_quote_for_eval_result"; then
+	func_append func_quote_for_eval_result " $_G_quoted_arg"
+      else
+        func_append func_quote_for_eval_result "$_G_quoted_arg"
+      fi
+      shift
+    done
+}
+
+
+# func_quote_for_expand ARG
+# -------------------------
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+    $debug_cmd
+
+    case $1 in
+      *[\\\`\"]*)
+	_G_arg=`$ECHO "$1" | $SED \
+	    -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;;
+      *)
+        _G_arg=$1 ;;
+    esac
+
+    case $_G_arg in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting and command substitution for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        _G_arg=\"$_G_arg\"
+        ;;
+    esac
+
+    func_quote_for_expand_result=$_G_arg
+}
+
+
+# func_stripname PREFIX SUFFIX NAME
+# ---------------------------------
+# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+if test yes = "$_G_HAVE_XSI_OPS"; then
+  eval 'func_stripname ()
+  {
+    $debug_cmd
+
+    # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+    # positional parameters, so assign one to ordinary variable first.
+    func_stripname_result=$3
+    func_stripname_result=${func_stripname_result#"$1"}
+    func_stripname_result=${func_stripname_result%"$2"}
+  }'
+else
+  func_stripname ()
+  {
+    $debug_cmd
+
+    case $2 in
+      .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;;
+      *)  func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;;
+    esac
+  }
+fi
+
+
+# func_show_eval CMD [FAIL_EXP]
+# -----------------------------
+# Unless opt_quiet is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+    $debug_cmd
+
+    _G_cmd=$1
+    _G_fail_exp=${2-':'}
+
+    func_quote_for_expand "$_G_cmd"
+    eval "func_notquiet $func_quote_for_expand_result"
+
+    $opt_dry_run || {
+      eval "$_G_cmd"
+      _G_status=$?
+      if test 0 -ne "$_G_status"; then
+	eval "(exit $_G_status); $_G_fail_exp"
+      fi
+    }
+}
+
+
+# func_show_eval_locale CMD [FAIL_EXP]
+# ------------------------------------
+# Unless opt_quiet is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.  Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+    $debug_cmd
+
+    _G_cmd=$1
+    _G_fail_exp=${2-':'}
+
+    $opt_quiet || {
+      func_quote_for_expand "$_G_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    $opt_dry_run || {
+      eval "$_G_user_locale
+	    $_G_cmd"
+      _G_status=$?
+      eval "$_G_safe_locale"
+      if test 0 -ne "$_G_status"; then
+	eval "(exit $_G_status); $_G_fail_exp"
+      fi
+    }
+}
+
+
+# func_tr_sh
+# ----------
+# Turn $1 into a string suitable for a shell variable name.
+# Result is stored in $func_tr_sh_result.  All characters
+# not in the set a-zA-Z0-9_ are replaced with '_'. Further,
+# if $1 begins with a digit, a '_' is prepended as well.
+func_tr_sh ()
+{
+    $debug_cmd
+
+    case $1 in
+    [0-9]* | *[!a-zA-Z0-9_]*)
+      func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'`
+      ;;
+    * )
+      func_tr_sh_result=$1
+      ;;
+    esac
+}
+
+
+# func_verbose ARG...
+# -------------------
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+    $debug_cmd
+
+    $opt_verbose && func_echo "$*"
+
+    :
+}
+
+
+# func_warn_and_continue ARG...
+# -----------------------------
+# Echo program name prefixed warning message to standard error.
+func_warn_and_continue ()
+{
+    $debug_cmd
+
+    $require_term_colors
+
+    func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2
+}
+
+
+# func_warning CATEGORY ARG...
+# ----------------------------
+# Echo program name prefixed warning message to standard error. Warning
+# messages can be filtered according to CATEGORY, where this function
+# elides messages where CATEGORY is not listed in the global variable
+# 'opt_warning_types'.
+func_warning ()
+{
+    $debug_cmd
+
+    # CATEGORY must be in the warning_categories list!
+    case " $warning_categories " in
+      *" $1 "*) ;;
+      *) func_internal_error "invalid warning category '$1'" ;;
+    esac
+
+    _G_category=$1
+    shift
+
+    case " $opt_warning_types " in
+      *" $_G_category "*) $warning_func ${1+"$@"} ;;
+    esac
+}
+
+
+# func_sort_ver VER1 VER2
+# -----------------------
+# 'sort -V' is not generally available.
+# Note this deviates from the version comparison in automake
+# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a
+# but this should suffice as we won't be specifying old
+# version formats or redundant trailing .0 in bootstrap.conf.
+# If we did want full compatibility then we should probably
+# use m4_version_compare from autoconf.
+func_sort_ver ()
+{
+    $debug_cmd
+
+    printf '%s\n%s\n' "$1" "$2" \
+      | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n
+}
+
+# func_lt_ver PREV CURR
+# ---------------------
+# Return true if PREV and CURR are in the correct order according to
+# func_sort_ver, otherwise false.  Use it like this:
+#
+#  func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..."
+func_lt_ver ()
+{
+    $debug_cmd
+
+    test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q`
+}
+
+
+# Local variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-time-zone: "UTC"
+# End:
+#! /bin/sh
+
+# Set a version string for this script.
+scriptversion=2014-01-07.03; # UTC
+
+# A portable, pluggable option parser for Bourne shell.
+# Written by Gary V. Vaughan, 2010
+
+# Copyright (C) 2010-2015 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Please report bugs or propose patches to gary@gnu.org.
+
+
+## ------ ##
+## Usage. ##
+## ------ ##
+
+# This file is a library for parsing options in your shell scripts along
+# with assorted other useful supporting features that you can make use
+# of too.
+#
+# For the simplest scripts you might need only:
+#
+#   #!/bin/sh
+#   . relative/path/to/funclib.sh
+#   . relative/path/to/options-parser
+#   scriptversion=1.0
+#   func_options ${1+"$@"}
+#   eval set dummy "$func_options_result"; shift
+#   ...rest of your script...
+#
+# In order for the '--version' option to work, you will need to have a
+# suitably formatted comment like the one at the top of this file
+# starting with '# Written by ' and ending with '# warranty; '.
+#
+# For '-h' and '--help' to work, you will also need a one line
+# description of your script's purpose in a comment directly above the
+# '# Written by ' line, like the one at the top of this file.
+#
+# The default options also support '--debug', which will turn on shell
+# execution tracing (see the comment above debug_cmd below for another
+# use), and '--verbose' and the func_verbose function to allow your script
+# to display verbose messages only when your user has specified
+# '--verbose'.
+#
+# After sourcing this file, you can plug processing for additional
+# options by amending the variables from the 'Configuration' section
+# below, and following the instructions in the 'Option parsing'
+# section further down.
+
+## -------------- ##
+## Configuration. ##
+## -------------- ##
+
+# You should override these variables in your script after sourcing this
+# file so that they reflect the customisations you have added to the
+# option parser.
+
+# The usage line for option parsing errors and the start of '-h' and
+# '--help' output messages. You can embed shell variables for delayed
+# expansion at the time the message is displayed, but you will need to
+# quote other shell meta-characters carefully to prevent them being
+# expanded when the contents are evaled.
+usage='$progpath [OPTION]...'
+
+# Short help message in response to '-h' and '--help'.  Add to this or
+# override it after sourcing this library to reflect the full set of
+# options your script accepts.
+usage_message="\
+       --debug        enable verbose shell tracing
+   -W, --warnings=CATEGORY
+                      report the warnings falling in CATEGORY [all]
+   -v, --verbose      verbosely report processing
+       --version      print version information and exit
+   -h, --help         print short or long help message and exit
+"
+
+# Additional text appended to 'usage_message' in response to '--help'.
+long_help_message="
+Warning categories include:
+       'all'          show all warnings
+       'none'         turn off all the warnings
+       'error'        warnings are treated as fatal errors"
+
+# Help message printed before fatal option parsing errors.
+fatal_help="Try '\$progname --help' for more information."
+
+
+
+## ------------------------- ##
+## Hook function management. ##
+## ------------------------- ##
+
+# This section contains functions for adding, removing, and running hooks
+# to the main code.  A hook is just a named list of of function, that can
+# be run in order later on.
+
+# func_hookable FUNC_NAME
+# -----------------------
+# Declare that FUNC_NAME will run hooks added with
+# 'func_add_hook FUNC_NAME ...'.
+func_hookable ()
+{
+    $debug_cmd
+
+    func_append hookable_fns " $1"
+}
+
+
+# func_add_hook FUNC_NAME HOOK_FUNC
+# ---------------------------------
+# Request that FUNC_NAME call HOOK_FUNC before it returns.  FUNC_NAME must
+# first have been declared "hookable" by a call to 'func_hookable'.
+func_add_hook ()
+{
+    $debug_cmd
+
+    case " $hookable_fns " in
+      *" $1 "*) ;;
+      *) func_fatal_error "'$1' does not accept hook functions." ;;
+    esac
+
+    eval func_append ${1}_hooks '" $2"'
+}
+
+
+# func_remove_hook FUNC_NAME HOOK_FUNC
+# ------------------------------------
+# Remove HOOK_FUNC from the list of functions called by FUNC_NAME.
+func_remove_hook ()
+{
+    $debug_cmd
+
+    eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`'
+}
+
+
+# func_run_hooks FUNC_NAME [ARG]...
+# ---------------------------------
+# Run all hook functions registered to FUNC_NAME.
+# It is assumed that the list of hook functions contains nothing more
+# than a whitespace-delimited list of legal shell function names, and
+# no effort is wasted trying to catch shell meta-characters or preserve
+# whitespace.
+func_run_hooks ()
+{
+    $debug_cmd
+
+    case " $hookable_fns " in
+      *" $1 "*) ;;
+      *) func_fatal_error "'$1' does not support hook funcions.n" ;;
+    esac
+
+    eval _G_hook_fns=\$$1_hooks; shift
+
+    for _G_hook in $_G_hook_fns; do
+      eval $_G_hook '"$@"'
+
+      # store returned options list back into positional
+      # parameters for next 'cmd' execution.
+      eval _G_hook_result=\$${_G_hook}_result
+      eval set dummy "$_G_hook_result"; shift
+    done
+
+    func_quote_for_eval ${1+"$@"}
+    func_run_hooks_result=$func_quote_for_eval_result
+}
+
+
+
+## --------------- ##
+## Option parsing. ##
+## --------------- ##
+
+# In order to add your own option parsing hooks, you must accept the
+# full positional parameter list in your hook function, remove any
+# options that you action, and then pass back the remaining unprocessed
+# options in '<hooked_function_name>_result', escaped suitably for
+# 'eval'.  Like this:
+#
+#    my_options_prep ()
+#    {
+#        $debug_cmd
+#
+#        # Extend the existing usage message.
+#        usage_message=$usage_message'
+#      -s, --silent       don'\''t print informational messages
+#    '
+#
+#        func_quote_for_eval ${1+"$@"}
+#        my_options_prep_result=$func_quote_for_eval_result
+#    }
+#    func_add_hook func_options_prep my_options_prep
+#
+#
+#    my_silent_option ()
+#    {
+#        $debug_cmd
+#
+#        # Note that for efficiency, we parse as many options as we can
+#        # recognise in a loop before passing the remainder back to the
+#        # caller on the first unrecognised argument we encounter.
+#        while test $# -gt 0; do
+#          opt=$1; shift
+#          case $opt in
+#            --silent|-s) opt_silent=: ;;
+#            # Separate non-argument short options:
+#            -s*)         func_split_short_opt "$_G_opt"
+#                         set dummy "$func_split_short_opt_name" \
+#                             "-$func_split_short_opt_arg" ${1+"$@"}
+#                         shift
+#                         ;;
+#            *)            set dummy "$_G_opt" "$*"; shift; break ;;
+#          esac
+#        done
+#
+#        func_quote_for_eval ${1+"$@"}
+#        my_silent_option_result=$func_quote_for_eval_result
+#    }
+#    func_add_hook func_parse_options my_silent_option
+#
+#
+#    my_option_validation ()
+#    {
+#        $debug_cmd
+#
+#        $opt_silent && $opt_verbose && func_fatal_help "\
+#    '--silent' and '--verbose' options are mutually exclusive."
+#
+#        func_quote_for_eval ${1+"$@"}
+#        my_option_validation_result=$func_quote_for_eval_result
+#    }
+#    func_add_hook func_validate_options my_option_validation
+#
+# You'll alse need to manually amend $usage_message to reflect the extra
+# options you parse.  It's preferable to append if you can, so that
+# multiple option parsing hooks can be added safely.
+
+
+# func_options [ARG]...
+# ---------------------
+# All the functions called inside func_options are hookable. See the
+# individual implementations for details.
+func_hookable func_options
+func_options ()
+{
+    $debug_cmd
+
+    func_options_prep ${1+"$@"}
+    eval func_parse_options \
+        ${func_options_prep_result+"$func_options_prep_result"}
+    eval func_validate_options \
+        ${func_parse_options_result+"$func_parse_options_result"}
+
+    eval func_run_hooks func_options \
+        ${func_validate_options_result+"$func_validate_options_result"}
+
+    # save modified positional parameters for caller
+    func_options_result=$func_run_hooks_result
+}
+
+
+# func_options_prep [ARG]...
+# --------------------------
+# All initialisations required before starting the option parse loop.
+# Note that when calling hook functions, we pass through the list of
+# positional parameters.  If a hook function modifies that list, and
+# needs to propogate that back to rest of this script, then the complete
+# modified list must be put in 'func_run_hooks_result' before
+# returning.
+func_hookable func_options_prep
+func_options_prep ()
+{
+    $debug_cmd
+
+    # Option defaults:
+    opt_verbose=false
+    opt_warning_types=
+
+    func_run_hooks func_options_prep ${1+"$@"}
+
+    # save modified positional parameters for caller
+    func_options_prep_result=$func_run_hooks_result
+}
+
+
+# func_parse_options [ARG]...
+# ---------------------------
+# The main option parsing loop.
+func_hookable func_parse_options
+func_parse_options ()
+{
+    $debug_cmd
+
+    func_parse_options_result=
+
+    # this just eases exit handling
+    while test $# -gt 0; do
+      # Defer to hook functions for initial option parsing, so they
+      # get priority in the event of reusing an option name.
+      func_run_hooks func_parse_options ${1+"$@"}
+
+      # Adjust func_parse_options positional parameters to match
+      eval set dummy "$func_run_hooks_result"; shift
+
+      # Break out of the loop if we already parsed every option.
+      test $# -gt 0 || break
+
+      _G_opt=$1
+      shift
+      case $_G_opt in
+        --debug|-x)   debug_cmd='set -x'
+                      func_echo "enabling shell trace mode"
+                      $debug_cmd
+                      ;;
+
+        --no-warnings|--no-warning|--no-warn)
+                      set dummy --warnings none ${1+"$@"}
+                      shift
+		      ;;
+
+        --warnings|--warning|-W)
+                      test $# = 0 && func_missing_arg $_G_opt && break
+                      case " $warning_categories $1" in
+                        *" $1 "*)
+                          # trailing space prevents matching last $1 above
+                          func_append_uniq opt_warning_types " $1"
+                          ;;
+                        *all)
+                          opt_warning_types=$warning_categories
+                          ;;
+                        *none)
+                          opt_warning_types=none
+                          warning_func=:
+                          ;;
+                        *error)
+                          opt_warning_types=$warning_categories
+                          warning_func=func_fatal_error
+                          ;;
+                        *)
+                          func_fatal_error \
+                             "unsupported warning category: '$1'"
+                          ;;
+                      esac
+                      shift
+                      ;;
+
+        --verbose|-v) opt_verbose=: ;;
+        --version)    func_version ;;
+        -\?|-h)       func_usage ;;
+        --help)       func_help ;;
+
+	# Separate optargs to long options (plugins may need this):
+	--*=*)        func_split_equals "$_G_opt"
+	              set dummy "$func_split_equals_lhs" \
+                          "$func_split_equals_rhs" ${1+"$@"}
+                      shift
+                      ;;
+
+       # Separate optargs to short options:
+        -W*)
+                      func_split_short_opt "$_G_opt"
+                      set dummy "$func_split_short_opt_name" \
+                          "$func_split_short_opt_arg" ${1+"$@"}
+                      shift
+                      ;;
+
+        # Separate non-argument short options:
+        -\?*|-h*|-v*|-x*)
+                      func_split_short_opt "$_G_opt"
+                      set dummy "$func_split_short_opt_name" \
+                          "-$func_split_short_opt_arg" ${1+"$@"}
+                      shift
+                      ;;
+
+        --)           break ;;
+        -*)           func_fatal_help "unrecognised option: '$_G_opt'" ;;
+        *)            set dummy "$_G_opt" ${1+"$@"}; shift; break ;;
+      esac
+    done
+
+    # save modified positional parameters for caller
+    func_quote_for_eval ${1+"$@"}
+    func_parse_options_result=$func_quote_for_eval_result
+}
+
+
+# func_validate_options [ARG]...
+# ------------------------------
+# Perform any sanity checks on option settings and/or unconsumed
+# arguments.
+func_hookable func_validate_options
+func_validate_options ()
+{
+    $debug_cmd
+
+    # Display all warnings if -W was not given.
+    test -n "$opt_warning_types" || opt_warning_types=" $warning_categories"
+
+    func_run_hooks func_validate_options ${1+"$@"}
+
+    # Bail if the options were screwed!
+    $exit_cmd $EXIT_FAILURE
+
+    # save modified positional parameters for caller
+    func_validate_options_result=$func_run_hooks_result
+}
+
+
+
+## ----------------- ##
+## Helper functions. ##
+## ----------------- ##
+
+# This section contains the helper functions used by the rest of the
+# hookable option parser framework in ascii-betical order.
+
+
+# func_fatal_help ARG...
+# ----------------------
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+    $debug_cmd
+
+    eval \$ECHO \""Usage: $usage"\"
+    eval \$ECHO \""$fatal_help"\"
+    func_error ${1+"$@"}
+    exit $EXIT_FAILURE
+}
+
+
+# func_help
+# ---------
+# Echo long help message to standard output and exit.
+func_help ()
+{
+    $debug_cmd
+
+    func_usage_message
+    $ECHO "$long_help_message"
+    exit 0
+}
+
+
+# func_missing_arg ARGNAME
+# ------------------------
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+    $debug_cmd
+
+    func_error "Missing argument for '$1'."
+    exit_cmd=exit
+}
+
+
+# func_split_equals STRING
+# ------------------------
+# Set func_split_equals_lhs and func_split_equals_rhs shell variables after
+# splitting STRING at the '=' sign.
+test -z "$_G_HAVE_XSI_OPS" \
+    && (eval 'x=a/b/c;
+      test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \
+    && _G_HAVE_XSI_OPS=yes
+
+if test yes = "$_G_HAVE_XSI_OPS"
+then
+  # This is an XSI compatible shell, allowing a faster implementation...
+  eval 'func_split_equals ()
+  {
+      $debug_cmd
+
+      func_split_equals_lhs=${1%%=*}
+      func_split_equals_rhs=${1#*=}
+      test "x$func_split_equals_lhs" = "x$1" \
+        && func_split_equals_rhs=
+  }'
+else
+  # ...otherwise fall back to using expr, which is often a shell builtin.
+  func_split_equals ()
+  {
+      $debug_cmd
+
+      func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'`
+      func_split_equals_rhs=
+      test "x$func_split_equals_lhs" = "x$1" \
+        || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'`
+  }
+fi #func_split_equals
+
+
+# func_split_short_opt SHORTOPT
+# -----------------------------
+# Set func_split_short_opt_name and func_split_short_opt_arg shell
+# variables after splitting SHORTOPT after the 2nd character.
+if test yes = "$_G_HAVE_XSI_OPS"
+then
+  # This is an XSI compatible shell, allowing a faster implementation...
+  eval 'func_split_short_opt ()
+  {
+      $debug_cmd
+
+      func_split_short_opt_arg=${1#??}
+      func_split_short_opt_name=${1%"$func_split_short_opt_arg"}
+  }'
+else
+  # ...otherwise fall back to using expr, which is often a shell builtin.
+  func_split_short_opt ()
+  {
+      $debug_cmd
+
+      func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'`
+      func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'`
+  }
+fi #func_split_short_opt
+
+
+# func_usage
+# ----------
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+    $debug_cmd
+
+    func_usage_message
+    $ECHO "Run '$progname --help |${PAGER-more}' for full usage"
+    exit 0
+}
+
+
+# func_usage_message
+# ------------------
+# Echo short help message to standard output.
+func_usage_message ()
+{
+    $debug_cmd
+
+    eval \$ECHO \""Usage: $usage"\"
+    echo
+    $SED -n 's|^# ||
+        /^Written by/{
+          x;p;x
+        }
+	h
+	/^Written by/q' < "$progpath"
+    echo
+    eval \$ECHO \""$usage_message"\"
+}
+
+
+# func_version
+# ------------
+# Echo version message to standard output and exit.
+func_version ()
+{
+    $debug_cmd
+
+    printf '%s\n' "$progname $scriptversion"
+    $SED -n '
+        /(C)/!b go
+        :more
+        /\./!{
+          N
+          s|\n# | |
+          b more
+        }
+        :go
+        /^# Written by /,/# warranty; / {
+          s|^# ||
+          s|^# *$||
+          s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2|
+          p
+        }
+        /^# Written by / {
+          s|^# ||
+          p
+        }
+        /^warranty; /q' < "$progpath"
+
+    exit $?
+}
+
+
+# Local variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'before-save-hook 'time-stamp)
+# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC"
+# time-stamp-time-zone: "UTC"
+# End:
+
+# Set a version string.
+scriptversion='(GNU libtool) 2.4.6'
+
+
+# func_echo ARG...
+# ----------------
+# Libtool also displays the current mode in messages, so override
+# funclib.sh func_echo with this custom definition.
+func_echo ()
+{
+    $debug_cmd
+
+    _G_message=$*
+
+    func_echo_IFS=$IFS
+    IFS=$nl
+    for _G_line in $_G_message; do
+      IFS=$func_echo_IFS
+      $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line"
+    done
+    IFS=$func_echo_IFS
+}
+
+
+# func_warning ARG...
+# -------------------
+# Libtool warnings are not categorized, so override funclib.sh
+# func_warning with this simpler definition.
+func_warning ()
+{
+    $debug_cmd
+
+    $warning_func ${1+"$@"}
+}
+
+
+## ---------------- ##
+## Options parsing. ##
+## ---------------- ##
+
+# Hook in the functions to make sure our own options are parsed during
+# the option parsing loop.
+
+usage='$progpath [OPTION]... [MODE-ARG]...'
+
+# Short help message in response to '-h'.
+usage_message="Options:
+       --config             show all configuration variables
+       --debug              enable verbose shell tracing
+   -n, --dry-run            display commands without modifying any files
+       --features           display basic configuration information and exit
+       --mode=MODE          use operation mode MODE
+       --no-warnings        equivalent to '-Wnone'
+       --preserve-dup-deps  don't remove duplicate dependency libraries
+       --quiet, --silent    don't print informational messages
+       --tag=TAG            use configuration variables from tag TAG
+   -v, --verbose            print more informational messages than default
+       --version            print version information
+   -W, --warnings=CATEGORY  report the warnings falling in CATEGORY [all]
+   -h, --help, --help-all   print short, long, or detailed help message
+"
+
+# Additional text appended to 'usage_message' in response to '--help'.
+func_help ()
+{
+    $debug_cmd
+
+    func_usage_message
+    $ECHO "$long_help_message
+
+MODE must be one of the following:
+
+       clean           remove files from the build directory
+       compile         compile a source file into a libtool object
+       execute         automatically set library path, then run a program
+       finish          complete the installation of libtool libraries
+       install         install libraries or executables
+       link            create a library or an executable
+       uninstall       remove libraries from an installed directory
+
+MODE-ARGS vary depending on the MODE.  When passed as first option,
+'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that.
+Try '$progname --help --mode=MODE' for a more detailed description of MODE.
+
+When reporting a bug, please describe a test case to reproduce it and
+include the following information:
+
+       host-triplet:   $host
+       shell:          $SHELL
+       compiler:       $LTCC
+       compiler flags: $LTCFLAGS
+       linker:         $LD (gnu? $with_gnu_ld)
+       version:        $progname (GNU libtool) 2.4.6
+       automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
+       autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
+
+Report bugs to <bug-libtool@gnu.org>.
+GNU libtool home page: <http://www.gnu.org/software/libtool/>.
+General help using GNU software: <http://www.gnu.org/gethelp/>."
+    exit 0
+}
+
+
+# func_lo2o OBJECT-NAME
+# ---------------------
+# Transform OBJECT-NAME from a '.lo' suffix to the platform specific
+# object suffix.
+
+lo2o=s/\\.lo\$/.$objext/
+o2lo=s/\\.$objext\$/.lo/
+
+if test yes = "$_G_HAVE_XSI_OPS"; then
+  eval 'func_lo2o ()
+  {
+    case $1 in
+      *.lo) func_lo2o_result=${1%.lo}.$objext ;;
+      *   ) func_lo2o_result=$1               ;;
+    esac
+  }'
+
+  # func_xform LIBOBJ-OR-SOURCE
+  # ---------------------------
+  # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise)
+  # suffix to a '.lo' libtool-object suffix.
+  eval 'func_xform ()
+  {
+    func_xform_result=${1%.*}.lo
+  }'
+else
+  # ...otherwise fall back to using sed.
+  func_lo2o ()
+  {
+    func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"`
+  }
+
+  func_xform ()
+  {
+    func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'`
+  }
+fi
+
+
+# func_fatal_configuration ARG...
+# -------------------------------
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+    func__fatal_error ${1+"$@"} \
+      "See the $PACKAGE documentation for more information." \
+      "Fatal configuration error."
+}
+
+
+# func_config
+# -----------
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+    re_begincf='^# ### BEGIN LIBTOOL'
+    re_endcf='^# ### END LIBTOOL'
+
+    # Default configuration.
+    $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+    done
+
+    exit $?
+}
+
+
+# func_features
+# -------------
+# Display the features supported by this script.
+func_features ()
+{
+    echo "host: $host"
+    if test yes = "$build_libtool_libs"; then
+      echo "enable shared libraries"
+    else
+      echo "disable shared libraries"
+    fi
+    if test yes = "$build_old_libs"; then
+      echo "enable static libraries"
+    else
+      echo "disable static libraries"
+    fi
+
+    exit $?
+}
+
+
+# func_enable_tag TAGNAME
+# -----------------------
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag.  We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+    # Global variable:
+    tagname=$1
+
+    re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+    re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+    sed_extractcf=/$re_begincf/,/$re_endcf/p
+
+    # Validate tagname.
+    case $tagname in
+      *[!-_A-Za-z0-9,/]*)
+        func_fatal_error "invalid tag name: $tagname"
+        ;;
+    esac
+
+    # Don't test for the "default" C tag, as we know it's
+    # there but not specially marked.
+    case $tagname in
+        CC) ;;
+    *)
+        if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+	  taglist="$taglist $tagname"
+
+	  # Evaluate the configuration.  Be careful to quote the path
+	  # and the sed script, to avoid splitting on whitespace, but
+	  # also don't use non-portable quotes within backquotes within
+	  # quotes we have to do it in 2 steps:
+	  extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+	  eval "$extractedcf"
+        else
+	  func_error "ignoring unknown tag $tagname"
+        fi
+        ;;
+    esac
+}
+
+
+# func_check_version_match
+# ------------------------
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+    if test "$package_revision" != "$macro_revision"; then
+      if test "$VERSION" != "$macro_version"; then
+        if test -z "$macro_version"; then
+          cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+        else
+          cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+        fi
+      else
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+      fi
+
+      exit $EXIT_MISMATCH
+    fi
+}
+
+
+# libtool_options_prep [ARG]...
+# -----------------------------
+# Preparation for options parsed by libtool.
+libtool_options_prep ()
+{
+    $debug_mode
+
+    # Option defaults:
+    opt_config=false
+    opt_dlopen=
+    opt_dry_run=false
+    opt_help=false
+    opt_mode=
+    opt_preserve_dup_deps=false
+    opt_quiet=false
+
+    nonopt=
+    preserve_args=
+
+    # Shorthand for --mode=foo, only valid as the first argument
+    case $1 in
+    clean|clea|cle|cl)
+      shift; set dummy --mode clean ${1+"$@"}; shift
+      ;;
+    compile|compil|compi|comp|com|co|c)
+      shift; set dummy --mode compile ${1+"$@"}; shift
+      ;;
+    execute|execut|execu|exec|exe|ex|e)
+      shift; set dummy --mode execute ${1+"$@"}; shift
+      ;;
+    finish|finis|fini|fin|fi|f)
+      shift; set dummy --mode finish ${1+"$@"}; shift
+      ;;
+    install|instal|insta|inst|ins|in|i)
+      shift; set dummy --mode install ${1+"$@"}; shift
+      ;;
+    link|lin|li|l)
+      shift; set dummy --mode link ${1+"$@"}; shift
+      ;;
+    uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+      shift; set dummy --mode uninstall ${1+"$@"}; shift
+      ;;
+    esac
+
+    # Pass back the list of options.
+    func_quote_for_eval ${1+"$@"}
+    libtool_options_prep_result=$func_quote_for_eval_result
+}
+func_add_hook func_options_prep libtool_options_prep
+
+
+# libtool_parse_options [ARG]...
+# ---------------------------------
+# Provide handling for libtool specific options.
+libtool_parse_options ()
+{
+    $debug_cmd
+
+    # Perform our own loop to consume as many options as possible in
+    # each iteration.
+    while test $# -gt 0; do
+      _G_opt=$1
+      shift
+      case $_G_opt in
+        --dry-run|--dryrun|-n)
+                        opt_dry_run=:
+                        ;;
+
+        --config)       func_config ;;
+
+        --dlopen|-dlopen)
+                        opt_dlopen="${opt_dlopen+$opt_dlopen
+}$1"
+                        shift
+                        ;;
+
+        --preserve-dup-deps)
+                        opt_preserve_dup_deps=: ;;
+
+        --features)     func_features ;;
+
+        --finish)       set dummy --mode finish ${1+"$@"}; shift ;;
+
+        --help)         opt_help=: ;;
+
+        --help-all)     opt_help=': help-all' ;;
+
+        --mode)         test $# = 0 && func_missing_arg $_G_opt && break
+                        opt_mode=$1
+                        case $1 in
+                          # Valid mode arguments:
+                          clean|compile|execute|finish|install|link|relink|uninstall) ;;
+
+                          # Catch anything else as an error
+                          *) func_error "invalid argument for $_G_opt"
+                             exit_cmd=exit
+                             break
+                             ;;
+                        esac
+                        shift
+                        ;;
+
+        --no-silent|--no-quiet)
+                        opt_quiet=false
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
+        --no-warnings|--no-warning|--no-warn)
+                        opt_warning=false
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
+        --no-verbose)
+                        opt_verbose=false
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
+        --silent|--quiet)
+                        opt_quiet=:
+                        opt_verbose=false
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
+        --tag)          test $# = 0 && func_missing_arg $_G_opt && break
+                        opt_tag=$1
+                        func_append preserve_args " $_G_opt $1"
+                        func_enable_tag "$1"
+                        shift
+                        ;;
+
+        --verbose|-v)   opt_quiet=false
+                        opt_verbose=:
+                        func_append preserve_args " $_G_opt"
+                        ;;
+
+	# An option not handled by this hook function:
+        *)		set dummy "$_G_opt" ${1+"$@"};	shift; break  ;;
+      esac
+    done
+
+
+    # save modified positional parameters for caller
+    func_quote_for_eval ${1+"$@"}
+    libtool_parse_options_result=$func_quote_for_eval_result
+}
+func_add_hook func_parse_options libtool_parse_options
+
+
+
+# libtool_validate_options [ARG]...
+# ---------------------------------
+# Perform any sanity checks on option settings and/or unconsumed
+# arguments.
+libtool_validate_options ()
+{
+    # save first non-option argument
+    if test 0 -lt $#; then
+      nonopt=$1
+      shift
+    fi
+
+    # preserve --debug
+    test : = "$debug_cmd" || func_append preserve_args " --debug"
+
+    case $host in
+      # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452
+      # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788
+      *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*)
+        # don't eliminate duplications in $postdeps and $predeps
+        opt_duplicate_compiler_generated_deps=:
+        ;;
+      *)
+        opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps
+        ;;
+    esac
+
+    $opt_help || {
+      # Sanity checks first:
+      func_check_version_match
+
+      test yes != "$build_libtool_libs" \
+        && test yes != "$build_old_libs" \
+        && func_fatal_configuration "not configured to build any kind of library"
+
+      # Darwin sucks
+      eval std_shrext=\"$shrext_cmds\"
+
+      # Only execute mode is allowed to have -dlopen flags.
+      if test -n "$opt_dlopen" && test execute != "$opt_mode"; then
+        func_error "unrecognized option '-dlopen'"
+        $ECHO "$help" 1>&2
+        exit $EXIT_FAILURE
+      fi
+
+      # Change the help message to a mode-specific one.
+      generic_help=$help
+      help="Try '$progname --help --mode=$opt_mode' for more information."
+    }
+
+    # Pass back the unparsed argument list
+    func_quote_for_eval ${1+"$@"}
+    libtool_validate_options_result=$func_quote_for_eval_result
+}
+func_add_hook func_validate_options libtool_validate_options
+
+
+# Process options as early as possible so that --help and --version
+# can return quickly.
+func_options ${1+"$@"}
+eval set dummy "$func_options_result"; shift
+
+
+
+## ----------- ##
+##    Main.    ##
+## ----------- ##
+
+magic='%%%MAGIC variable%%%'
+magic_exe='%%%MAGIC EXE variable%%%'
+
+# Global variables.
+extracted_archives=
+extracted_serial=0
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end.  This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+  eval 'cat <<_LTECHO_EOF
+$1
+_LTECHO_EOF'
+}
+
+# func_generated_by_libtool
+# True iff stdin has been generated by Libtool. This function is only
+# a basic sanity check; it will hardly flush out determined imposters.
+func_generated_by_libtool_p ()
+{
+  $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_p file
+# True iff FILE is a libtool '.la' library or '.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+    test -f "$1" &&
+      $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool '.la' library or '.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs.  To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway.  Works if 'file' does not exist.
+func_lalib_unsafe_p ()
+{
+    lalib_p=no
+    if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+	for lalib_p_l in 1 2 3 4
+	do
+	    read lalib_p_line
+	    case $lalib_p_line in
+		\#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+	    esac
+	done
+	exec 0<&5 5<&-
+    fi
+    test yes = "$lalib_p"
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+    test -f "$1" &&
+      $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+    func_ltwrapper_exec_suffix=
+    case $1 in
+    *.exe) ;;
+    *) func_ltwrapper_exec_suffix=.exe ;;
+    esac
+    $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+    func_dirname_and_basename "$1" "" "."
+    func_stripname '' '.exe' "$func_basename_result"
+    func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+    func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+    $debug_cmd
+
+    save_ifs=$IFS; IFS='~'
+    for cmd in $1; do
+      IFS=$sp$nl
+      eval cmd=\"$cmd\"
+      IFS=$save_ifs
+      func_show_eval "$cmd" "${2-:}"
+    done
+    IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)!  Also, sourcing
+# 'FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+    $debug_cmd
+
+    case $1 in
+    */* | *\\*)	. "$1" ;;
+    *)		. "./$1" ;;
+    esac
+}
+
+
+# func_resolve_sysroot PATH
+# Replace a leading = in PATH with a sysroot.  Store the result into
+# func_resolve_sysroot_result
+func_resolve_sysroot ()
+{
+  func_resolve_sysroot_result=$1
+  case $func_resolve_sysroot_result in
+  =*)
+    func_stripname '=' '' "$func_resolve_sysroot_result"
+    func_resolve_sysroot_result=$lt_sysroot$func_stripname_result
+    ;;
+  esac
+}
+
+# func_replace_sysroot PATH
+# If PATH begins with the sysroot, replace it with = and
+# store the result into func_replace_sysroot_result.
+func_replace_sysroot ()
+{
+  case $lt_sysroot:$1 in
+  ?*:"$lt_sysroot"*)
+    func_stripname "$lt_sysroot" '' "$1"
+    func_replace_sysroot_result='='$func_stripname_result
+    ;;
+  *)
+    # Including no sysroot.
+    func_replace_sysroot_result=$1
+    ;;
+  esac
+}
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    $debug_cmd
+
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+	func_append_quoted CC_quoted "$arg"
+      done
+      CC_expanded=`func_echo_all $CC`
+      CC_quoted_expanded=`func_echo_all $CC_quoted`
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
+      " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	      # Double-quote args containing other shell metacharacters.
+	      func_append_quoted CC_quoted "$arg"
+	    done
+	    CC_expanded=`func_echo_all $CC`
+	    CC_quoted_expanded=`func_echo_all $CC_quoted`
+	    case "$@ " in
+	    " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \
+	    " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  func_echo "unable to infer tagged configuration"
+	  func_fatal_error "specify a tag with '--tag'"
+#	else
+#	  func_verbose "using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+    write_libobj=$1
+    if test yes = "$build_libtool_libs"; then
+      write_lobj=\'$2\'
+    else
+      write_lobj=none
+    fi
+
+    if test yes = "$build_old_libs"; then
+      write_oldobj=\'$3\'
+    else
+      write_oldobj=none
+    fi
+
+    $opt_dry_run || {
+      cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+      $MV "${write_libobj}T" "$write_libobj"
+    }
+}
+
+
+##################################################
+# FILE NAME AND PATH CONVERSION HELPER FUNCTIONS #
+##################################################
+
+# func_convert_core_file_wine_to_w32 ARG
+# Helper function used by file name conversion functions when $build is *nix,
+# and $host is mingw, cygwin, or some other w32 environment. Relies on a
+# correctly configured wine environment available, with the winepath program
+# in $build's $PATH.
+#
+# ARG is the $build file name to be converted to w32 format.
+# Result is available in $func_convert_core_file_wine_to_w32_result, and will
+# be empty on error (or when ARG is empty)
+func_convert_core_file_wine_to_w32 ()
+{
+  $debug_cmd
+
+  func_convert_core_file_wine_to_w32_result=$1
+  if test -n "$1"; then
+    # Unfortunately, winepath does not exit with a non-zero error code, so we
+    # are forced to check the contents of stdout. On the other hand, if the
+    # command is not found, the shell will set an exit code of 127 and print
+    # *an error message* to stdout. So we must check for both error code of
+    # zero AND non-empty stdout, which explains the odd construction:
+    func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null`
+    if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then
+      func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" |
+        $SED -e "$sed_naive_backslashify"`
+    else
+      func_convert_core_file_wine_to_w32_result=
+    fi
+  fi
+}
+# end: func_convert_core_file_wine_to_w32
+
+
+# func_convert_core_path_wine_to_w32 ARG
+# Helper function used by path conversion functions when $build is *nix, and
+# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly
+# configured wine environment available, with the winepath program in $build's
+# $PATH. Assumes ARG has no leading or trailing path separator characters.
+#
+# ARG is path to be converted from $build format to win32.
+# Result is available in $func_convert_core_path_wine_to_w32_result.
+# Unconvertible file (directory) names in ARG are skipped; if no directory names
+# are convertible, then the result may be empty.
+func_convert_core_path_wine_to_w32 ()
+{
+  $debug_cmd
+
+  # unfortunately, winepath doesn't convert paths, only file names
+  func_convert_core_path_wine_to_w32_result=
+  if test -n "$1"; then
+    oldIFS=$IFS
+    IFS=:
+    for func_convert_core_path_wine_to_w32_f in $1; do
+      IFS=$oldIFS
+      func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f"
+      if test -n "$func_convert_core_file_wine_to_w32_result"; then
+        if test -z "$func_convert_core_path_wine_to_w32_result"; then
+          func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result
+        else
+          func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result"
+        fi
+      fi
+    done
+    IFS=$oldIFS
+  fi
+}
+# end: func_convert_core_path_wine_to_w32
+
+
+# func_cygpath ARGS...
+# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when
+# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2)
+# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or
+# (2), returns the Cygwin file name or path in func_cygpath_result (input
+# file name or path is assumed to be in w32 format, as previously converted
+# from $build's *nix or MSYS format). In case (3), returns the w32 file name
+# or path in func_cygpath_result (input file name or path is assumed to be in
+# Cygwin format). Returns an empty string on error.
+#
+# ARGS are passed to cygpath, with the last one being the file name or path to
+# be converted.
+#
+# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH
+# environment variable; do not put it in $PATH.
+func_cygpath ()
+{
+  $debug_cmd
+
+  if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then
+    func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null`
+    if test "$?" -ne 0; then
+      # on failure, ensure result is empty
+      func_cygpath_result=
+    fi
+  else
+    func_cygpath_result=
+    func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'"
+  fi
+}
+#end: func_cygpath
+
+
+# func_convert_core_msys_to_w32 ARG
+# Convert file name or path ARG from MSYS format to w32 format.  Return
+# result in func_convert_core_msys_to_w32_result.
+func_convert_core_msys_to_w32 ()
+{
+  $debug_cmd
+
+  # awkward: cmd appends spaces to result
+  func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null |
+    $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"`
+}
+#end: func_convert_core_msys_to_w32
+
+
+# func_convert_file_check ARG1 ARG2
+# Verify that ARG1 (a file name in $build format) was converted to $host
+# format in ARG2. Otherwise, emit an error message, but continue (resetting
+# func_to_host_file_result to ARG1).
+func_convert_file_check ()
+{
+  $debug_cmd
+
+  if test -z "$2" && test -n "$1"; then
+    func_error "Could not determine host file name corresponding to"
+    func_error "  '$1'"
+    func_error "Continuing, but uninstalled executables may not work."
+    # Fallback:
+    func_to_host_file_result=$1
+  fi
+}
+# end func_convert_file_check
+
+
+# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH
+# Verify that FROM_PATH (a path in $build format) was converted to $host
+# format in TO_PATH. Otherwise, emit an error message, but continue, resetting
+# func_to_host_file_result to a simplistic fallback value (see below).
+func_convert_path_check ()
+{
+  $debug_cmd
+
+  if test -z "$4" && test -n "$3"; then
+    func_error "Could not determine the host path corresponding to"
+    func_error "  '$3'"
+    func_error "Continuing, but uninstalled executables may not work."
+    # Fallback.  This is a deliberately simplistic "conversion" and
+    # should not be "improved".  See libtool.info.
+    if test "x$1" != "x$2"; then
+      lt_replace_pathsep_chars="s|$1|$2|g"
+      func_to_host_path_result=`echo "$3" |
+        $SED -e "$lt_replace_pathsep_chars"`
+    else
+      func_to_host_path_result=$3
+    fi
+  fi
+}
+# end func_convert_path_check
+
+
+# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG
+# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT
+# and appending REPL if ORIG matches BACKPAT.
+func_convert_path_front_back_pathsep ()
+{
+  $debug_cmd
+
+  case $4 in
+  $1 ) func_to_host_path_result=$3$func_to_host_path_result
+    ;;
+  esac
+  case $4 in
+  $2 ) func_append func_to_host_path_result "$3"
+    ;;
+  esac
+}
+# end func_convert_path_front_back_pathsep
+
+
+##################################################
+# $build to $host FILE NAME CONVERSION FUNCTIONS #
+##################################################
+# invoked via '$to_host_file_cmd ARG'
+#
+# In each case, ARG is the path to be converted from $build to $host format.
+# Result will be available in $func_to_host_file_result.
+
+
+# func_to_host_file ARG
+# Converts the file name ARG from $build format to $host format. Return result
+# in func_to_host_file_result.
+func_to_host_file ()
+{
+  $debug_cmd
+
+  $to_host_file_cmd "$1"
+}
+# end func_to_host_file
+
+
+# func_to_tool_file ARG LAZY
+# converts the file name ARG from $build format to toolchain format. Return
+# result in func_to_tool_file_result.  If the conversion in use is listed
+# in (the comma separated) LAZY, no conversion takes place.
+func_to_tool_file ()
+{
+  $debug_cmd
+
+  case ,$2, in
+    *,"$to_tool_file_cmd",*)
+      func_to_tool_file_result=$1
+      ;;
+    *)
+      $to_tool_file_cmd "$1"
+      func_to_tool_file_result=$func_to_host_file_result
+      ;;
+  esac
+}
+# end func_to_tool_file
+
+
+# func_convert_file_noop ARG
+# Copy ARG to func_to_host_file_result.
+func_convert_file_noop ()
+{
+  func_to_host_file_result=$1
+}
+# end func_convert_file_noop
+
+
+# func_convert_file_msys_to_w32 ARG
+# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic
+# conversion to w32 is not available inside the cwrapper.  Returns result in
+# func_to_host_file_result.
+func_convert_file_msys_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_file_result=$1
+  if test -n "$1"; then
+    func_convert_core_msys_to_w32 "$1"
+    func_to_host_file_result=$func_convert_core_msys_to_w32_result
+  fi
+  func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_msys_to_w32
+
+
+# func_convert_file_cygwin_to_w32 ARG
+# Convert file name ARG from Cygwin to w32 format.  Returns result in
+# func_to_host_file_result.
+func_convert_file_cygwin_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_file_result=$1
+  if test -n "$1"; then
+    # because $build is cygwin, we call "the" cygpath in $PATH; no need to use
+    # LT_CYGPATH in this case.
+    func_to_host_file_result=`cygpath -m "$1"`
+  fi
+  func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_cygwin_to_w32
+
+
+# func_convert_file_nix_to_w32 ARG
+# Convert file name ARG from *nix to w32 format.  Requires a wine environment
+# and a working winepath. Returns result in func_to_host_file_result.
+func_convert_file_nix_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_file_result=$1
+  if test -n "$1"; then
+    func_convert_core_file_wine_to_w32 "$1"
+    func_to_host_file_result=$func_convert_core_file_wine_to_w32_result
+  fi
+  func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_nix_to_w32
+
+
+# func_convert_file_msys_to_cygwin ARG
+# Convert file name ARG from MSYS to Cygwin format.  Requires LT_CYGPATH set.
+# Returns result in func_to_host_file_result.
+func_convert_file_msys_to_cygwin ()
+{
+  $debug_cmd
+
+  func_to_host_file_result=$1
+  if test -n "$1"; then
+    func_convert_core_msys_to_w32 "$1"
+    func_cygpath -u "$func_convert_core_msys_to_w32_result"
+    func_to_host_file_result=$func_cygpath_result
+  fi
+  func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_msys_to_cygwin
+
+
+# func_convert_file_nix_to_cygwin ARG
+# Convert file name ARG from *nix to Cygwin format.  Requires Cygwin installed
+# in a wine environment, working winepath, and LT_CYGPATH set.  Returns result
+# in func_to_host_file_result.
+func_convert_file_nix_to_cygwin ()
+{
+  $debug_cmd
+
+  func_to_host_file_result=$1
+  if test -n "$1"; then
+    # convert from *nix to w32, then use cygpath to convert from w32 to cygwin.
+    func_convert_core_file_wine_to_w32 "$1"
+    func_cygpath -u "$func_convert_core_file_wine_to_w32_result"
+    func_to_host_file_result=$func_cygpath_result
+  fi
+  func_convert_file_check "$1" "$func_to_host_file_result"
+}
+# end func_convert_file_nix_to_cygwin
+
+
+#############################################
+# $build to $host PATH CONVERSION FUNCTIONS #
+#############################################
+# invoked via '$to_host_path_cmd ARG'
+#
+# In each case, ARG is the path to be converted from $build to $host format.
+# The result will be available in $func_to_host_path_result.
+#
+# Path separators are also converted from $build format to $host format.  If
+# ARG begins or ends with a path separator character, it is preserved (but
+# converted to $host format) on output.
+#
+# All path conversion functions are named using the following convention:
+#   file name conversion function    : func_convert_file_X_to_Y ()
+#   path conversion function         : func_convert_path_X_to_Y ()
+# where, for any given $build/$host combination the 'X_to_Y' value is the
+# same.  If conversion functions are added for new $build/$host combinations,
+# the two new functions must follow this pattern, or func_init_to_host_path_cmd
+# will break.
+
+
+# func_init_to_host_path_cmd
+# Ensures that function "pointer" variable $to_host_path_cmd is set to the
+# appropriate value, based on the value of $to_host_file_cmd.
+to_host_path_cmd=
+func_init_to_host_path_cmd ()
+{
+  $debug_cmd
+
+  if test -z "$to_host_path_cmd"; then
+    func_stripname 'func_convert_file_' '' "$to_host_file_cmd"
+    to_host_path_cmd=func_convert_path_$func_stripname_result
+  fi
+}
+
+
+# func_to_host_path ARG
+# Converts the path ARG from $build format to $host format. Return result
+# in func_to_host_path_result.
+func_to_host_path ()
+{
+  $debug_cmd
+
+  func_init_to_host_path_cmd
+  $to_host_path_cmd "$1"
+}
+# end func_to_host_path
+
+
+# func_convert_path_noop ARG
+# Copy ARG to func_to_host_path_result.
+func_convert_path_noop ()
+{
+  func_to_host_path_result=$1
+}
+# end func_convert_path_noop
+
+
+# func_convert_path_msys_to_w32 ARG
+# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic
+# conversion to w32 is not available inside the cwrapper.  Returns result in
+# func_to_host_path_result.
+func_convert_path_msys_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_path_result=$1
+  if test -n "$1"; then
+    # Remove leading and trailing path separator characters from ARG.  MSYS
+    # behavior is inconsistent here; cygpath turns them into '.;' and ';.';
+    # and winepath ignores them completely.
+    func_stripname : : "$1"
+    func_to_host_path_tmp1=$func_stripname_result
+    func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
+    func_to_host_path_result=$func_convert_core_msys_to_w32_result
+    func_convert_path_check : ";" \
+      "$func_to_host_path_tmp1" "$func_to_host_path_result"
+    func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+  fi
+}
+# end func_convert_path_msys_to_w32
+
+
+# func_convert_path_cygwin_to_w32 ARG
+# Convert path ARG from Cygwin to w32 format.  Returns result in
+# func_to_host_file_result.
+func_convert_path_cygwin_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_path_result=$1
+  if test -n "$1"; then
+    # See func_convert_path_msys_to_w32:
+    func_stripname : : "$1"
+    func_to_host_path_tmp1=$func_stripname_result
+    func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"`
+    func_convert_path_check : ";" \
+      "$func_to_host_path_tmp1" "$func_to_host_path_result"
+    func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+  fi
+}
+# end func_convert_path_cygwin_to_w32
+
+
+# func_convert_path_nix_to_w32 ARG
+# Convert path ARG from *nix to w32 format.  Requires a wine environment and
+# a working winepath.  Returns result in func_to_host_file_result.
+func_convert_path_nix_to_w32 ()
+{
+  $debug_cmd
+
+  func_to_host_path_result=$1
+  if test -n "$1"; then
+    # See func_convert_path_msys_to_w32:
+    func_stripname : : "$1"
+    func_to_host_path_tmp1=$func_stripname_result
+    func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
+    func_to_host_path_result=$func_convert_core_path_wine_to_w32_result
+    func_convert_path_check : ";" \
+      "$func_to_host_path_tmp1" "$func_to_host_path_result"
+    func_convert_path_front_back_pathsep ":*" "*:" ";" "$1"
+  fi
+}
+# end func_convert_path_nix_to_w32
+
+
+# func_convert_path_msys_to_cygwin ARG
+# Convert path ARG from MSYS to Cygwin format.  Requires LT_CYGPATH set.
+# Returns result in func_to_host_file_result.
+func_convert_path_msys_to_cygwin ()
+{
+  $debug_cmd
+
+  func_to_host_path_result=$1
+  if test -n "$1"; then
+    # See func_convert_path_msys_to_w32:
+    func_stripname : : "$1"
+    func_to_host_path_tmp1=$func_stripname_result
+    func_convert_core_msys_to_w32 "$func_to_host_path_tmp1"
+    func_cygpath -u -p "$func_convert_core_msys_to_w32_result"
+    func_to_host_path_result=$func_cygpath_result
+    func_convert_path_check : : \
+      "$func_to_host_path_tmp1" "$func_to_host_path_result"
+    func_convert_path_front_back_pathsep ":*" "*:" : "$1"
+  fi
+}
+# end func_convert_path_msys_to_cygwin
+
+
+# func_convert_path_nix_to_cygwin ARG
+# Convert path ARG from *nix to Cygwin format.  Requires Cygwin installed in a
+# a wine environment, working winepath, and LT_CYGPATH set.  Returns result in
+# func_to_host_file_result.
+func_convert_path_nix_to_cygwin ()
+{
+  $debug_cmd
+
+  func_to_host_path_result=$1
+  if test -n "$1"; then
+    # Remove leading and trailing path separator characters from
+    # ARG. msys behavior is inconsistent here, cygpath turns them
+    # into '.;' and ';.', and winepath ignores them completely.
+    func_stripname : : "$1"
+    func_to_host_path_tmp1=$func_stripname_result
+    func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1"
+    func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result"
+    func_to_host_path_result=$func_cygpath_result
+    func_convert_path_check : : \
+      "$func_to_host_path_tmp1" "$func_to_host_path_result"
+    func_convert_path_front_back_pathsep ":*" "*:" : "$1"
+  fi
+}
+# end func_convert_path_nix_to_cygwin
+
+
+# func_dll_def_p FILE
+# True iff FILE is a Windows DLL '.def' file.
+# Keep in sync with _LT_DLL_DEF_P in libtool.m4
+func_dll_def_p ()
+{
+  $debug_cmd
+
+  func_dll_def_p_tmp=`$SED -n \
+    -e 's/^[	 ]*//' \
+    -e '/^\(;.*\)*$/d' \
+    -e 's/^\(EXPORTS\|LIBRARY\)\([	 ].*\)*$/DEF/p' \
+    -e q \
+    "$1"`
+  test DEF = "$func_dll_def_p_tmp"
+}
+
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+    $debug_cmd
+
+    # Get the compilation command and the source file.
+    base_compile=
+    srcfile=$nonopt  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
+    suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
+    pie_flag=
+
+    for arg
+    do
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg=$arg
+	arg_mode=normal
+	;;
+
+      target )
+	libobj=$arg
+	arg_mode=normal
+	continue
+	;;
+
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  test -n "$libobj" && \
+	    func_fatal_error "you cannot specify '-o' more than once"
+	  arg_mode=target
+	  continue
+	  ;;
+
+	-pie | -fpie | -fPIE)
+          func_append pie_flag " $arg"
+	  continue
+	  ;;
+
+	-shared | -static | -prefer-pic | -prefer-non-pic)
+	  func_append later " $arg"
+	  continue
+	  ;;
+
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
+
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
+
+	-Wc,*)
+	  func_stripname '-Wc,' '' "$arg"
+	  args=$func_stripname_result
+	  lastarg=
+	  save_ifs=$IFS; IFS=,
+	  for arg in $args; do
+	    IFS=$save_ifs
+	    func_append_quoted lastarg "$arg"
+	  done
+	  IFS=$save_ifs
+	  func_stripname ' ' '' "$lastarg"
+	  lastarg=$func_stripname_result
+
+	  # Add the arguments to base_compile.
+	  func_append base_compile " $lastarg"
+	  continue
+	  ;;
+
+	*)
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg=$srcfile
+	  srcfile=$arg
+	  ;;
+	esac  #  case $arg
+	;;
+      esac    #  case $arg_mode
+
+      # Aesthetically quote the previous argument.
+      func_append_quoted base_compile "$lastarg"
+    done # for arg
+
+    case $arg_mode in
+    arg)
+      func_fatal_error "you must specify an argument for -Xcompile"
+      ;;
+    target)
+      func_fatal_error "you must specify a target with '-o'"
+      ;;
+    *)
+      # Get the name of the library object.
+      test -z "$libobj" && {
+	func_basename "$srcfile"
+	libobj=$func_basename_result
+      }
+      ;;
+    esac
+
+    # Recognize several different file suffixes.
+    # If the user specifies -o file.o, it is replaced with file.lo
+    case $libobj in
+    *.[cCFSifmso] | \
+    *.ada | *.adb | *.ads | *.asm | \
+    *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+    *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup)
+      func_xform "$libobj"
+      libobj=$func_xform_result
+      ;;
+    esac
+
+    case $libobj in
+    *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+    *)
+      func_fatal_error "cannot determine name of library object from '$libobj'"
+      ;;
+    esac
+
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -shared)
+	test yes = "$build_libtool_libs" \
+	  || func_fatal_configuration "cannot build a shared library"
+	build_old_libs=no
+	continue
+	;;
+
+      -static)
+	build_libtool_libs=no
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    func_quote_for_eval "$libobj"
+    test "X$libobj" != "X$func_quote_for_eval_result" \
+      && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
+      && func_warning "libobj name '$libobj' may not contain shell special characters."
+    func_dirname_and_basename "$obj" "/" ""
+    objname=$func_basename_result
+    xdir=$func_dirname_result
+    lobj=$xdir$objdir/$objname
+
+    test -z "$base_compile" && \
+      func_fatal_help "you must specify a compilation command"
+
+    # Delete any leftover library objects.
+    if test yes = "$build_old_libs"; then
+      removelist="$obj $lobj $libobj ${libobj}T"
+    else
+      removelist="$lobj $libobj ${libobj}T"
+    fi
+
+    # On Cygwin there's no "real" PIC flag so we must build both object types
+    case $host_os in
+    cygwin* | mingw* | pw32* | os2* | cegcc*)
+      pic_mode=default
+      ;;
+    esac
+    if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then
+      # non-PIC code in shared libraries is not supported
+      pic_mode=default
+    fi
+
+    # Calculate the filename of the output object if compiler does
+    # not support -o with -c
+    if test no = "$compiler_c_o"; then
+      output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext
+      lockfile=$output_obj.lock
+    else
+      output_obj=
+      need_locks=no
+      lockfile=
+    fi
+
+    # Lock this critical section if it is needed
+    # We use this script file to make the link, it avoids creating a new file
+    if test yes = "$need_locks"; then
+      until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+	func_echo "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    elif test warn = "$need_locks"; then
+      if test -f "$lockfile"; then
+	$ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support '-c' and '-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+      func_append removelist " $output_obj"
+      $ECHO "$srcfile" > "$lockfile"
+    fi
+
+    $opt_dry_run || $RM $removelist
+    func_append removelist " $lockfile"
+    trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+    func_to_tool_file "$srcfile" func_convert_file_msys_to_w32
+    srcfile=$func_to_tool_file_result
+    func_quote_for_eval "$srcfile"
+    qsrcfile=$func_quote_for_eval_result
+
+    # Only build a PIC object if we are building libtool libraries.
+    if test yes = "$build_libtool_libs"; then
+      # Without this assignment, base_compile gets emptied.
+      fbsd_hideous_sh_bug=$base_compile
+
+      if test no != "$pic_mode"; then
+	command="$base_compile $qsrcfile $pic_flag"
+      else
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      fi
+
+      func_mkdir_p "$xdir$objdir"
+
+      if test -z "$output_obj"; then
+	# Place PIC objects in $objdir
+	func_append command " -o $lobj"
+      fi
+
+      func_show_eval_locale "$command"	\
+          'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+      if test warn = "$need_locks" &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support '-c' and '-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed, then go on to compile the next one
+      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+	func_show_eval '$MV "$output_obj" "$lobj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+
+      # Allow error messages only from the first compilation.
+      if test yes = "$suppress_opt"; then
+	suppress_output=' >/dev/null 2>&1'
+      fi
+    fi
+
+    # Only build a position-dependent object if we build old libraries.
+    if test yes = "$build_old_libs"; then
+      if test yes != "$pic_mode"; then
+	# Don't build PIC code
+	command="$base_compile $qsrcfile$pie_flag"
+      else
+	command="$base_compile $qsrcfile $pic_flag"
+      fi
+      if test yes = "$compiler_c_o"; then
+	func_append command " -o $obj"
+      fi
+
+      # Suppress compiler output if we already did a PIC compilation.
+      func_append command "$suppress_output"
+      func_show_eval_locale "$command" \
+        '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+      if test warn = "$need_locks" &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support '-c' and '-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed
+      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+	func_show_eval '$MV "$output_obj" "$obj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+    fi
+
+    $opt_dry_run || {
+      func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+      # Unlock the critical section if it was locked
+      if test no != "$need_locks"; then
+	removelist=$lockfile
+        $RM "$lockfile"
+      fi
+    }
+
+    exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+  test compile = "$opt_mode" && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+    # We need to display help for each of the modes.
+    case $opt_mode in
+      "")
+        # Generic help is extracted from the usage comments
+        # at the start of this file.
+        func_help
+        ;;
+
+      clean)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically '/bin/rm').  RM-OPTIONS are options (such as '-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      compile)
+      $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
+  -no-suppress      do not suppress compiler output for multiple passes
+  -prefer-pic       try to build PIC objects only
+  -prefer-non-pic   try to build non-PIC objects only
+  -shared           do not build a '.o' file suitable for static linking
+  -static           only build a '.o' file suitable for static linking
+  -Wc,FLAG          pass FLAG directly to the compiler
+
+COMPILE-COMMAND is a command to be used in creating a 'standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix '.c' with the
+library object suffix, '.lo'."
+        ;;
+
+      execute)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+  -dlopen FILE      add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to '-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+        ;;
+
+      finish)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges.  Use
+the '--dry-run' option if you just want to see what would be executed."
+        ;;
+
+      install)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command.  The first component should be
+either the 'install' or 'cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+  -inst-prefix-dir PREFIX-DIR  Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+        ;;
+
+      link)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+  -all-static       do not do any dynamic linking at all
+  -avoid-version    do not add a version suffix if possible
+  -bindir BINDIR    specify path to binaries directory (for systems where
+                    libraries must be found in the PATH setting at runtime)
+  -dlopen FILE      '-dlpreopen' FILE if it cannot be dlopened at runtime
+  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
+  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+  -export-symbols SYMFILE
+                    try to export only the symbols listed in SYMFILE
+  -export-symbols-regex REGEX
+                    try to export only the symbols matching REGEX
+  -LLIBDIR          search LIBDIR for required installed libraries
+  -lNAME            OUTPUT-FILE requires the installed library libNAME
+  -module           build a library that can dlopened
+  -no-fast-install  disable the fast-install mode
+  -no-install       link a not-installable executable
+  -no-undefined     declare that a library does not refer to external symbols
+  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
+  -objectlist FILE  use a list of object files found in FILE to specify objects
+  -os2dllname NAME  force a short DLL name on OS/2 (no effect on other OSes)
+  -precious-files-regex REGEX
+                    don't remove output files matching REGEX
+  -release RELEASE  specify package release information
+  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
+  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
+  -shared           only do dynamic linking of libtool libraries
+  -shrext SUFFIX    override the standard shared library file extension
+  -static           do not do any dynamic linking of uninstalled libtool libraries
+  -static-libtool-libs
+                    do not do any dynamic linking of libtool libraries
+  -version-info CURRENT[:REVISION[:AGE]]
+                    specify library version info [each variable defaults to 0]
+  -weak LIBNAME     declare that the target provides the LIBNAME interface
+  -Wc,FLAG
+  -Xcompiler FLAG   pass linker-specific FLAG directly to the compiler
+  -Wl,FLAG
+  -Xlinker FLAG     pass linker-specific FLAG directly to the linker
+  -XCClinker FLAG   pass link-specific FLAG to the compiler driver (CC)
+
+All other options (arguments beginning with '-') are ignored.
+
+Every other argument is treated as a filename.  Files ending in '.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in '.la', then a libtool library is created,
+only library objects ('.lo' files) may be specified, and '-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created
+using 'ar' and 'ranlib', or on Windows using 'lib'.
+
+If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file
+is created, otherwise an executable program is created."
+        ;;
+
+      uninstall)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically '/bin/rm').  RM-OPTIONS are options (such as '-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      *)
+        func_fatal_help "invalid operation mode '$opt_mode'"
+        ;;
+    esac
+
+    echo
+    $ECHO "Try '$progname --help' for more information about other modes."
+}
+
+# Now that we've collected a possible --mode arg, show help if necessary
+if $opt_help; then
+  if test : = "$opt_help"; then
+    func_mode_help
+  else
+    {
+      func_help noexit
+      for opt_mode in compile link execute install finish uninstall clean; do
+	func_mode_help
+      done
+    } | $SED -n '1p; 2,$s/^Usage:/  or: /p'
+    {
+      func_help noexit
+      for opt_mode in compile link execute install finish uninstall clean; do
+	echo
+	func_mode_help
+      done
+    } |
+    $SED '1d
+      /^When reporting/,/^Report/{
+	H
+	d
+      }
+      $x
+      /information about other modes/d
+      /more detailed .*MODE/d
+      s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/'
+  fi
+  exit $?
+fi
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+    $debug_cmd
+
+    # The first argument is the command name.
+    cmd=$nonopt
+    test -z "$cmd" && \
+      func_fatal_help "you must specify a COMMAND"
+
+    # Handle -dlopen flags immediately.
+    for file in $opt_dlopen; do
+      test -f "$file" \
+	|| func_fatal_help "'$file' is not a file"
+
+      dir=
+      case $file in
+      *.la)
+	func_resolve_sysroot "$file"
+	file=$func_resolve_sysroot_result
+
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "'$lib' is not a valid libtool archive"
+
+	# Read the libtool library.
+	dlname=
+	library_names=
+	func_source "$file"
+
+	# Skip this library if it cannot be dlopened.
+	if test -z "$dlname"; then
+	  # Warn if it was a shared library.
+	  test -n "$library_names" && \
+	    func_warning "'$file' was not linked with '-export-dynamic'"
+	  continue
+	fi
+
+	func_dirname "$file" "" "."
+	dir=$func_dirname_result
+
+	if test -f "$dir/$objdir/$dlname"; then
+	  func_append dir "/$objdir"
+	else
+	  if test ! -f "$dir/$dlname"; then
+	    func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'"
+	  fi
+	fi
+	;;
+
+      *.lo)
+	# Just add the directory containing the .lo file.
+	func_dirname "$file" "" "."
+	dir=$func_dirname_result
+	;;
+
+      *)
+	func_warning "'-dlopen' is ignored for non-libtool libraries and objects"
+	continue
+	;;
+      esac
+
+      # Get the absolute pathname.
+      absdir=`cd "$dir" && pwd`
+      test -n "$absdir" && dir=$absdir
+
+      # Now add the directory to shlibpath_var.
+      if eval "test -z \"\$$shlibpath_var\""; then
+	eval "$shlibpath_var=\"\$dir\""
+      else
+	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+      fi
+    done
+
+    # This variable tells wrapper scripts just to set shlibpath_var
+    # rather than running their programs.
+    libtool_execute_magic=$magic
+
+    # Check if any of the arguments is a wrapper script.
+    args=
+    for file
+    do
+      case $file in
+      -* | *.la | *.lo ) ;;
+      *)
+	# Do a test to see if this is really a libtool program.
+	if func_ltwrapper_script_p "$file"; then
+	  func_source "$file"
+	  # Transform arg to wrapped name.
+	  file=$progdir/$program
+	elif func_ltwrapper_executable_p "$file"; then
+	  func_ltwrapper_scriptname "$file"
+	  func_source "$func_ltwrapper_scriptname_result"
+	  # Transform arg to wrapped name.
+	  file=$progdir/$program
+	fi
+	;;
+      esac
+      # Quote arguments (to preserve shell metacharacters).
+      func_append_quoted args "$file"
+    done
+
+    if $opt_dry_run; then
+      # Display what would be done.
+      if test -n "$shlibpath_var"; then
+	eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+	echo "export $shlibpath_var"
+      fi
+      $ECHO "$cmd$args"
+      exit $EXIT_SUCCESS
+    else
+      if test -n "$shlibpath_var"; then
+	# Export the shlibpath_var.
+	eval "export $shlibpath_var"
+      fi
+
+      # Restore saved environment variables
+      for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+      do
+	eval "if test \"\${save_$lt_var+set}\" = set; then
+                $lt_var=\$save_$lt_var; export $lt_var
+	      else
+		$lt_unset $lt_var
+	      fi"
+      done
+
+      # Now prepare to actually exec the command.
+      exec_cmd=\$cmd$args
+    fi
+}
+
+test execute = "$opt_mode" && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+    $debug_cmd
+
+    libs=
+    libdirs=
+    admincmds=
+
+    for opt in "$nonopt" ${1+"$@"}
+    do
+      if test -d "$opt"; then
+	func_append libdirs " $opt"
+
+      elif test -f "$opt"; then
+	if func_lalib_unsafe_p "$opt"; then
+	  func_append libs " $opt"
+	else
+	  func_warning "'$opt' is not a valid libtool archive"
+	fi
+
+      else
+	func_fatal_error "invalid argument '$opt'"
+      fi
+    done
+
+    if test -n "$libs"; then
+      if test -n "$lt_sysroot"; then
+        sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"`
+        sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;"
+      else
+        sysroot_cmd=
+      fi
+
+      # Remove sysroot references
+      if $opt_dry_run; then
+        for lib in $libs; do
+          echo "removing references to $lt_sysroot and '=' prefixes from $lib"
+        done
+      else
+        tmpdir=`func_mktempdir`
+        for lib in $libs; do
+	  $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \
+	    > $tmpdir/tmp-la
+	  mv -f $tmpdir/tmp-la $lib
+	done
+        ${RM}r "$tmpdir"
+      fi
+    fi
+
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+      for libdir in $libdirs; do
+	if test -n "$finish_cmds"; then
+	  # Do each command in the finish commands.
+	  func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+	fi
+	if test -n "$finish_eval"; then
+	  # Do the single finish_eval.
+	  eval cmds=\"$finish_eval\"
+	  $opt_dry_run || eval "$cmds" || func_append admincmds "
+       $cmds"
+	fi
+      done
+    fi
+
+    # Exit here if they wanted silent mode.
+    $opt_quiet && exit $EXIT_SUCCESS
+
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+      echo "----------------------------------------------------------------------"
+      echo "Libraries have been installed in:"
+      for libdir in $libdirs; do
+	$ECHO "   $libdir"
+      done
+      echo
+      echo "If you ever happen to want to link against installed libraries"
+      echo "in a given directory, LIBDIR, you must either use libtool, and"
+      echo "specify the full pathname of the library, or use the '-LLIBDIR'"
+      echo "flag during linking and do at least one of the following:"
+      if test -n "$shlibpath_var"; then
+	echo "   - add LIBDIR to the '$shlibpath_var' environment variable"
+	echo "     during execution"
+      fi
+      if test -n "$runpath_var"; then
+	echo "   - add LIBDIR to the '$runpath_var' environment variable"
+	echo "     during linking"
+      fi
+      if test -n "$hardcode_libdir_flag_spec"; then
+	libdir=LIBDIR
+	eval flag=\"$hardcode_libdir_flag_spec\"
+
+	$ECHO "   - use the '$flag' linker flag"
+      fi
+      if test -n "$admincmds"; then
+	$ECHO "   - have your system administrator run these commands:$admincmds"
+      fi
+      if test -f /etc/ld.so.conf; then
+	echo "   - have your system administrator add LIBDIR to '/etc/ld.so.conf'"
+      fi
+      echo
+
+      echo "See any operating system documentation about shared libraries for"
+      case $host in
+	solaris2.[6789]|solaris2.1[0-9])
+	  echo "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+	  echo "pages."
+	  ;;
+	*)
+	  echo "more information, such as the ld(1) and ld.so(8) manual pages."
+	  ;;
+      esac
+      echo "----------------------------------------------------------------------"
+    fi
+    exit $EXIT_SUCCESS
+}
+
+test finish = "$opt_mode" && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+    $debug_cmd
+
+    # There may be an optional sh(1) argument at the beginning of
+    # install_prog (especially on Windows NT).
+    if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" ||
+       # Allow the use of GNU shtool's install command.
+       case $nonopt in *shtool*) :;; *) false;; esac
+    then
+      # Aesthetically quote it.
+      func_quote_for_eval "$nonopt"
+      install_prog="$func_quote_for_eval_result "
+      arg=$1
+      shift
+    else
+      install_prog=
+      arg=$nonopt
+    fi
+
+    # The real first argument should be the name of the installation program.
+    # Aesthetically quote it.
+    func_quote_for_eval "$arg"
+    func_append install_prog "$func_quote_for_eval_result"
+    install_shared_prog=$install_prog
+    case " $install_prog " in
+      *[\\\ /]cp\ *) install_cp=: ;;
+      *) install_cp=false ;;
+    esac
+
+    # We need to accept at least all the BSD install flags.
+    dest=
+    files=
+    opts=
+    prev=
+    install_type=
+    isdir=false
+    stripme=
+    no_mode=:
+    for arg
+    do
+      arg2=
+      if test -n "$dest"; then
+	func_append files " $dest"
+	dest=$arg
+	continue
+      fi
+
+      case $arg in
+      -d) isdir=: ;;
+      -f)
+	if $install_cp; then :; else
+	  prev=$arg
+	fi
+	;;
+      -g | -m | -o)
+	prev=$arg
+	;;
+      -s)
+	stripme=" -s"
+	continue
+	;;
+      -*)
+	;;
+      *)
+	# If the previous option needed an argument, then skip it.
+	if test -n "$prev"; then
+	  if test X-m = "X$prev" && test -n "$install_override_mode"; then
+	    arg2=$install_override_mode
+	    no_mode=false
+	  fi
+	  prev=
+	else
+	  dest=$arg
+	  continue
+	fi
+	;;
+      esac
+
+      # Aesthetically quote the argument.
+      func_quote_for_eval "$arg"
+      func_append install_prog " $func_quote_for_eval_result"
+      if test -n "$arg2"; then
+	func_quote_for_eval "$arg2"
+      fi
+      func_append install_shared_prog " $func_quote_for_eval_result"
+    done
+
+    test -z "$install_prog" && \
+      func_fatal_help "you must specify an install program"
+
+    test -n "$prev" && \
+      func_fatal_help "the '$prev' option requires an argument"
+
+    if test -n "$install_override_mode" && $no_mode; then
+      if $install_cp; then :; else
+	func_quote_for_eval "$install_override_mode"
+	func_append install_shared_prog " -m $func_quote_for_eval_result"
+      fi
+    fi
+
+    if test -z "$files"; then
+      if test -z "$dest"; then
+	func_fatal_help "no file or destination specified"
+      else
+	func_fatal_help "you must specify a destination"
+      fi
+    fi
+
+    # Strip any trailing slash from the destination.
+    func_stripname '' '/' "$dest"
+    dest=$func_stripname_result
+
+    # Check to see that the destination is a directory.
+    test -d "$dest" && isdir=:
+    if $isdir; then
+      destdir=$dest
+      destname=
+    else
+      func_dirname_and_basename "$dest" "" "."
+      destdir=$func_dirname_result
+      destname=$func_basename_result
+
+      # Not a directory, so check to see that there is only one file specified.
+      set dummy $files; shift
+      test "$#" -gt 1 && \
+	func_fatal_help "'$dest' is not a directory"
+    fi
+    case $destdir in
+    [\\/]* | [A-Za-z]:[\\/]*) ;;
+    *)
+      for file in $files; do
+	case $file in
+	*.lo) ;;
+	*)
+	  func_fatal_help "'$destdir' must be an absolute directory name"
+	  ;;
+	esac
+      done
+      ;;
+    esac
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic=$magic
+
+    staticlibs=
+    future_libdirs=
+    current_libdirs=
+    for file in $files; do
+
+      # Do each installation.
+      case $file in
+      *.$libext)
+	# Do the static libraries later.
+	func_append staticlibs " $file"
+	;;
+
+      *.la)
+	func_resolve_sysroot "$file"
+	file=$func_resolve_sysroot_result
+
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "'$file' is not a valid libtool archive"
+
+	library_names=
+	old_library=
+	relink_command=
+	func_source "$file"
+
+	# Add the libdir to current_libdirs if it is the destination.
+	if test "X$destdir" = "X$libdir"; then
+	  case "$current_libdirs " in
+	  *" $libdir "*) ;;
+	  *) func_append current_libdirs " $libdir" ;;
+	  esac
+	else
+	  # Note the libdir as a future libdir.
+	  case "$future_libdirs " in
+	  *" $libdir "*) ;;
+	  *) func_append future_libdirs " $libdir" ;;
+	  esac
+	fi
+
+	func_dirname "$file" "/" ""
+	dir=$func_dirname_result
+	func_append dir "$objdir"
+
+	if test -n "$relink_command"; then
+	  # Determine the prefix the user has applied to our future dir.
+	  inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"`
+
+	  # Don't allow the user to place us outside of our expected
+	  # location b/c this prevents finding dependent libraries that
+	  # are installed to the same prefix.
+	  # At present, this check doesn't affect windows .dll's that
+	  # are installed into $libdir/../bin (currently, that works fine)
+	  # but it's something to keep an eye on.
+	  test "$inst_prefix_dir" = "$destdir" && \
+	    func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir"
+
+	  if test -n "$inst_prefix_dir"; then
+	    # Stick the inst_prefix_dir data into the link command.
+	    relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+	  else
+	    relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"`
+	  fi
+
+	  func_warning "relinking '$file'"
+	  func_show_eval "$relink_command" \
+	    'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"'
+	fi
+
+	# See the names of the shared library.
+	set dummy $library_names; shift
+	if test -n "$1"; then
+	  realname=$1
+	  shift
+
+	  srcname=$realname
+	  test -n "$relink_command" && srcname=${realname}T
+
+	  # Install the shared library and build the symlinks.
+	  func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \
+	      'exit $?'
+	  tstripme=$stripme
+	  case $host_os in
+	  cygwin* | mingw* | pw32* | cegcc*)
+	    case $realname in
+	    *.dll.a)
+	      tstripme=
+	      ;;
+	    esac
+	    ;;
+	  os2*)
+	    case $realname in
+	    *_dll.a)
+	      tstripme=
+	      ;;
+	    esac
+	    ;;
+	  esac
+	  if test -n "$tstripme" && test -n "$striplib"; then
+	    func_show_eval "$striplib $destdir/$realname" 'exit $?'
+	  fi
+
+	  if test "$#" -gt 0; then
+	    # Delete the old symlinks, and create new ones.
+	    # Try 'ln -sf' first, because the 'ln' binary might depend on
+	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
+	    # so we also need to try rm && ln -s.
+	    for linkname
+	    do
+	      test "$linkname" != "$realname" \
+		&& func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+	    done
+	  fi
+
+	  # Do each command in the postinstall commands.
+	  lib=$destdir/$realname
+	  func_execute_cmds "$postinstall_cmds" 'exit $?'
+	fi
+
+	# Install the pseudo-library for information purposes.
+	func_basename "$file"
+	name=$func_basename_result
+	instname=$dir/${name}i
+	func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+	# Maybe install the static library, too.
+	test -n "$old_library" && func_append staticlibs " $dir/$old_library"
+	;;
+
+      *.lo)
+	# Install (i.e. copy) a libtool object.
+
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile=$destdir/$destname
+	else
+	  func_basename "$file"
+	  destfile=$func_basename_result
+	  destfile=$destdir/$destfile
+	fi
+
+	# Deduce the name of the destination old-style object file.
+	case $destfile in
+	*.lo)
+	  func_lo2o "$destfile"
+	  staticdest=$func_lo2o_result
+	  ;;
+	*.$objext)
+	  staticdest=$destfile
+	  destfile=
+	  ;;
+	*)
+	  func_fatal_help "cannot copy a libtool object to '$destfile'"
+	  ;;
+	esac
+
+	# Install the libtool object if requested.
+	test -n "$destfile" && \
+	  func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+	# Install the old object if enabled.
+	if test yes = "$build_old_libs"; then
+	  # Deduce the name of the old-style object file.
+	  func_lo2o "$file"
+	  staticobj=$func_lo2o_result
+	  func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+	fi
+	exit $EXIT_SUCCESS
+	;;
+
+      *)
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile=$destdir/$destname
+	else
+	  func_basename "$file"
+	  destfile=$func_basename_result
+	  destfile=$destdir/$destfile
+	fi
+
+	# If the file is missing, and there is a .exe on the end, strip it
+	# because it is most likely a libtool script we actually want to
+	# install
+	stripped_ext=
+	case $file in
+	  *.exe)
+	    if test ! -f "$file"; then
+	      func_stripname '' '.exe' "$file"
+	      file=$func_stripname_result
+	      stripped_ext=.exe
+	    fi
+	    ;;
+	esac
+
+	# Do a test to see if this is really a libtool program.
+	case $host in
+	*cygwin* | *mingw*)
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      wrapper=$func_ltwrapper_scriptname_result
+	    else
+	      func_stripname '' '.exe' "$file"
+	      wrapper=$func_stripname_result
+	    fi
+	    ;;
+	*)
+	    wrapper=$file
+	    ;;
+	esac
+	if func_ltwrapper_script_p "$wrapper"; then
+	  notinst_deplibs=
+	  relink_command=
+
+	  func_source "$wrapper"
+
+	  # Check the variables that should have been set.
+	  test -z "$generated_by_libtool_version" && \
+	    func_fatal_error "invalid libtool wrapper script '$wrapper'"
+
+	  finalize=:
+	  for lib in $notinst_deplibs; do
+	    # Check to see that each library is installed.
+	    libdir=
+	    if test -f "$lib"; then
+	      func_source "$lib"
+	    fi
+	    libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'`
+	    if test -n "$libdir" && test ! -f "$libfile"; then
+	      func_warning "'$lib' has not been installed in '$libdir'"
+	      finalize=false
+	    fi
+	  done
+
+	  relink_command=
+	  func_source "$wrapper"
+
+	  outputname=
+	  if test no = "$fast_install" && test -n "$relink_command"; then
+	    $opt_dry_run || {
+	      if $finalize; then
+	        tmpdir=`func_mktempdir`
+		func_basename "$file$stripped_ext"
+		file=$func_basename_result
+	        outputname=$tmpdir/$file
+	        # Replace the output file specification.
+	        relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'`
+
+	        $opt_quiet || {
+	          func_quote_for_expand "$relink_command"
+		  eval "func_echo $func_quote_for_expand_result"
+	        }
+	        if eval "$relink_command"; then :
+	          else
+		  func_error "error: relink '$file' with the above command before installing it"
+		  $opt_dry_run || ${RM}r "$tmpdir"
+		  continue
+	        fi
+	        file=$outputname
+	      else
+	        func_warning "cannot relink '$file'"
+	      fi
+	    }
+	  else
+	    # Install the binary that we compiled earlier.
+	    file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"`
+	  fi
+	fi
+
+	# remove .exe since cygwin /usr/bin/install will append another
+	# one anyway
+	case $install_prog,$host in
+	*/usr/bin/install*,*cygwin*)
+	  case $file:$destfile in
+	  *.exe:*.exe)
+	    # this is ok
+	    ;;
+	  *.exe:*)
+	    destfile=$destfile.exe
+	    ;;
+	  *:*.exe)
+	    func_stripname '' '.exe' "$destfile"
+	    destfile=$func_stripname_result
+	    ;;
+	  esac
+	  ;;
+	esac
+	func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+	$opt_dry_run || if test -n "$outputname"; then
+	  ${RM}r "$tmpdir"
+	fi
+	;;
+      esac
+    done
+
+    for file in $staticlibs; do
+      func_basename "$file"
+      name=$func_basename_result
+
+      # Set up the ranlib parameters.
+      oldlib=$destdir/$name
+      func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+      tool_oldlib=$func_to_tool_file_result
+
+      func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+      if test -n "$stripme" && test -n "$old_striplib"; then
+	func_show_eval "$old_striplib $tool_oldlib" 'exit $?'
+      fi
+
+      # Do each command in the postinstall commands.
+      func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+    done
+
+    test -n "$future_libdirs" && \
+      func_warning "remember to run '$progname --finish$future_libdirs'"
+
+    if test -n "$current_libdirs"; then
+      # Maybe just do a dry run.
+      $opt_dry_run && current_libdirs=" -n$current_libdirs"
+      exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs'
+    else
+      exit $EXIT_SUCCESS
+    fi
+}
+
+test install = "$opt_mode" && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+    $debug_cmd
+
+    my_outputname=$1
+    my_originator=$2
+    my_pic_p=${3-false}
+    my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'`
+    my_dlsyms=
+
+    if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
+      if test -n "$NM" && test -n "$global_symbol_pipe"; then
+	my_dlsyms=${my_outputname}S.c
+      else
+	func_error "not configured to extract global symbols from dlpreopened files"
+      fi
+    fi
+
+    if test -n "$my_dlsyms"; then
+      case $my_dlsyms in
+      "") ;;
+      *.c)
+	# Discover the nlist of each of the dlfiles.
+	nlist=$output_objdir/$my_outputname.nm
+
+	func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+	# Parse the name list into a source file.
+	func_verbose "creating $output_objdir/$my_dlsyms"
+
+	$opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4))
+#pragma GCC diagnostic ignored \"-Wstrict-prototypes\"
+#endif
+
+/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
+#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
+/* DATA imports from DLLs on WIN32 can't be const, because runtime
+   relocations are performed -- see ld's documentation on pseudo-relocs.  */
+# define LT_DLSYM_CONST
+#elif defined __osf__
+/* This system does not cope well with relocations in const data.  */
+# define LT_DLSYM_CONST
+#else
+# define LT_DLSYM_CONST const
+#endif
+
+#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
+
+/* External symbol declarations for the compiler. */\
+"
+
+	if test yes = "$dlself"; then
+	  func_verbose "generating symbol list for '$output'"
+
+	  $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+	  # Add our own program objects to the symbol list.
+	  progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP`
+	  for progfile in $progfiles; do
+	    func_to_tool_file "$progfile" func_convert_file_msys_to_w32
+	    func_verbose "extracting global C symbols from '$func_to_tool_file_result'"
+	    $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'"
+	  done
+
+	  if test -n "$exclude_expsyms"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  if test -n "$export_symbols_regex"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  # Prepare the list of exported symbols
+	  if test -z "$export_symbols"; then
+	    export_symbols=$output_objdir/$outputname.exp
+	    $opt_dry_run || {
+	      $RM $export_symbols
+	      eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+	      case $host in
+	      *cygwin* | *mingw* | *cegcc* )
+                eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+                eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+	        ;;
+	      esac
+	    }
+	  else
+	    $opt_dry_run || {
+	      eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+	      eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	      case $host in
+	        *cygwin* | *mingw* | *cegcc* )
+	          eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+	          eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+	          ;;
+	      esac
+	    }
+	  fi
+	fi
+
+	for dlprefile in $dlprefiles; do
+	  func_verbose "extracting global C symbols from '$dlprefile'"
+	  func_basename "$dlprefile"
+	  name=$func_basename_result
+          case $host in
+	    *cygwin* | *mingw* | *cegcc* )
+	      # if an import library, we need to obtain dlname
+	      if func_win32_import_lib_p "$dlprefile"; then
+	        func_tr_sh "$dlprefile"
+	        eval "curr_lafile=\$libfile_$func_tr_sh_result"
+	        dlprefile_dlbasename=
+	        if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then
+	          # Use subshell, to avoid clobbering current variable values
+	          dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"`
+	          if test -n "$dlprefile_dlname"; then
+	            func_basename "$dlprefile_dlname"
+	            dlprefile_dlbasename=$func_basename_result
+	          else
+	            # no lafile. user explicitly requested -dlpreopen <import library>.
+	            $sharedlib_from_linklib_cmd "$dlprefile"
+	            dlprefile_dlbasename=$sharedlib_from_linklib_result
+	          fi
+	        fi
+	        $opt_dry_run || {
+	          if test -n "$dlprefile_dlbasename"; then
+	            eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"'
+	          else
+	            func_warning "Could not compute DLL name from $name"
+	            eval '$ECHO ": $name " >> "$nlist"'
+	          fi
+	          func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+	          eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe |
+	            $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'"
+	        }
+	      else # not an import lib
+	        $opt_dry_run || {
+	          eval '$ECHO ": $name " >> "$nlist"'
+	          func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+	          eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+	        }
+	      fi
+	    ;;
+	    *)
+	      $opt_dry_run || {
+	        eval '$ECHO ": $name " >> "$nlist"'
+	        func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32
+	        eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+	      }
+	    ;;
+          esac
+	done
+
+	$opt_dry_run || {
+	  # Make sure we have at least an empty file.
+	  test -f "$nlist" || : > "$nlist"
+
+	  if test -n "$exclude_expsyms"; then
+	    $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+	    $MV "$nlist"T "$nlist"
+	  fi
+
+	  # Try sorting and uniquifying the output.
+	  if $GREP -v "^: " < "$nlist" |
+	      if sort -k 3 </dev/null >/dev/null 2>&1; then
+		sort -k 3
+	      else
+		sort +2
+	      fi |
+	      uniq > "$nlist"S; then
+	    :
+	  else
+	    $GREP -v "^: " < "$nlist" > "$nlist"S
+	  fi
+
+	  if test -f "$nlist"S; then
+	    eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+	  else
+	    echo '/* NONE */' >> "$output_objdir/$my_dlsyms"
+	  fi
+
+	  func_show_eval '$RM "${nlist}I"'
+	  if test -n "$global_symbol_to_import"; then
+	    eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I'
+	  fi
+
+	  echo >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols.  */
+typedef struct {
+  const char *name;
+  void *address;
+} lt_dlsymlist;
+extern LT_DLSYM_CONST lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];\
+"
+
+	  if test -s "$nlist"I; then
+	    echo >> "$output_objdir/$my_dlsyms" "\
+static void lt_syminit(void)
+{
+  LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols;
+  for (; symbol->name; ++symbol)
+    {"
+	    $SED 's/.*/      if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms"
+	    echo >> "$output_objdir/$my_dlsyms" "\
+    }
+}"
+	  fi
+	  echo >> "$output_objdir/$my_dlsyms" "\
+LT_DLSYM_CONST lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{ {\"$my_originator\", (void *) 0},"
+
+	  if test -s "$nlist"I; then
+	    echo >> "$output_objdir/$my_dlsyms" "\
+  {\"@INIT@\", (void *) &lt_syminit},"
+	  fi
+
+	  case $need_lib_prefix in
+	  no)
+	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  *)
+	    eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  esac
+	  echo >> "$output_objdir/$my_dlsyms" "\
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+	} # !$opt_dry_run
+
+	pic_flag_for_symtable=
+	case "$compile_command " in
+	*" -static "*) ;;
+	*)
+	  case $host in
+	  # compiling the symbol table file with pic_flag works around
+	  # a FreeBSD bug that causes programs to crash when -lm is
+	  # linked before any other PIC object.  But we must not use
+	  # pic_flag when linking with -static.  The problem exists in
+	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+	  *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+	    pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+	  *-*-hpux*)
+	    pic_flag_for_symtable=" $pic_flag"  ;;
+	  *)
+	    $my_pic_p && pic_flag_for_symtable=" $pic_flag"
+	    ;;
+	  esac
+	  ;;
+	esac
+	symtab_cflags=
+	for arg in $LTCFLAGS; do
+	  case $arg in
+	  -pie | -fpie | -fPIE) ;;
+	  *) func_append symtab_cflags " $arg" ;;
+	  esac
+	done
+
+	# Now compile the dynamic symbol file.
+	func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+	# Clean up the generated files.
+	func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"'
+
+	# Transform the symbol file into the correct name.
+	symfileobj=$output_objdir/${my_outputname}S.$objext
+	case $host in
+	*cygwin* | *mingw* | *cegcc* )
+	  if test -f "$output_objdir/$my_outputname.def"; then
+	    compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	    finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	  else
+	    compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+	    finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+	  fi
+	  ;;
+	*)
+	  compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+	  finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"`
+	  ;;
+	esac
+	;;
+      *)
+	func_fatal_error "unknown suffix for '$my_dlsyms'"
+	;;
+      esac
+    else
+      # We keep going just in case the user didn't refer to
+      # lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
+      # really was required.
+
+      # Nullify the symbol file.
+      compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"`
+      finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"`
+    fi
+}
+
+# func_cygming_gnu_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is a GNU/binutils-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_gnu_implib_p ()
+{
+  $debug_cmd
+
+  func_to_tool_file "$1" func_convert_file_msys_to_w32
+  func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'`
+  test -n "$func_cygming_gnu_implib_tmp"
+}
+
+# func_cygming_ms_implib_p ARG
+# This predicate returns with zero status (TRUE) if
+# ARG is an MS-style import library. Returns
+# with nonzero status (FALSE) otherwise.
+func_cygming_ms_implib_p ()
+{
+  $debug_cmd
+
+  func_to_tool_file "$1" func_convert_file_msys_to_w32
+  func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'`
+  test -n "$func_cygming_ms_implib_tmp"
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+# Despite the name, also deal with 64 bit binaries.
+func_win32_libid ()
+{
+  $debug_cmd
+
+  win32_libid_type=unknown
+  win32_fileres=`file -L $1 2>/dev/null`
+  case $win32_fileres in
+  *ar\ archive\ import\ library*) # definitely import
+    win32_libid_type="x86 archive import"
+    ;;
+  *ar\ archive*) # could be an import, or static
+    # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD.
+    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+       $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then
+      case $nm_interface in
+      "MS dumpbin")
+	if func_cygming_ms_implib_p "$1" ||
+	   func_cygming_gnu_implib_p "$1"
+	then
+	  win32_nmres=import
+	else
+	  win32_nmres=
+	fi
+	;;
+      *)
+	func_to_tool_file "$1" func_convert_file_msys_to_w32
+	win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" |
+	  $SED -n -e '
+	    1,100{
+		/ I /{
+		    s|.*|import|
+		    p
+		    q
+		}
+	    }'`
+	;;
+      esac
+      case $win32_nmres in
+      import*)  win32_libid_type="x86 archive import";;
+      *)        win32_libid_type="x86 archive static";;
+      esac
+    fi
+    ;;
+  *DLL*)
+    win32_libid_type="x86 DLL"
+    ;;
+  *executable*) # but shell scripts are "executable" too...
+    case $win32_fileres in
+    *MS\ Windows\ PE\ Intel*)
+      win32_libid_type="x86 DLL"
+      ;;
+    esac
+    ;;
+  esac
+  $ECHO "$win32_libid_type"
+}
+
+# func_cygming_dll_for_implib ARG
+#
+# Platform-specific function to extract the
+# name of the DLL associated with the specified
+# import library ARG.
+# Invoked by eval'ing the libtool variable
+#    $sharedlib_from_linklib_cmd
+# Result is available in the variable
+#    $sharedlib_from_linklib_result
+func_cygming_dll_for_implib ()
+{
+  $debug_cmd
+
+  sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"`
+}
+
+# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs
+#
+# The is the core of a fallback implementation of a
+# platform-specific function to extract the name of the
+# DLL associated with the specified import library LIBNAME.
+#
+# SECTION_NAME is either .idata$6 or .idata$7, depending
+# on the platform and compiler that created the implib.
+#
+# Echos the name of the DLL associated with the
+# specified import library.
+func_cygming_dll_for_implib_fallback_core ()
+{
+  $debug_cmd
+
+  match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"`
+  $OBJDUMP -s --section "$1" "$2" 2>/dev/null |
+    $SED '/^Contents of section '"$match_literal"':/{
+      # Place marker at beginning of archive member dllname section
+      s/.*/====MARK====/
+      p
+      d
+    }
+    # These lines can sometimes be longer than 43 characters, but
+    # are always uninteresting
+    /:[	 ]*file format pe[i]\{,1\}-/d
+    /^In archive [^:]*:/d
+    # Ensure marker is printed
+    /^====MARK====/p
+    # Remove all lines with less than 43 characters
+    /^.\{43\}/!d
+    # From remaining lines, remove first 43 characters
+    s/^.\{43\}//' |
+    $SED -n '
+      # Join marker and all lines until next marker into a single line
+      /^====MARK====/ b para
+      H
+      $ b para
+      b
+      :para
+      x
+      s/\n//g
+      # Remove the marker
+      s/^====MARK====//
+      # Remove trailing dots and whitespace
+      s/[\. \t]*$//
+      # Print
+      /./p' |
+    # we now have a list, one entry per line, of the stringified
+    # contents of the appropriate section of all members of the
+    # archive that possess that section. Heuristic: eliminate
+    # all those that have a first or second character that is
+    # a '.' (that is, objdump's representation of an unprintable
+    # character.) This should work for all archives with less than
+    # 0x302f exports -- but will fail for DLLs whose name actually
+    # begins with a literal '.' or a single character followed by
+    # a '.'.
+    #
+    # Of those that remain, print the first one.
+    $SED -e '/^\./d;/^.\./d;q'
+}
+
+# func_cygming_dll_for_implib_fallback ARG
+# Platform-specific function to extract the
+# name of the DLL associated with the specified
+# import library ARG.
+#
+# This fallback implementation is for use when $DLLTOOL
+# does not support the --identify-strict option.
+# Invoked by eval'ing the libtool variable
+#    $sharedlib_from_linklib_cmd
+# Result is available in the variable
+#    $sharedlib_from_linklib_result
+func_cygming_dll_for_implib_fallback ()
+{
+  $debug_cmd
+
+  if func_cygming_gnu_implib_p "$1"; then
+    # binutils import library
+    sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"`
+  elif func_cygming_ms_implib_p "$1"; then
+    # ms-generated import library
+    sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"`
+  else
+    # unknown
+    sharedlib_from_linklib_result=
+  fi
+}
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+    $debug_cmd
+
+    f_ex_an_ar_dir=$1; shift
+    f_ex_an_ar_oldlib=$1
+    if test yes = "$lock_old_archive_extraction"; then
+      lockfile=$f_ex_an_ar_oldlib.lock
+      until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+	func_echo "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    fi
+    func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \
+		   'stat=$?; rm -f "$lockfile"; exit $stat'
+    if test yes = "$lock_old_archive_extraction"; then
+      $opt_dry_run || rm -f "$lockfile"
+    fi
+    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+     :
+    else
+      func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+    fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+    $debug_cmd
+
+    my_gentop=$1; shift
+    my_oldlibs=${1+"$@"}
+    my_oldobjs=
+    my_xlib=
+    my_xabs=
+    my_xdir=
+
+    for my_xlib in $my_oldlibs; do
+      # Extract the objects.
+      case $my_xlib in
+	[\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;;
+	*) my_xabs=`pwd`"/$my_xlib" ;;
+      esac
+      func_basename "$my_xlib"
+      my_xlib=$func_basename_result
+      my_xlib_u=$my_xlib
+      while :; do
+        case " $extracted_archives " in
+	*" $my_xlib_u "*)
+	  func_arith $extracted_serial + 1
+	  extracted_serial=$func_arith_result
+	  my_xlib_u=lt$extracted_serial-$my_xlib ;;
+	*) break ;;
+	esac
+      done
+      extracted_archives="$extracted_archives $my_xlib_u"
+      my_xdir=$my_gentop/$my_xlib_u
+
+      func_mkdir_p "$my_xdir"
+
+      case $host in
+      *-darwin*)
+	func_verbose "Extracting $my_xabs"
+	# Do not bother doing anything if just a dry run
+	$opt_dry_run || {
+	  darwin_orig_dir=`pwd`
+	  cd $my_xdir || exit $?
+	  darwin_archive=$my_xabs
+	  darwin_curdir=`pwd`
+	  func_basename "$darwin_archive"
+	  darwin_base_archive=$func_basename_result
+	  darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+	  if test -n "$darwin_arches"; then
+	    darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+	    darwin_arch=
+	    func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+	    for darwin_arch in  $darwin_arches; do
+	      func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch"
+	      $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive"
+	      cd "unfat-$$/$darwin_base_archive-$darwin_arch"
+	      func_extract_an_archive "`pwd`" "$darwin_base_archive"
+	      cd "$darwin_curdir"
+	      $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive"
+	    done # $darwin_arches
+            ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u`
+	    darwin_file=
+	    darwin_files=
+	    for darwin_file in $darwin_filelist; do
+	      darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP`
+	      $LIPO -create -output "$darwin_file" $darwin_files
+	    done # $darwin_filelist
+	    $RM -rf unfat-$$
+	    cd "$darwin_orig_dir"
+	  else
+	    cd $darwin_orig_dir
+	    func_extract_an_archive "$my_xdir" "$my_xabs"
+	  fi # $darwin_arches
+	} # !$opt_dry_run
+	;;
+      *)
+        func_extract_an_archive "$my_xdir" "$my_xabs"
+	;;
+      esac
+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP`
+    done
+
+    func_extract_archives_result=$my_oldobjs
+}
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable.  Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take.  If 'yes', then the emitted script
+# will assume that the directory where it is stored is
+# the $objdir directory.  This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+	func_emit_wrapper_arg1=${1-no}
+
+	$ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+  # install mode needs the following variables:
+  generated_by_libtool_version='$macro_version'
+  notinst_deplibs='$notinst_deplibs'
+else
+  # When we are sourced in execute mode, \$file and \$ECHO are already set.
+  if test \"\$libtool_execute_magic\" != \"$magic\"; then
+    file=\"\$0\""
+
+    qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"`
+    $ECHO "\
+
+# A function that is used when there is no print builtin or printf.
+func_fallback_echo ()
+{
+  eval 'cat <<_LTECHO_EOF
+\$1
+_LTECHO_EOF'
+}
+    ECHO=\"$qECHO\"
+  fi
+
+# Very basic option parsing. These options are (a) specific to
+# the libtool wrapper, (b) are identical between the wrapper
+# /script/ and the wrapper /executable/ that is used only on
+# windows platforms, and (c) all begin with the string "--lt-"
+# (application programs are unlikely to have options that match
+# this pattern).
+#
+# There are only two supported options: --lt-debug and
+# --lt-dump-script. There is, deliberately, no --lt-help.
+#
+# The first argument to this parsing function should be the
+# script's $0 value, followed by "$@".
+lt_option_debug=
+func_parse_lt_options ()
+{
+  lt_script_arg0=\$0
+  shift
+  for lt_opt
+  do
+    case \"\$lt_opt\" in
+    --lt-debug) lt_option_debug=1 ;;
+    --lt-dump-script)
+        lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\`
+        test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=.
+        lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\`
+        cat \"\$lt_dump_D/\$lt_dump_F\"
+        exit 0
+      ;;
+    --lt-*)
+        \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2
+        exit 1
+      ;;
+    esac
+  done
+
+  # Print the debug banner immediately:
+  if test -n \"\$lt_option_debug\"; then
+    echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2
+  fi
+}
+
+# Used when --lt-debug. Prints its arguments to stdout
+# (redirection is the responsibility of the caller)
+func_lt_dump_args ()
+{
+  lt_dump_args_N=1;
+  for lt_arg
+  do
+    \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\"
+    lt_dump_args_N=\`expr \$lt_dump_args_N + 1\`
+  done
+}
+
+# Core function for launching the target application
+func_exec_program_core ()
+{
+"
+  case $host in
+  # Backslashes separate directories on plain windows
+  *-*-mingw | *-*-os2* | *-cegcc*)
+    $ECHO "\
+      if test -n \"\$lt_option_debug\"; then
+        \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2
+        func_lt_dump_args \${1+\"\$@\"} 1>&2
+      fi
+      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+    ;;
+
+  *)
+    $ECHO "\
+      if test -n \"\$lt_option_debug\"; then
+        \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2
+        func_lt_dump_args \${1+\"\$@\"} 1>&2
+      fi
+      exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+    ;;
+  esac
+  $ECHO "\
+      \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+      exit 1
+}
+
+# A function to encapsulate launching the target application
+# Strips options in the --lt-* namespace from \$@ and
+# launches target application with the remaining arguments.
+func_exec_program ()
+{
+  case \" \$* \" in
+  *\\ --lt-*)
+    for lt_wr_arg
+    do
+      case \$lt_wr_arg in
+      --lt-*) ;;
+      *) set x \"\$@\" \"\$lt_wr_arg\"; shift;;
+      esac
+      shift
+    done ;;
+  esac
+  func_exec_program_core \${1+\"\$@\"}
+}
+
+  # Parse options
+  func_parse_lt_options \"\$0\" \${1+\"\$@\"}
+
+  # Find the directory that this script lives in.
+  thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\`
+  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+  # Follow symbolic links until we get to the real thisdir.
+  file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\`
+  while test -n \"\$file\"; do
+    destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\`
+
+    # If there was a directory component, then change thisdir.
+    if test \"x\$destdir\" != \"x\$file\"; then
+      case \"\$destdir\" in
+      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+      *) thisdir=\"\$thisdir/\$destdir\" ;;
+      esac
+    fi
+
+    file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\`
+    file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\`
+  done
+
+  # Usually 'no', except on cygwin/mingw when embedded into
+  # the cwrapper.
+  WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1
+  if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+    # special case for '.'
+    if test \"\$thisdir\" = \".\"; then
+      thisdir=\`pwd\`
+    fi
+    # remove .libs from thisdir
+    case \"\$thisdir\" in
+    *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;;
+    $objdir )   thisdir=. ;;
+    esac
+  fi
+
+  # Try to get the absolute directory name.
+  absdir=\`cd \"\$thisdir\" && pwd\`
+  test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+	if test yes = "$fast_install"; then
+	  $ECHO "\
+  program=lt-'$outputname'$exeext
+  progdir=\"\$thisdir/$objdir\"
+
+  if test ! -f \"\$progdir/\$program\" ||
+     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\
+       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+    file=\"\$\$-\$program\"
+
+    if test ! -d \"\$progdir\"; then
+      $MKDIR \"\$progdir\"
+    else
+      $RM \"\$progdir/\$file\"
+    fi"
+
+	  $ECHO "\
+
+    # relink executable if necessary
+    if test -n \"\$relink_command\"; then
+      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+      else
+	\$ECHO \"\$relink_command_output\" >&2
+	$RM \"\$progdir/\$file\"
+	exit 1
+      fi
+    fi
+
+    $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+    { $RM \"\$progdir/\$program\";
+      $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+    $RM \"\$progdir/\$file\"
+  fi"
+	else
+	  $ECHO "\
+  program='$outputname'
+  progdir=\"\$thisdir/$objdir\"
+"
+	fi
+
+	$ECHO "\
+
+  if test -f \"\$progdir/\$program\"; then"
+
+	# fixup the dll searchpath if we need to.
+	#
+	# Fix the DLL searchpath if we need to.  Do this before prepending
+	# to shlibpath, because on Windows, both are PATH and uninstalled
+	# libraries must come first.
+	if test -n "$dllsearchpath"; then
+	  $ECHO "\
+    # Add the dll search path components to the executable PATH
+    PATH=$dllsearchpath:\$PATH
+"
+	fi
+
+	# Export our shlibpath_var if we have one.
+	if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+	  $ECHO "\
+    # Add our own library path to $shlibpath_var
+    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+    # Some systems cannot cope with colon-terminated $shlibpath_var
+    # The second colon is a workaround for a bug in BeOS R4 sed
+    $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\`
+
+    export $shlibpath_var
+"
+	fi
+
+	$ECHO "\
+    if test \"\$libtool_execute_magic\" != \"$magic\"; then
+      # Run the actual program with our arguments.
+      func_exec_program \${1+\"\$@\"}
+    fi
+  else
+    # The program doesn't exist.
+    \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2
+    \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+    \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+    exit 1
+  fi
+fi\
+"
+}
+
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+	cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+   Generated by $PROGRAM (GNU $PACKAGE) $VERSION
+
+   The $output program cannot be directly executed until all the libtool
+   libraries that it depends on are installed.
+
+   This wrapper executable should never be moved out of the build directory.
+   If it is, it will not operate correctly.
+*/
+EOF
+	    cat <<"EOF"
+#ifdef _MSC_VER
+# define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+#  include <io.h>
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0)
+
+/* declarations of non-ANSI functions */
+#if defined __MINGW32__
+# ifdef __STRICT_ANSI__
+int _putenv (const char *);
+# endif
+#elif defined __CYGWIN__
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+/* #elif defined other_platform || defined ... */
+#endif
+
+/* portability defines, excluding path handling macros */
+#if defined _MSC_VER
+# define setmode _setmode
+# define stat    _stat
+# define chmod   _chmod
+# define getcwd  _getcwd
+# define putenv  _putenv
+# define S_IXUSR _S_IEXEC
+#elif defined __MINGW32__
+# define setmode _setmode
+# define stat    _stat
+# define chmod   _chmod
+# define getcwd  _getcwd
+# define putenv  _putenv
+#elif defined __CYGWIN__
+# define HAVE_SETENV
+# define FOPEN_WB "wb"
+/* #elif defined other platforms ... */
+#endif
+
+#if defined PATH_MAX
+# define LT_PATHMAX PATH_MAX
+#elif defined MAXPATHLEN
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+/* path handling portability macros */
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \
+  defined __OS2__
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+#  define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+#  define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+	(((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+  if (stale) { free (stale); stale = 0; } \
+} while (0)
+
+#if defined LT_DEBUGWRAPPER
+static int lt_debug = 1;
+#else
+static int lt_debug = 0;
+#endif
+
+const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_debugprintf (const char *file, int line, const char *fmt, ...);
+void lt_fatal (const char *file, int line, const char *message, ...);
+static const char *nonnull (const char *s);
+static const char *nonempty (const char *s);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+char **prepare_spawn (char **argv);
+void lt_dump_script (FILE *f);
+EOF
+
+	    cat <<EOF
+#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 5)
+# define externally_visible volatile
+#else
+# define externally_visible __attribute__((externally_visible)) volatile
+#endif
+externally_visible const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+	    if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+              func_to_host_path "$temp_rpath"
+	      cat <<EOF
+const char * LIB_PATH_VALUE   = "$func_to_host_path_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * LIB_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test -n "$dllsearchpath"; then
+              func_to_host_path "$dllsearchpath:"
+	      cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE   = "$func_to_host_path_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test yes = "$fast_install"; then
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+	    else
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+	    fi
+
+
+	    cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX         "--lt-"
+
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+static const char *dumpscript_opt       = LTWRAPPER_OPTION_PREFIX "dump-script";
+static const char *debug_opt            = LTWRAPPER_OPTION_PREFIX "debug";
+
+int
+main (int argc, char *argv[])
+{
+  char **newargz;
+  int  newargc;
+  char *tmp_pathspec;
+  char *actual_cwrapper_path;
+  char *actual_cwrapper_name;
+  char *target_name;
+  char *lt_argv_zero;
+  int rval = 127;
+
+  int i;
+
+  program_name = (char *) xstrdup (base_name (argv[0]));
+  newargz = XMALLOC (char *, (size_t) argc + 1);
+
+  /* very simple arg parsing; don't want to rely on getopt
+   * also, copy all non cwrapper options to newargz, except
+   * argz[0], which is handled differently
+   */
+  newargc=0;
+  for (i = 1; i < argc; i++)
+    {
+      if (STREQ (argv[i], dumpscript_opt))
+	{
+EOF
+	    case $host in
+	      *mingw* | *cygwin* )
+		# make stdout use "unix" line endings
+		echo "          setmode(1,_O_BINARY);"
+		;;
+	      esac
+
+	    cat <<"EOF"
+	  lt_dump_script (stdout);
+	  return 0;
+	}
+      if (STREQ (argv[i], debug_opt))
+	{
+          lt_debug = 1;
+          continue;
+	}
+      if (STREQ (argv[i], ltwrapper_option_prefix))
+        {
+          /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+             namespace, but it is not one of the ones we know about and
+             have already dealt with, above (inluding dump-script), then
+             report an error. Otherwise, targets might begin to believe
+             they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+             namespace. The first time any user complains about this, we'll
+             need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+             or a configure.ac-settable value.
+           */
+          lt_fatal (__FILE__, __LINE__,
+		    "unrecognized %s option: '%s'",
+                    ltwrapper_option_prefix, argv[i]);
+        }
+      /* otherwise ... */
+      newargz[++newargc] = xstrdup (argv[i]);
+    }
+  newargz[++newargc] = NULL;
+
+EOF
+	    cat <<EOF
+  /* The GNU banner must be the first non-error debug message */
+  lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE) $VERSION\n");
+EOF
+	    cat <<"EOF"
+  lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]);
+  lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name);
+
+  tmp_pathspec = find_executable (argv[0]);
+  if (tmp_pathspec == NULL)
+    lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]);
+  lt_debugprintf (__FILE__, __LINE__,
+                  "(main) found exe (before symlink chase) at: %s\n",
+		  tmp_pathspec);
+
+  actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+  lt_debugprintf (__FILE__, __LINE__,
+                  "(main) found exe (after symlink chase) at: %s\n",
+		  actual_cwrapper_path);
+  XFREE (tmp_pathspec);
+
+  actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path));
+  strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+  /* wrapper name transforms */
+  strendzap (actual_cwrapper_name, ".exe");
+  tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+  XFREE (actual_cwrapper_name);
+  actual_cwrapper_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  /* target_name transforms -- use actual target program name; might have lt- prefix */
+  target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+  strendzap (target_name, ".exe");
+  tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+  XFREE (target_name);
+  target_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  lt_debugprintf (__FILE__, __LINE__,
+		  "(main) libtool target name: %s\n",
+		  target_name);
+EOF
+
+	    cat <<EOF
+  newargz[0] =
+    XMALLOC (char, (strlen (actual_cwrapper_path) +
+		    strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+  strcpy (newargz[0], actual_cwrapper_path);
+  strcat (newargz[0], "$objdir");
+  strcat (newargz[0], "/");
+EOF
+
+	    cat <<"EOF"
+  /* stop here, and copy so we don't have to do this twice */
+  tmp_pathspec = xstrdup (newargz[0]);
+
+  /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+  strcat (newargz[0], actual_cwrapper_name);
+
+  /* DO want the lt- prefix here if it exists, so use target_name */
+  lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+  XFREE (tmp_pathspec);
+  tmp_pathspec = NULL;
+EOF
+
+	    case $host_os in
+	      mingw*)
+	    cat <<"EOF"
+  {
+    char* p;
+    while ((p = strchr (newargz[0], '\\')) != NULL)
+      {
+	*p = '/';
+      }
+    while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+      {
+	*p = '/';
+      }
+  }
+EOF
+	    ;;
+	    esac
+
+	    cat <<"EOF"
+  XFREE (target_name);
+  XFREE (actual_cwrapper_path);
+  XFREE (actual_cwrapper_name);
+
+  lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+  lt_setenv ("DUALCASE", "1");  /* for MSK sh */
+  /* Update the DLL searchpath.  EXE_PATH_VALUE ($dllsearchpath) must
+     be prepended before (that is, appear after) LIB_PATH_VALUE ($temp_rpath)
+     because on Windows, both *_VARNAMEs are PATH but uninstalled
+     libraries must come first. */
+  lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+  lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+
+  lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n",
+		  nonnull (lt_argv_zero));
+  for (i = 0; i < newargc; i++)
+    {
+      lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n",
+		      i, nonnull (newargz[i]));
+    }
+
+EOF
+
+	    case $host_os in
+	      mingw*)
+		cat <<"EOF"
+  /* execv doesn't actually work on mingw as expected on unix */
+  newargz = prepare_spawn (newargz);
+  rval = (int) _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+  if (rval == -1)
+    {
+      /* failed to start process */
+      lt_debugprintf (__FILE__, __LINE__,
+		      "(main) failed to launch target \"%s\": %s\n",
+		      lt_argv_zero, nonnull (strerror (errno)));
+      return 127;
+    }
+  return rval;
+EOF
+		;;
+	      *)
+		cat <<"EOF"
+  execv (lt_argv_zero, newargz);
+  return rval; /* =127, but avoids unused variable warning */
+EOF
+		;;
+	    esac
+
+	    cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+  void *p = (void *) malloc (num);
+  if (!p)
+    lt_fatal (__FILE__, __LINE__, "memory exhausted");
+
+  return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+  return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+			  string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+  const char *base;
+
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
+  /* Skip over the disk name in MSDOS pathnames. */
+  if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+    name += 2;
+#endif
+
+  for (base = name; *name; name++)
+    if (IS_DIR_SEPARATOR (*name))
+      base = name + 1;
+  return base;
+}
+
+int
+check_executable (const char *path)
+{
+  struct stat st;
+
+  lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n",
+                  nonempty (path));
+  if ((!path) || (!*path))
+    return 0;
+
+  if ((stat (path, &st) >= 0)
+      && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+    return 1;
+  else
+    return 0;
+}
+
+int
+make_executable (const char *path)
+{
+  int rval = 0;
+  struct stat st;
+
+  lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n",
+                  nonempty (path));
+  if ((!path) || (!*path))
+    return 0;
+
+  if (stat (path, &st) >= 0)
+    {
+      rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+    }
+  return rval;
+}
+
+/* Searches for the full path of the wrapper.  Returns
+   newly allocated full path name if found, NULL otherwise
+   Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+  int has_slash = 0;
+  const char *p;
+  const char *p_next;
+  /* static buffer for getcwd */
+  char tmp[LT_PATHMAX + 1];
+  size_t tmp_len;
+  char *concat_name;
+
+  lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n",
+                  nonempty (wrapper));
+
+  if ((wrapper == NULL) || (*wrapper == '\0'))
+    return NULL;
+
+  /* Absolute path? */
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
+  if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+    {
+      concat_name = xstrdup (wrapper);
+      if (check_executable (concat_name))
+	return concat_name;
+      XFREE (concat_name);
+    }
+  else
+    {
+#endif
+      if (IS_DIR_SEPARATOR (wrapper[0]))
+	{
+	  concat_name = xstrdup (wrapper);
+	  if (check_executable (concat_name))
+	    return concat_name;
+	  XFREE (concat_name);
+	}
+#if defined HAVE_DOS_BASED_FILE_SYSTEM
+    }
+#endif
+
+  for (p = wrapper; *p; p++)
+    if (*p == '/')
+      {
+	has_slash = 1;
+	break;
+      }
+  if (!has_slash)
+    {
+      /* no slashes; search PATH */
+      const char *path = getenv ("PATH");
+      if (path != NULL)
+	{
+	  for (p = path; *p; p = p_next)
+	    {
+	      const char *q;
+	      size_t p_len;
+	      for (q = p; *q; q++)
+		if (IS_PATH_SEPARATOR (*q))
+		  break;
+	      p_len = (size_t) (q - p);
+	      p_next = (*q == '\0' ? q : q + 1);
+	      if (p_len == 0)
+		{
+		  /* empty path: current directory */
+		  if (getcwd (tmp, LT_PATHMAX) == NULL)
+		    lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
+                              nonnull (strerror (errno)));
+		  tmp_len = strlen (tmp);
+		  concat_name =
+		    XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, tmp, tmp_len);
+		  concat_name[tmp_len] = '/';
+		  strcpy (concat_name + tmp_len + 1, wrapper);
+		}
+	      else
+		{
+		  concat_name =
+		    XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, p, p_len);
+		  concat_name[p_len] = '/';
+		  strcpy (concat_name + p_len + 1, wrapper);
+		}
+	      if (check_executable (concat_name))
+		return concat_name;
+	      XFREE (concat_name);
+	    }
+	}
+      /* not found in PATH; assume curdir */
+    }
+  /* Relative path | not found in path: prepend cwd */
+  if (getcwd (tmp, LT_PATHMAX) == NULL)
+    lt_fatal (__FILE__, __LINE__, "getcwd failed: %s",
+              nonnull (strerror (errno)));
+  tmp_len = strlen (tmp);
+  concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+  memcpy (concat_name, tmp, tmp_len);
+  concat_name[tmp_len] = '/';
+  strcpy (concat_name + tmp_len + 1, wrapper);
+
+  if (check_executable (concat_name))
+    return concat_name;
+  XFREE (concat_name);
+  return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+  return xstrdup (pathspec);
+#else
+  char buf[LT_PATHMAX];
+  struct stat s;
+  char *tmp_pathspec = xstrdup (pathspec);
+  char *p;
+  int has_symlinks = 0;
+  while (strlen (tmp_pathspec) && !has_symlinks)
+    {
+      lt_debugprintf (__FILE__, __LINE__,
+		      "checking path component for symlinks: %s\n",
+		      tmp_pathspec);
+      if (lstat (tmp_pathspec, &s) == 0)
+	{
+	  if (S_ISLNK (s.st_mode) != 0)
+	    {
+	      has_symlinks = 1;
+	      break;
+	    }
+
+	  /* search backwards for last DIR_SEPARATOR */
+	  p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+	  while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    p--;
+	  if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    {
+	      /* no more DIR_SEPARATORS left */
+	      break;
+	    }
+	  *p = '\0';
+	}
+      else
+	{
+	  lt_fatal (__FILE__, __LINE__,
+		    "error accessing file \"%s\": %s",
+		    tmp_pathspec, nonnull (strerror (errno)));
+	}
+    }
+  XFREE (tmp_pathspec);
+
+  if (!has_symlinks)
+    {
+      return xstrdup (pathspec);
+    }
+
+  tmp_pathspec = realpath (pathspec, buf);
+  if (tmp_pathspec == 0)
+    {
+      lt_fatal (__FILE__, __LINE__,
+		"could not follow symlinks for %s", pathspec);
+    }
+  return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+  size_t len, patlen;
+
+  assert (str != NULL);
+  assert (pat != NULL);
+
+  len = strlen (str);
+  patlen = strlen (pat);
+
+  if (patlen <= len)
+    {
+      str += len - patlen;
+      if (STREQ (str, pat))
+	*str = '\0';
+    }
+  return str;
+}
+
+void
+lt_debugprintf (const char *file, int line, const char *fmt, ...)
+{
+  va_list args;
+  if (lt_debug)
+    {
+      (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line);
+      va_start (args, fmt);
+      (void) vfprintf (stderr, fmt, args);
+      va_end (args);
+    }
+}
+
+static void
+lt_error_core (int exit_status, const char *file,
+	       int line, const char *mode,
+	       const char *message, va_list ap)
+{
+  fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode);
+  vfprintf (stderr, message, ap);
+  fprintf (stderr, ".\n");
+
+  if (exit_status >= 0)
+    exit (exit_status);
+}
+
+void
+lt_fatal (const char *file, int line, const char *message, ...)
+{
+  va_list ap;
+  va_start (ap, message);
+  lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap);
+  va_end (ap);
+}
+
+static const char *
+nonnull (const char *s)
+{
+  return s ? s : "(null)";
+}
+
+static const char *
+nonempty (const char *s)
+{
+  return (s && !*s) ? "(empty)" : nonnull (s);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+  lt_debugprintf (__FILE__, __LINE__,
+		  "(lt_setenv) setting '%s' to '%s'\n",
+                  nonnull (name), nonnull (value));
+  {
+#ifdef HAVE_SETENV
+    /* always make a copy, for consistency with !HAVE_SETENV */
+    char *str = xstrdup (value);
+    setenv (name, str, 1);
+#else
+    size_t len = strlen (name) + 1 + strlen (value) + 1;
+    char *str = XMALLOC (char, len);
+    sprintf (str, "%s=%s", name, value);
+    if (putenv (str) != EXIT_SUCCESS)
+      {
+        XFREE (str);
+      }
+#endif
+  }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+  char *new_value;
+  if (orig_value && *orig_value)
+    {
+      size_t orig_value_len = strlen (orig_value);
+      size_t add_len = strlen (add);
+      new_value = XMALLOC (char, add_len + orig_value_len + 1);
+      if (to_end)
+        {
+          strcpy (new_value, orig_value);
+          strcpy (new_value + orig_value_len, add);
+        }
+      else
+        {
+          strcpy (new_value, add);
+          strcpy (new_value + add_len, orig_value);
+        }
+    }
+  else
+    {
+      new_value = xstrdup (add);
+    }
+  return new_value;
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+  lt_debugprintf (__FILE__, __LINE__,
+		  "(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+                  nonnull (name), nonnull (value));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      /* some systems can't cope with a ':'-terminated path #' */
+      size_t len = strlen (new_value);
+      while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+        {
+          new_value[--len] = '\0';
+        }
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+  lt_debugprintf (__FILE__, __LINE__,
+		  "(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+                  nonnull (name), nonnull (value));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+EOF
+	    case $host_os in
+	      mingw*)
+		cat <<"EOF"
+
+/* Prepares an argument vector before calling spawn().
+   Note that spawn() does not by itself call the command interpreter
+     (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") :
+      ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+         GetVersionEx(&v);
+         v.dwPlatformId == VER_PLATFORM_WIN32_NT;
+      }) ? "cmd.exe" : "command.com").
+   Instead it simply concatenates the arguments, separated by ' ', and calls
+   CreateProcess().  We must quote the arguments since Win32 CreateProcess()
+   interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a
+   special way:
+   - Space and tab are interpreted as delimiters. They are not treated as
+     delimiters if they are surrounded by double quotes: "...".
+   - Unescaped double quotes are removed from the input. Their only effect is
+     that within double quotes, space and tab are treated like normal
+     characters.
+   - Backslashes not followed by double quotes are not special.
+   - But 2*n+1 backslashes followed by a double quote become
+     n backslashes followed by a double quote (n >= 0):
+       \" -> "
+       \\\" -> \"
+       \\\\\" -> \\"
+ */
+#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
+#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037"
+char **
+prepare_spawn (char **argv)
+{
+  size_t argc;
+  char **new_argv;
+  size_t i;
+
+  /* Count number of arguments.  */
+  for (argc = 0; argv[argc] != NULL; argc++)
+    ;
+
+  /* Allocate new argument vector.  */
+  new_argv = XMALLOC (char *, argc + 1);
+
+  /* Put quoted arguments into the new argument vector.  */
+  for (i = 0; i < argc; i++)
+    {
+      const char *string = argv[i];
+
+      if (string[0] == '\0')
+	new_argv[i] = xstrdup ("\"\"");
+      else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL)
+	{
+	  int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL);
+	  size_t length;
+	  unsigned int backslashes;
+	  const char *s;
+	  char *quoted_string;
+	  char *p;
+
+	  length = 0;
+	  backslashes = 0;
+	  if (quote_around)
+	    length++;
+	  for (s = string; *s != '\0'; s++)
+	    {
+	      char c = *s;
+	      if (c == '"')
+		length += backslashes + 1;
+	      length++;
+	      if (c == '\\')
+		backslashes++;
+	      else
+		backslashes = 0;
+	    }
+	  if (quote_around)
+	    length += backslashes + 1;
+
+	  quoted_string = XMALLOC (char, length + 1);
+
+	  p = quoted_string;
+	  backslashes = 0;
+	  if (quote_around)
+	    *p++ = '"';
+	  for (s = string; *s != '\0'; s++)
+	    {
+	      char c = *s;
+	      if (c == '"')
+		{
+		  unsigned int j;
+		  for (j = backslashes + 1; j > 0; j--)
+		    *p++ = '\\';
+		}
+	      *p++ = c;
+	      if (c == '\\')
+		backslashes++;
+	      else
+		backslashes = 0;
+	    }
+	  if (quote_around)
+	    {
+	      unsigned int j;
+	      for (j = backslashes; j > 0; j--)
+		*p++ = '\\';
+	      *p++ = '"';
+	    }
+	  *p = '\0';
+
+	  new_argv[i] = quoted_string;
+	}
+      else
+	new_argv[i] = (char *) string;
+    }
+  new_argv[argc] = NULL;
+
+  return new_argv;
+}
+EOF
+		;;
+	    esac
+
+            cat <<"EOF"
+void lt_dump_script (FILE* f)
+{
+EOF
+	    func_emit_wrapper yes |
+	      $SED -n -e '
+s/^\(.\{79\}\)\(..*\)/\1\
+\2/
+h
+s/\([\\"]\)/\\\1/g
+s/$/\\n/
+s/\([^\n]*\).*/  fputs ("\1", f);/p
+g
+D'
+            cat <<"EOF"
+}
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_win32_import_lib_p ARG
+# True if ARG is an import lib, as indicated by $file_magic_cmd
+func_win32_import_lib_p ()
+{
+    $debug_cmd
+
+    case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in
+    *import*) : ;;
+    *) false ;;
+    esac
+}
+
+# func_suncc_cstd_abi
+# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!!
+# Several compiler flags select an ABI that is incompatible with the
+# Cstd library. Avoid specifying it if any are in CXXFLAGS.
+func_suncc_cstd_abi ()
+{
+    $debug_cmd
+
+    case " $compile_command " in
+    *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*)
+      suncc_use_cstd_abi=no
+      ;;
+    *)
+      suncc_use_cstd_abi=yes
+      ;;
+    esac
+}
+
+# func_mode_link arg...
+func_mode_link ()
+{
+    $debug_cmd
+
+    case $host in
+    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+      # It is impossible to link a dll without this setting, and
+      # we shouldn't force the makefile maintainer to figure out
+      # what system we are compiling for in order to pass an extra
+      # flag for every libtool invocation.
+      # allow_undefined=no
+
+      # FIXME: Unfortunately, there are problems with the above when trying
+      # to make a dll that has undefined symbols, in which case not
+      # even a static library is built.  For now, we need to specify
+      # -no-undefined on the libtool link line when we can be certain
+      # that all symbols are satisfied, otherwise we get a static library.
+      allow_undefined=yes
+      ;;
+    *)
+      allow_undefined=yes
+      ;;
+    esac
+    libtool_args=$nonopt
+    base_compile="$nonopt $@"
+    compile_command=$nonopt
+    finalize_command=$nonopt
+
+    compile_rpath=
+    finalize_rpath=
+    compile_shlibpath=
+    finalize_shlibpath=
+    convenience=
+    old_convenience=
+    deplibs=
+    old_deplibs=
+    compiler_flags=
+    linker_flags=
+    dllsearchpath=
+    lib_search_path=`pwd`
+    inst_prefix_dir=
+    new_inherited_linker_flags=
+
+    avoid_version=no
+    bindir=
+    dlfiles=
+    dlprefiles=
+    dlself=no
+    export_dynamic=no
+    export_symbols=
+    export_symbols_regex=
+    generated=
+    libobjs=
+    ltlibs=
+    module=no
+    no_install=no
+    objs=
+    os2dllname=
+    non_pic_objects=
+    precious_files_regex=
+    prefer_static_libs=no
+    preload=false
+    prev=
+    prevarg=
+    release=
+    rpath=
+    xrpath=
+    perm_rpath=
+    temp_rpath=
+    thread_safe=no
+    vinfo=
+    vinfo_number=no
+    weak_libs=
+    single_module=$wl-single_module
+    func_infer_tag $base_compile
+
+    # We need to know -static, to get the right output filenames.
+    for arg
+    do
+      case $arg in
+      -shared)
+	test yes != "$build_libtool_libs" \
+	  && func_fatal_configuration "cannot build a shared library"
+	build_old_libs=no
+	break
+	;;
+      -all-static | -static | -static-libtool-libs)
+	case $arg in
+	-all-static)
+	  if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then
+	    func_warning "complete static linking is impossible in this configuration"
+	  fi
+	  if test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	-static)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=built
+	  ;;
+	-static-libtool-libs)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	esac
+	build_libtool_libs=no
+	build_old_libs=yes
+	break
+	;;
+      esac
+    done
+
+    # See if our shared archives depend on static archives.
+    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+    # Go through the arguments, transforming them on the way.
+    while test "$#" -gt 0; do
+      arg=$1
+      shift
+      func_quote_for_eval "$arg"
+      qarg=$func_quote_for_eval_unquoted_result
+      func_append libtool_args " $func_quote_for_eval_result"
+
+      # If the previous option needs an argument, assign it.
+      if test -n "$prev"; then
+	case $prev in
+	output)
+	  func_append compile_command " @OUTPUT@"
+	  func_append finalize_command " @OUTPUT@"
+	  ;;
+	esac
+
+	case $prev in
+	bindir)
+	  bindir=$arg
+	  prev=
+	  continue
+	  ;;
+	dlfiles|dlprefiles)
+	  $preload || {
+	    # Add the symbol object into the linking commands.
+	    func_append compile_command " @SYMFILE@"
+	    func_append finalize_command " @SYMFILE@"
+	    preload=:
+	  }
+	  case $arg in
+	  *.la | *.lo) ;;  # We handle these cases below.
+	  force)
+	    if test no = "$dlself"; then
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  self)
+	    if test dlprefiles = "$prev"; then
+	      dlself=yes
+	    elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then
+	      dlself=yes
+	    else
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  *)
+	    if test dlfiles = "$prev"; then
+	      func_append dlfiles " $arg"
+	    else
+	      func_append dlprefiles " $arg"
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  esac
+	  ;;
+	expsyms)
+	  export_symbols=$arg
+	  test -f "$arg" \
+	    || func_fatal_error "symbol file '$arg' does not exist"
+	  prev=
+	  continue
+	  ;;
+	expsyms_regex)
+	  export_symbols_regex=$arg
+	  prev=
+	  continue
+	  ;;
+	framework)
+	  case $host in
+	    *-*-darwin*)
+	      case "$deplibs " in
+		*" $qarg.ltframework "*) ;;
+		*) func_append deplibs " $qarg.ltframework" # this is fixed later
+		   ;;
+	      esac
+	      ;;
+	  esac
+	  prev=
+	  continue
+	  ;;
+	inst_prefix)
+	  inst_prefix_dir=$arg
+	  prev=
+	  continue
+	  ;;
+	mllvm)
+	  # Clang does not use LLVM to link, so we can simply discard any
+	  # '-mllvm $arg' options when doing the link step.
+	  prev=
+	  continue
+	  ;;
+	objectlist)
+	  if test -f "$arg"; then
+	    save_arg=$arg
+	    moreargs=
+	    for fil in `cat "$save_arg"`
+	    do
+#	      func_append moreargs " $fil"
+	      arg=$fil
+	      # A libtool-controlled object.
+
+	      # Check to see that this really is a libtool object.
+	      if func_lalib_unsafe_p "$arg"; then
+		pic_object=
+		non_pic_object=
+
+		# Read the .lo file
+		func_source "$arg"
+
+		if test -z "$pic_object" ||
+		   test -z "$non_pic_object" ||
+		   test none = "$pic_object" &&
+		   test none = "$non_pic_object"; then
+		  func_fatal_error "cannot find name of object for '$arg'"
+		fi
+
+		# Extract subdirectory from the argument.
+		func_dirname "$arg" "/" ""
+		xdir=$func_dirname_result
+
+		if test none != "$pic_object"; then
+		  # Prepend the subdirectory the object is found in.
+		  pic_object=$xdir$pic_object
+
+		  if test dlfiles = "$prev"; then
+		    if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
+		      func_append dlfiles " $pic_object"
+		      prev=
+		      continue
+		    else
+		      # If libtool objects are unsupported, then we need to preload.
+		      prev=dlprefiles
+		    fi
+		  fi
+
+		  # CHECK ME:  I think I busted this.  -Ossama
+		  if test dlprefiles = "$prev"; then
+		    # Preload the old-style object.
+		    func_append dlprefiles " $pic_object"
+		    prev=
+		  fi
+
+		  # A PIC object.
+		  func_append libobjs " $pic_object"
+		  arg=$pic_object
+		fi
+
+		# Non-PIC object.
+		if test none != "$non_pic_object"; then
+		  # Prepend the subdirectory the object is found in.
+		  non_pic_object=$xdir$non_pic_object
+
+		  # A standard non-PIC object
+		  func_append non_pic_objects " $non_pic_object"
+		  if test -z "$pic_object" || test none = "$pic_object"; then
+		    arg=$non_pic_object
+		  fi
+		else
+		  # If the PIC object exists, use it instead.
+		  # $xdir was prepended to $pic_object above.
+		  non_pic_object=$pic_object
+		  func_append non_pic_objects " $non_pic_object"
+		fi
+	      else
+		# Only an error if not doing a dry-run.
+		if $opt_dry_run; then
+		  # Extract subdirectory from the argument.
+		  func_dirname "$arg" "/" ""
+		  xdir=$func_dirname_result
+
+		  func_lo2o "$arg"
+		  pic_object=$xdir$objdir/$func_lo2o_result
+		  non_pic_object=$xdir$func_lo2o_result
+		  func_append libobjs " $pic_object"
+		  func_append non_pic_objects " $non_pic_object"
+	        else
+		  func_fatal_error "'$arg' is not a valid libtool object"
+		fi
+	      fi
+	    done
+	  else
+	    func_fatal_error "link input file '$arg' does not exist"
+	  fi
+	  arg=$save_arg
+	  prev=
+	  continue
+	  ;;
+	os2dllname)
+	  os2dllname=$arg
+	  prev=
+	  continue
+	  ;;
+	precious_regex)
+	  precious_files_regex=$arg
+	  prev=
+	  continue
+	  ;;
+	release)
+	  release=-$arg
+	  prev=
+	  continue
+	  ;;
+	rpath | xrpath)
+	  # We need an absolute path.
+	  case $arg in
+	  [\\/]* | [A-Za-z]:[\\/]*) ;;
+	  *)
+	    func_fatal_error "only absolute run-paths are allowed"
+	    ;;
+	  esac
+	  if test rpath = "$prev"; then
+	    case "$rpath " in
+	    *" $arg "*) ;;
+	    *) func_append rpath " $arg" ;;
+	    esac
+	  else
+	    case "$xrpath " in
+	    *" $arg "*) ;;
+	    *) func_append xrpath " $arg" ;;
+	    esac
+	  fi
+	  prev=
+	  continue
+	  ;;
+	shrext)
+	  shrext_cmds=$arg
+	  prev=
+	  continue
+	  ;;
+	weak)
+	  func_append weak_libs " $arg"
+	  prev=
+	  continue
+	  ;;
+	xcclinker)
+	  func_append linker_flags " $qarg"
+	  func_append compiler_flags " $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xcompiler)
+	  func_append compiler_flags " $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xlinker)
+	  func_append linker_flags " $qarg"
+	  func_append compiler_flags " $wl$qarg"
+	  prev=
+	  func_append compile_command " $wl$qarg"
+	  func_append finalize_command " $wl$qarg"
+	  continue
+	  ;;
+	*)
+	  eval "$prev=\"\$arg\""
+	  prev=
+	  continue
+	  ;;
+	esac
+      fi # test -n "$prev"
+
+      prevarg=$arg
+
+      case $arg in
+      -all-static)
+	if test -n "$link_static_flag"; then
+	  # See comment for -static flag below, for more details.
+	  func_append compile_command " $link_static_flag"
+	  func_append finalize_command " $link_static_flag"
+	fi
+	continue
+	;;
+
+      -allow-undefined)
+	# FIXME: remove this flag sometime in the future.
+	func_fatal_error "'-allow-undefined' must not be used because it is the default"
+	;;
+
+      -avoid-version)
+	avoid_version=yes
+	continue
+	;;
+
+      -bindir)
+	prev=bindir
+	continue
+	;;
+
+      -dlopen)
+	prev=dlfiles
+	continue
+	;;
+
+      -dlpreopen)
+	prev=dlprefiles
+	continue
+	;;
+
+      -export-dynamic)
+	export_dynamic=yes
+	continue
+	;;
+
+      -export-symbols | -export-symbols-regex)
+	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+	  func_fatal_error "more than one -exported-symbols argument is not allowed"
+	fi
+	if test X-export-symbols = "X$arg"; then
+	  prev=expsyms
+	else
+	  prev=expsyms_regex
+	fi
+	continue
+	;;
+
+      -framework)
+	prev=framework
+	continue
+	;;
+
+      -inst-prefix-dir)
+	prev=inst_prefix
+	continue
+	;;
+
+      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+      # so, if we see these flags be careful not to treat them like -L
+      -L[A-Z][A-Z]*:*)
+	case $with_gcc/$host in
+	no/*-*-irix* | /*-*-irix*)
+	  func_append compile_command " $arg"
+	  func_append finalize_command " $arg"
+	  ;;
+	esac
+	continue
+	;;
+
+      -L*)
+	func_stripname "-L" '' "$arg"
+	if test -z "$func_stripname_result"; then
+	  if test "$#" -gt 0; then
+	    func_fatal_error "require no space between '-L' and '$1'"
+	  else
+	    func_fatal_error "need path for '-L' option"
+	  fi
+	fi
+	func_resolve_sysroot "$func_stripname_result"
+	dir=$func_resolve_sysroot_result
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  absdir=`cd "$dir" && pwd`
+	  test -z "$absdir" && \
+	    func_fatal_error "cannot determine absolute directory name of '$dir'"
+	  dir=$absdir
+	  ;;
+	esac
+	case "$deplibs " in
+	*" -L$dir "* | *" $arg "*)
+	  # Will only happen for absolute or sysroot arguments
+	  ;;
+	*)
+	  # Preserve sysroot, but never include relative directories
+	  case $dir in
+	    [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;;
+	    *) func_append deplibs " -L$dir" ;;
+	  esac
+	  func_append lib_search_path " $dir"
+	  ;;
+	esac
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$dir:"*) ;;
+	  ::) dllsearchpath=$dir;;
+	  *) func_append dllsearchpath ":$dir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) func_append dllsearchpath ":$testbindir";;
+	  esac
+	  ;;
+	esac
+	continue
+	;;
+
+      -l*)
+	if test X-lc = "X$arg" || test X-lm = "X$arg"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*)
+	    # These systems don't actually have a C or math library (as such)
+	    continue
+	    ;;
+	  *-*-os2*)
+	    # These systems don't actually have a C library (as such)
+	    test X-lc = "X$arg" && continue
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	    # Do not include libc due to us having libc/libc_r.
+	    test X-lc = "X$arg" && continue
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C and math libraries are in the System framework
+	    func_append deplibs " System.ltframework"
+	    continue
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    test X-lc = "X$arg" && continue
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    test X-lc = "X$arg" && continue
+	    ;;
+	  esac
+	elif test X-lc_r = "X$arg"; then
+	 case $host in
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*)
+	   # Do not include libc_r directly, use -pthread flag.
+	   continue
+	   ;;
+	 esac
+	fi
+	func_append deplibs " $arg"
+	continue
+	;;
+
+      -mllvm)
+	prev=mllvm
+	continue
+	;;
+
+      -module)
+	module=yes
+	continue
+	;;
+
+      # Tru64 UNIX uses -model [arg] to determine the layout of C++
+      # classes, name mangling, and exception handling.
+      # Darwin uses the -arch flag to determine output architecture.
+      -model|-arch|-isysroot|--sysroot)
+	func_append compiler_flags " $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	prev=xcompiler
+	continue
+	;;
+
+      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+      |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
+	func_append compiler_flags " $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	case "$new_inherited_linker_flags " in
+	    *" $arg "*) ;;
+	    * ) func_append new_inherited_linker_flags " $arg" ;;
+	esac
+	continue
+	;;
+
+      -multi_module)
+	single_module=$wl-multi_module
+	continue
+	;;
+
+      -no-fast-install)
+	fast_install=no
+	continue
+	;;
+
+      -no-install)
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+	  # The PATH hackery in wrapper scripts is required on Windows
+	  # and Darwin in order for the loader to find any dlls it needs.
+	  func_warning "'-no-install' is ignored for $host"
+	  func_warning "assuming '-no-fast-install' instead"
+	  fast_install=no
+	  ;;
+	*) no_install=yes ;;
+	esac
+	continue
+	;;
+
+      -no-undefined)
+	allow_undefined=no
+	continue
+	;;
+
+      -objectlist)
+	prev=objectlist
+	continue
+	;;
+
+      -os2dllname)
+	prev=os2dllname
+	continue
+	;;
+
+      -o) prev=output ;;
+
+      -precious-files-regex)
+	prev=precious_regex
+	continue
+	;;
+
+      -release)
+	prev=release
+	continue
+	;;
+
+      -rpath)
+	prev=rpath
+	continue
+	;;
+
+      -R)
+	prev=xrpath
+	continue
+	;;
+
+      -R*)
+	func_stripname '-R' '' "$arg"
+	dir=$func_stripname_result
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	=*)
+	  func_stripname '=' '' "$dir"
+	  dir=$lt_sysroot$func_stripname_result
+	  ;;
+	*)
+	  func_fatal_error "only absolute run-paths are allowed"
+	  ;;
+	esac
+	case "$xrpath " in
+	*" $dir "*) ;;
+	*) func_append xrpath " $dir" ;;
+	esac
+	continue
+	;;
+
+      -shared)
+	# The effects of -shared are defined in a previous loop.
+	continue
+	;;
+
+      -shrext)
+	prev=shrext
+	continue
+	;;
+
+      -static | -static-libtool-libs)
+	# The effects of -static are defined in a previous loop.
+	# We used to do the same as -all-static on platforms that
+	# didn't have a PIC flag, but the assumption that the effects
+	# would be equivalent was wrong.  It would break on at least
+	# Digital Unix and AIX.
+	continue
+	;;
+
+      -thread-safe)
+	thread_safe=yes
+	continue
+	;;
+
+      -version-info)
+	prev=vinfo
+	continue
+	;;
+
+      -version-number)
+	prev=vinfo
+	vinfo_number=yes
+	continue
+	;;
+
+      -weak)
+        prev=weak
+	continue
+	;;
+
+      -Wc,*)
+	func_stripname '-Wc,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs=$IFS; IFS=,
+	for flag in $args; do
+	  IFS=$save_ifs
+          func_quote_for_eval "$flag"
+	  func_append arg " $func_quote_for_eval_result"
+	  func_append compiler_flags " $func_quote_for_eval_result"
+	done
+	IFS=$save_ifs
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Wl,*)
+	func_stripname '-Wl,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs=$IFS; IFS=,
+	for flag in $args; do
+	  IFS=$save_ifs
+          func_quote_for_eval "$flag"
+	  func_append arg " $wl$func_quote_for_eval_result"
+	  func_append compiler_flags " $wl$func_quote_for_eval_result"
+	  func_append linker_flags " $func_quote_for_eval_result"
+	done
+	IFS=$save_ifs
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Xcompiler)
+	prev=xcompiler
+	continue
+	;;
+
+      -Xlinker)
+	prev=xlinker
+	continue
+	;;
+
+      -XCClinker)
+	prev=xcclinker
+	continue
+	;;
+
+      # -msg_* for osf cc
+      -msg_*)
+	func_quote_for_eval "$arg"
+	arg=$func_quote_for_eval_result
+	;;
+
+      # Flags to be passed through unchanged, with rationale:
+      # -64, -mips[0-9]      enable 64-bit mode for the SGI compiler
+      # -r[0-9][0-9]*        specify processor for the SGI compiler
+      # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler
+      # +DA*, +DD*           enable 64-bit mode for the HP compiler
+      # -q*                  compiler args for the IBM compiler
+      # -m*, -t[45]*, -txscale* architecture-specific flags for GCC
+      # -F/path              path to uninstalled frameworks, gcc on darwin
+      # -p, -pg, --coverage, -fprofile-*  profiling flags for GCC
+      # -fstack-protector*   stack protector flags for GCC
+      # @file                GCC response files
+      # -tp=*                Portland pgcc target processor selection
+      # --sysroot=*          for sysroot support
+      # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
+      # -stdlib=*            select c++ std lib with clang
+      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+      -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
+      -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*)
+        func_quote_for_eval "$arg"
+	arg=$func_quote_for_eval_result
+        func_append compile_command " $arg"
+        func_append finalize_command " $arg"
+        func_append compiler_flags " $arg"
+        continue
+        ;;
+
+      -Z*)
+        if test os2 = "`expr $host : '.*\(os2\)'`"; then
+          # OS/2 uses -Zxxx to specify OS/2-specific options
+	  compiler_flags="$compiler_flags $arg"
+	  func_append compile_command " $arg"
+	  func_append finalize_command " $arg"
+	  case $arg in
+	  -Zlinker | -Zstack)
+	    prev=xcompiler
+	    ;;
+	  esac
+	  continue
+        else
+	  # Otherwise treat like 'Some other compiler flag' below
+	  func_quote_for_eval "$arg"
+	  arg=$func_quote_for_eval_result
+        fi
+	;;
+
+      # Some other compiler flag.
+      -* | +*)
+        func_quote_for_eval "$arg"
+	arg=$func_quote_for_eval_result
+	;;
+
+      *.$objext)
+	# A standard object.
+	func_append objs " $arg"
+	;;
+
+      *.lo)
+	# A libtool-controlled object.
+
+	# Check to see that this really is a libtool object.
+	if func_lalib_unsafe_p "$arg"; then
+	  pic_object=
+	  non_pic_object=
+
+	  # Read the .lo file
+	  func_source "$arg"
+
+	  if test -z "$pic_object" ||
+	     test -z "$non_pic_object" ||
+	     test none = "$pic_object" &&
+	     test none = "$non_pic_object"; then
+	    func_fatal_error "cannot find name of object for '$arg'"
+	  fi
+
+	  # Extract subdirectory from the argument.
+	  func_dirname "$arg" "/" ""
+	  xdir=$func_dirname_result
+
+	  test none = "$pic_object" || {
+	    # Prepend the subdirectory the object is found in.
+	    pic_object=$xdir$pic_object
+
+	    if test dlfiles = "$prev"; then
+	      if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then
+		func_append dlfiles " $pic_object"
+		prev=
+		continue
+	      else
+		# If libtool objects are unsupported, then we need to preload.
+		prev=dlprefiles
+	      fi
+	    fi
+
+	    # CHECK ME:  I think I busted this.  -Ossama
+	    if test dlprefiles = "$prev"; then
+	      # Preload the old-style object.
+	      func_append dlprefiles " $pic_object"
+	      prev=
+	    fi
+
+	    # A PIC object.
+	    func_append libobjs " $pic_object"
+	    arg=$pic_object
+	  }
+
+	  # Non-PIC object.
+	  if test none != "$non_pic_object"; then
+	    # Prepend the subdirectory the object is found in.
+	    non_pic_object=$xdir$non_pic_object
+
+	    # A standard non-PIC object
+	    func_append non_pic_objects " $non_pic_object"
+	    if test -z "$pic_object" || test none = "$pic_object"; then
+	      arg=$non_pic_object
+	    fi
+	  else
+	    # If the PIC object exists, use it instead.
+	    # $xdir was prepended to $pic_object above.
+	    non_pic_object=$pic_object
+	    func_append non_pic_objects " $non_pic_object"
+	  fi
+	else
+	  # Only an error if not doing a dry-run.
+	  if $opt_dry_run; then
+	    # Extract subdirectory from the argument.
+	    func_dirname "$arg" "/" ""
+	    xdir=$func_dirname_result
+
+	    func_lo2o "$arg"
+	    pic_object=$xdir$objdir/$func_lo2o_result
+	    non_pic_object=$xdir$func_lo2o_result
+	    func_append libobjs " $pic_object"
+	    func_append non_pic_objects " $non_pic_object"
+	  else
+	    func_fatal_error "'$arg' is not a valid libtool object"
+	  fi
+	fi
+	;;
+
+      *.$libext)
+	# An archive.
+	func_append deplibs " $arg"
+	func_append old_deplibs " $arg"
+	continue
+	;;
+
+      *.la)
+	# A libtool-controlled library.
+
+	func_resolve_sysroot "$arg"
+	if test dlfiles = "$prev"; then
+	  # This library was specified with -dlopen.
+	  func_append dlfiles " $func_resolve_sysroot_result"
+	  prev=
+	elif test dlprefiles = "$prev"; then
+	  # The library was specified with -dlpreopen.
+	  func_append dlprefiles " $func_resolve_sysroot_result"
+	  prev=
+	else
+	  func_append deplibs " $func_resolve_sysroot_result"
+	fi
+	continue
+	;;
+
+      # Some other compiler argument.
+      *)
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	func_quote_for_eval "$arg"
+	arg=$func_quote_for_eval_result
+	;;
+      esac # arg
+
+      # Now actually substitute the argument into the commands.
+      if test -n "$arg"; then
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+      fi
+    done # argument parsing loop
+
+    test -n "$prev" && \
+      func_fatal_help "the '$prevarg' option requires an argument"
+
+    if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then
+      eval arg=\"$export_dynamic_flag_spec\"
+      func_append compile_command " $arg"
+      func_append finalize_command " $arg"
+    fi
+
+    oldlibs=
+    # calculate the name of the file, without its directory
+    func_basename "$output"
+    outputname=$func_basename_result
+    libobjs_save=$libobjs
+
+    if test -n "$shlibpath_var"; then
+      # get the directories listed in $shlibpath_var
+      eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\`
+    else
+      shlib_search_path=
+    fi
+    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+    # Definition is injected by LT_CONFIG during libtool generation.
+    func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH"
+
+    func_dirname "$output" "/" ""
+    output_objdir=$func_dirname_result$objdir
+    func_to_tool_file "$output_objdir/"
+    tool_output_objdir=$func_to_tool_file_result
+    # Create the object directory.
+    func_mkdir_p "$output_objdir"
+
+    # Determine the type of output
+    case $output in
+    "")
+      func_fatal_help "you must specify an output file"
+      ;;
+    *.$libext) linkmode=oldlib ;;
+    *.lo | *.$objext) linkmode=obj ;;
+    *.la) linkmode=lib ;;
+    *) linkmode=prog ;; # Anything else should be a program.
+    esac
+
+    specialdeplibs=
+
+    libs=
+    # Find all interdependent deplibs by searching for libraries
+    # that are linked more than once (e.g. -la -lb -la)
+    for deplib in $deplibs; do
+      if $opt_preserve_dup_deps; then
+	case "$libs " in
+	*" $deplib "*) func_append specialdeplibs " $deplib" ;;
+	esac
+      fi
+      func_append libs " $deplib"
+    done
+
+    if test lib = "$linkmode"; then
+      libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+      # Compute libraries that are listed more than once in $predeps
+      # $postdeps and mark them as special (i.e., whose duplicates are
+      # not to be eliminated).
+      pre_post_deps=
+      if $opt_duplicate_compiler_generated_deps; then
+	for pre_post_dep in $predeps $postdeps; do
+	  case "$pre_post_deps " in
+	  *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;;
+	  esac
+	  func_append pre_post_deps " $pre_post_dep"
+	done
+      fi
+      pre_post_deps=
+    fi
+
+    deplibs=
+    newdependency_libs=
+    newlib_search_path=
+    need_relink=no # whether we're linking any uninstalled libtool libraries
+    notinst_deplibs= # not-installed libtool libraries
+    notinst_path= # paths that contain not-installed libtool libraries
+
+    case $linkmode in
+    lib)
+	passes="conv dlpreopen link"
+	for file in $dlfiles $dlprefiles; do
+	  case $file in
+	  *.la) ;;
+	  *)
+	    func_fatal_help "libraries can '-dlopen' only libtool libraries: $file"
+	    ;;
+	  esac
+	done
+	;;
+    prog)
+	compile_deplibs=
+	finalize_deplibs=
+	alldeplibs=false
+	newdlfiles=
+	newdlprefiles=
+	passes="conv scan dlopen dlpreopen link"
+	;;
+    *)  passes="conv"
+	;;
+    esac
+
+    for pass in $passes; do
+      # The preopen pass in lib mode reverses $deplibs; put it back here
+      # so that -L comes before libs that need it for instance...
+      if test lib,link = "$linkmode,$pass"; then
+	## FIXME: Find the place where the list is rebuilt in the wrong
+	##        order, and fix it there properly
+        tmp_deplibs=
+	for deplib in $deplibs; do
+	  tmp_deplibs="$deplib $tmp_deplibs"
+	done
+	deplibs=$tmp_deplibs
+      fi
+
+      if test lib,link = "$linkmode,$pass" ||
+	 test prog,scan = "$linkmode,$pass"; then
+	libs=$deplibs
+	deplibs=
+      fi
+      if test prog = "$linkmode"; then
+	case $pass in
+	dlopen) libs=$dlfiles ;;
+	dlpreopen) libs=$dlprefiles ;;
+	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+	esac
+      fi
+      if test lib,dlpreopen = "$linkmode,$pass"; then
+	# Collect and forward deplibs of preopened libtool libs
+	for lib in $dlprefiles; do
+	  # Ignore non-libtool-libs
+	  dependency_libs=
+	  func_resolve_sysroot "$lib"
+	  case $lib in
+	  *.la)	func_source "$func_resolve_sysroot_result" ;;
+	  esac
+
+	  # Collect preopened libtool deplibs, except any this library
+	  # has declared as weak libs
+	  for deplib in $dependency_libs; do
+	    func_basename "$deplib"
+            deplib_base=$func_basename_result
+	    case " $weak_libs " in
+	    *" $deplib_base "*) ;;
+	    *) func_append deplibs " $deplib" ;;
+	    esac
+	  done
+	done
+	libs=$dlprefiles
+      fi
+      if test dlopen = "$pass"; then
+	# Collect dlpreopened libraries
+	save_deplibs=$deplibs
+	deplibs=
+      fi
+
+      for deplib in $libs; do
+	lib=
+	found=false
+	case $deplib in
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \
+        |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*)
+	  if test prog,link = "$linkmode,$pass"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    func_append compiler_flags " $deplib"
+	    if test lib = "$linkmode"; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) func_append new_inherited_linker_flags " $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-l*)
+	  if test lib != "$linkmode" && test prog != "$linkmode"; then
+	    func_warning "'-l' is ignored for archives/objects"
+	    continue
+	  fi
+	  func_stripname '-l' '' "$deplib"
+	  name=$func_stripname_result
+	  if test lib = "$linkmode"; then
+	    searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+	  else
+	    searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+	  fi
+	  for searchdir in $searchdirs; do
+	    for search_ext in .la $std_shrext .so .a; do
+	      # Search the libtool library
+	      lib=$searchdir/lib$name$search_ext
+	      if test -f "$lib"; then
+		if test .la = "$search_ext"; then
+		  found=:
+		else
+		  found=false
+		fi
+		break 2
+	      fi
+	    done
+	  done
+	  if $found; then
+	    # deplib is a libtool library
+	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+	    # We need to do some special things here, and not later.
+	    if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+	      case " $predeps $postdeps " in
+	      *" $deplib "*)
+		if func_lalib_p "$lib"; then
+		  library_names=
+		  old_library=
+		  func_source "$lib"
+		  for l in $old_library $library_names; do
+		    ll=$l
+		  done
+		  if test "X$ll" = "X$old_library"; then # only static version available
+		    found=false
+		    func_dirname "$lib" "" "."
+		    ladir=$func_dirname_result
+		    lib=$ladir/$old_library
+		    if test prog,link = "$linkmode,$pass"; then
+		      compile_deplibs="$deplib $compile_deplibs"
+		      finalize_deplibs="$deplib $finalize_deplibs"
+		    else
+		      deplibs="$deplib $deplibs"
+		      test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
+		    fi
+		    continue
+		  fi
+		fi
+		;;
+	      *) ;;
+	      esac
+	    fi
+	  else
+	    # deplib doesn't seem to be a libtool library
+	    if test prog,link = "$linkmode,$pass"; then
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      deplibs="$deplib $deplibs"
+	      test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    continue
+	  fi
+	  ;; # -l
+	*.ltframework)
+	  if test prog,link = "$linkmode,$pass"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    deplibs="$deplib $deplibs"
+	    if test lib = "$linkmode"; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) func_append new_inherited_linker_flags " $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-L*)
+	  case $linkmode in
+	  lib)
+	    deplibs="$deplib $deplibs"
+	    test conv = "$pass" && continue
+	    newdependency_libs="$deplib $newdependency_libs"
+	    func_stripname '-L' '' "$deplib"
+	    func_resolve_sysroot "$func_stripname_result"
+	    func_append newlib_search_path " $func_resolve_sysroot_result"
+	    ;;
+	  prog)
+	    if test conv = "$pass"; then
+	      deplibs="$deplib $deplibs"
+	      continue
+	    fi
+	    if test scan = "$pass"; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    func_stripname '-L' '' "$deplib"
+	    func_resolve_sysroot "$func_stripname_result"
+	    func_append newlib_search_path " $func_resolve_sysroot_result"
+	    ;;
+	  *)
+	    func_warning "'-L' is ignored for archives/objects"
+	    ;;
+	  esac # linkmode
+	  continue
+	  ;; # -L
+	-R*)
+	  if test link = "$pass"; then
+	    func_stripname '-R' '' "$deplib"
+	    func_resolve_sysroot "$func_stripname_result"
+	    dir=$func_resolve_sysroot_result
+	    # Make sure the xrpath contains only unique directories.
+	    case "$xrpath " in
+	    *" $dir "*) ;;
+	    *) func_append xrpath " $dir" ;;
+	    esac
+	  fi
+	  deplibs="$deplib $deplibs"
+	  continue
+	  ;;
+	*.la)
+	  func_resolve_sysroot "$deplib"
+	  lib=$func_resolve_sysroot_result
+	  ;;
+	*.$libext)
+	  if test conv = "$pass"; then
+	    deplibs="$deplib $deplibs"
+	    continue
+	  fi
+	  case $linkmode in
+	  lib)
+	    # Linking convenience modules into shared libraries is allowed,
+	    # but linking other static libraries is non-portable.
+	    case " $dlpreconveniencelibs " in
+	    *" $deplib "*) ;;
+	    *)
+	      valid_a_lib=false
+	      case $deplibs_check_method in
+		match_pattern*)
+		  set dummy $deplibs_check_method; shift
+		  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+		  if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \
+		    | $EGREP "$match_pattern_regex" > /dev/null; then
+		    valid_a_lib=:
+		  fi
+		;;
+		pass_all)
+		  valid_a_lib=:
+		;;
+	      esac
+	      if $valid_a_lib; then
+		echo
+		$ECHO "*** Warning: Linking the shared library $output against the"
+		$ECHO "*** static library $deplib is not portable!"
+		deplibs="$deplib $deplibs"
+	      else
+		echo
+		$ECHO "*** Warning: Trying to link with static lib archive $deplib."
+		echo "*** I have the capability to make that library automatically link in when"
+		echo "*** you link to this library.  But I can only do this if you have a"
+		echo "*** shared version of the library, which you do not appear to have"
+		echo "*** because the file extensions .$libext of this argument makes me believe"
+		echo "*** that it is just a static archive that I should not use here."
+	      fi
+	      ;;
+	    esac
+	    continue
+	    ;;
+	  prog)
+	    if test link != "$pass"; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    continue
+	    ;;
+	  esac # linkmode
+	  ;; # *.$libext
+	*.lo | *.$objext)
+	  if test conv = "$pass"; then
+	    deplibs="$deplib $deplibs"
+	  elif test prog = "$linkmode"; then
+	    if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then
+	      # If there is no dlopen support or we're linking statically,
+	      # we need to preload.
+	      func_append newdlprefiles " $deplib"
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      func_append newdlfiles " $deplib"
+	    fi
+	  fi
+	  continue
+	  ;;
+	%DEPLIBS%)
+	  alldeplibs=:
+	  continue
+	  ;;
+	esac # case $deplib
+
+	$found || test -f "$lib" \
+	  || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'"
+
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$lib" \
+	  || func_fatal_error "'$lib' is not a valid libtool archive"
+
+	func_dirname "$lib" "" "."
+	ladir=$func_dirname_result
+
+	dlname=
+	dlopen=
+	dlpreopen=
+	libdir=
+	library_names=
+	old_library=
+	inherited_linker_flags=
+	# If the library was installed with an old release of libtool,
+	# it will not redefine variables installed, or shouldnotlink
+	installed=yes
+	shouldnotlink=no
+	avoidtemprpath=
+
+
+	# Read the .la file
+	func_source "$lib"
+
+	# Convert "-framework foo" to "foo.ltframework"
+	if test -n "$inherited_linker_flags"; then
+	  tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'`
+	  for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+	    case " $new_inherited_linker_flags " in
+	      *" $tmp_inherited_linker_flag "*) ;;
+	      *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";;
+	    esac
+	  done
+	fi
+	dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	if test lib,link = "$linkmode,$pass" ||
+	   test prog,scan = "$linkmode,$pass" ||
+	   { test prog != "$linkmode" && test lib != "$linkmode"; }; then
+	  test -n "$dlopen" && func_append dlfiles " $dlopen"
+	  test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen"
+	fi
+
+	if test conv = "$pass"; then
+	  # Only check for convenience libraries
+	  deplibs="$lib $deplibs"
+	  if test -z "$libdir"; then
+	    if test -z "$old_library"; then
+	      func_fatal_error "cannot find name of link library for '$lib'"
+	    fi
+	    # It is a libtool convenience library, so add in its objects.
+	    func_append convenience " $ladir/$objdir/$old_library"
+	    func_append old_convenience " $ladir/$objdir/$old_library"
+	  elif test prog != "$linkmode" && test lib != "$linkmode"; then
+	    func_fatal_error "'$lib' is not a convenience library"
+	  fi
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    deplibs="$deplib $deplibs"
+	    if $opt_preserve_dup_deps; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) func_append specialdeplibs " $deplib" ;;
+	      esac
+	    fi
+	    func_append tmp_libs " $deplib"
+	  done
+	  continue
+	fi # $pass = conv
+
+
+	# Get the name of the library we link against.
+	linklib=
+	if test -n "$old_library" &&
+	   { test yes = "$prefer_static_libs" ||
+	     test built,no = "$prefer_static_libs,$installed"; }; then
+	  linklib=$old_library
+	else
+	  for l in $old_library $library_names; do
+	    linklib=$l
+	  done
+	fi
+	if test -z "$linklib"; then
+	  func_fatal_error "cannot find name of link library for '$lib'"
+	fi
+
+	# This library was specified with -dlopen.
+	if test dlopen = "$pass"; then
+	  test -z "$libdir" \
+	    && func_fatal_error "cannot -dlopen a convenience library: '$lib'"
+	  if test -z "$dlname" ||
+	     test yes != "$dlopen_support" ||
+	     test no = "$build_libtool_libs"
+	  then
+	    # If there is no dlname, no dlopen support or we're linking
+	    # statically, we need to preload.  We also need to preload any
+	    # dependent libraries so libltdl's deplib preloader doesn't
+	    # bomb out in the load deplibs phase.
+	    func_append dlprefiles " $lib $dependency_libs"
+	  else
+	    func_append newdlfiles " $lib"
+	  fi
+	  continue
+	fi # $pass = dlopen
+
+	# We need an absolute path.
+	case $ladir in
+	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;;
+	*)
+	  abs_ladir=`cd "$ladir" && pwd`
+	  if test -z "$abs_ladir"; then
+	    func_warning "cannot determine absolute directory name of '$ladir'"
+	    func_warning "passing it literally to the linker, although it might fail"
+	    abs_ladir=$ladir
+	  fi
+	  ;;
+	esac
+	func_basename "$lib"
+	laname=$func_basename_result
+
+	# Find the relevant object directory and library name.
+	if test yes = "$installed"; then
+	  if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    func_warning "library '$lib' was moved."
+	    dir=$ladir
+	    absdir=$abs_ladir
+	    libdir=$abs_ladir
+	  else
+	    dir=$lt_sysroot$libdir
+	    absdir=$lt_sysroot$libdir
+	  fi
+	  test yes = "$hardcode_automatic" && avoidtemprpath=yes
+	else
+	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    dir=$ladir
+	    absdir=$abs_ladir
+	    # Remove this search path later
+	    func_append notinst_path " $abs_ladir"
+	  else
+	    dir=$ladir/$objdir
+	    absdir=$abs_ladir/$objdir
+	    # Remove this search path later
+	    func_append notinst_path " $abs_ladir"
+	  fi
+	fi # $installed = yes
+	func_stripname 'lib' '.la' "$laname"
+	name=$func_stripname_result
+
+	# This library was specified with -dlpreopen.
+	if test dlpreopen = "$pass"; then
+	  if test -z "$libdir" && test prog = "$linkmode"; then
+	    func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'"
+	  fi
+	  case $host in
+	    # special handling for platforms with PE-DLLs.
+	    *cygwin* | *mingw* | *cegcc* )
+	      # Linker will automatically link against shared library if both
+	      # static and shared are present.  Therefore, ensure we extract
+	      # symbols from the import library if a shared library is present
+	      # (otherwise, the dlopen module name will be incorrect).  We do
+	      # this by putting the import library name into $newdlprefiles.
+	      # We recover the dlopen module name by 'saving' the la file
+	      # name in a special purpose variable, and (later) extracting the
+	      # dlname from the la file.
+	      if test -n "$dlname"; then
+	        func_tr_sh "$dir/$linklib"
+	        eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname"
+	        func_append newdlprefiles " $dir/$linklib"
+	      else
+	        func_append newdlprefiles " $dir/$old_library"
+	        # Keep a list of preopened convenience libraries to check
+	        # that they are being used correctly in the link pass.
+	        test -z "$libdir" && \
+	          func_append dlpreconveniencelibs " $dir/$old_library"
+	      fi
+	    ;;
+	    * )
+	      # Prefer using a static library (so that no silly _DYNAMIC symbols
+	      # are required to link).
+	      if test -n "$old_library"; then
+	        func_append newdlprefiles " $dir/$old_library"
+	        # Keep a list of preopened convenience libraries to check
+	        # that they are being used correctly in the link pass.
+	        test -z "$libdir" && \
+	          func_append dlpreconveniencelibs " $dir/$old_library"
+	      # Otherwise, use the dlname, so that lt_dlopen finds it.
+	      elif test -n "$dlname"; then
+	        func_append newdlprefiles " $dir/$dlname"
+	      else
+	        func_append newdlprefiles " $dir/$linklib"
+	      fi
+	    ;;
+	  esac
+	fi # $pass = dlpreopen
+
+	if test -z "$libdir"; then
+	  # Link the convenience library
+	  if test lib = "$linkmode"; then
+	    deplibs="$dir/$old_library $deplibs"
+	  elif test prog,link = "$linkmode,$pass"; then
+	    compile_deplibs="$dir/$old_library $compile_deplibs"
+	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
+	  else
+	    deplibs="$lib $deplibs" # used for prog,scan pass
+	  fi
+	  continue
+	fi
+
+
+	if test prog = "$linkmode" && test link != "$pass"; then
+	  func_append newlib_search_path " $ladir"
+	  deplibs="$lib $deplibs"
+
+	  linkalldeplibs=false
+	  if test no != "$link_all_deplibs" || test -z "$library_names" ||
+	     test no = "$build_libtool_libs"; then
+	    linkalldeplibs=:
+	  fi
+
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    case $deplib in
+	    -L*) func_stripname '-L' '' "$deplib"
+	         func_resolve_sysroot "$func_stripname_result"
+	         func_append newlib_search_path " $func_resolve_sysroot_result"
+		 ;;
+	    esac
+	    # Need to link against all dependency_libs?
+	    if $linkalldeplibs; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      # Need to hardcode shared library paths
+	      # or/and link against static libraries
+	      newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    if $opt_preserve_dup_deps; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) func_append specialdeplibs " $deplib" ;;
+	      esac
+	    fi
+	    func_append tmp_libs " $deplib"
+	  done # for deplib
+	  continue
+	fi # $linkmode = prog...
+
+	if test prog,link = "$linkmode,$pass"; then
+	  if test -n "$library_names" &&
+	     { { test no = "$prefer_static_libs" ||
+	         test built,yes = "$prefer_static_libs,$installed"; } ||
+	       test -z "$old_library"; }; then
+	    # We need to hardcode the library path
+	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then
+	      # Make sure the rpath contains only unique directories.
+	      case $temp_rpath: in
+	      *"$absdir:"*) ;;
+	      *) func_append temp_rpath "$absdir:" ;;
+	      esac
+	    fi
+
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) func_append compile_rpath " $absdir" ;;
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) func_append finalize_rpath " $libdir" ;;
+	      esac
+	      ;;
+	    esac
+	  fi # $linkmode,$pass = prog,link...
+
+	  if $alldeplibs &&
+	     { test pass_all = "$deplibs_check_method" ||
+	       { test yes = "$build_libtool_libs" &&
+		 test -n "$library_names"; }; }; then
+	    # We only need to search for static libraries
+	    continue
+	  fi
+	fi
+
+	link_static=no # Whether the deplib will be linked statically
+	use_static_libs=$prefer_static_libs
+	if test built = "$use_static_libs" && test yes = "$installed"; then
+	  use_static_libs=no
+	fi
+	if test -n "$library_names" &&
+	   { test no = "$use_static_libs" || test -z "$old_library"; }; then
+	  case $host in
+	  *cygwin* | *mingw* | *cegcc* | *os2*)
+	      # No point in relinking DLLs because paths are not encoded
+	      func_append notinst_deplibs " $lib"
+	      need_relink=no
+	    ;;
+	  *)
+	    if test no = "$installed"; then
+	      func_append notinst_deplibs " $lib"
+	      need_relink=yes
+	    fi
+	    ;;
+	  esac
+	  # This is a shared library
+
+	  # Warn about portability, can't link against -module's on some
+	  # systems (darwin).  Don't bleat about dlopened modules though!
+	  dlopenmodule=
+	  for dlpremoduletest in $dlprefiles; do
+	    if test "X$dlpremoduletest" = "X$lib"; then
+	      dlopenmodule=$dlpremoduletest
+	      break
+	    fi
+	  done
+	  if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then
+	    echo
+	    if test prog = "$linkmode"; then
+	      $ECHO "*** Warning: Linking the executable $output against the loadable module"
+	    else
+	      $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+	    fi
+	    $ECHO "*** $linklib is not portable!"
+	  fi
+	  if test lib = "$linkmode" &&
+	     test yes = "$hardcode_into_libs"; then
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) func_append compile_rpath " $absdir" ;;
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) func_append finalize_rpath " $libdir" ;;
+	      esac
+	      ;;
+	    esac
+	  fi
+
+	  if test -n "$old_archive_from_expsyms_cmds"; then
+	    # figure out the soname
+	    set dummy $library_names
+	    shift
+	    realname=$1
+	    shift
+	    libname=`eval "\\$ECHO \"$libname_spec\""`
+	    # use dlname if we got it. it's perfectly good, no?
+	    if test -n "$dlname"; then
+	      soname=$dlname
+	    elif test -n "$soname_spec"; then
+	      # bleh windows
+	      case $host in
+	      *cygwin* | mingw* | *cegcc* | *os2*)
+	        func_arith $current - $age
+		major=$func_arith_result
+		versuffix=-$major
+		;;
+	      esac
+	      eval soname=\"$soname_spec\"
+	    else
+	      soname=$realname
+	    fi
+
+	    # Make a new name for the extract_expsyms_cmds to use
+	    soroot=$soname
+	    func_basename "$soroot"
+	    soname=$func_basename_result
+	    func_stripname 'lib' '.dll' "$soname"
+	    newlib=libimp-$func_stripname_result.a
+
+	    # If the library has no export list, then create one now
+	    if test -f "$output_objdir/$soname-def"; then :
+	    else
+	      func_verbose "extracting exported symbol list from '$soname'"
+	      func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+	    fi
+
+	    # Create $newlib
+	    if test -f "$output_objdir/$newlib"; then :; else
+	      func_verbose "generating import library for '$soname'"
+	      func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+	    fi
+	    # make sure the library variables are pointing to the new library
+	    dir=$output_objdir
+	    linklib=$newlib
+	  fi # test -n "$old_archive_from_expsyms_cmds"
+
+	  if test prog = "$linkmode" || test relink != "$opt_mode"; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    lib_linked=yes
+	    case $hardcode_action in
+	    immediate | unsupported)
+	      if test no = "$hardcode_direct"; then
+		add=$dir/$linklib
+		case $host in
+		  *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;;
+		  *-*-sysv4*uw2*) add_dir=-L$dir ;;
+		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+		    *-*-unixware7*) add_dir=-L$dir ;;
+		  *-*-darwin* )
+		    # if the lib is a (non-dlopened) module then we cannot
+		    # link against it, someone is ignoring the earlier warnings
+		    if /usr/bin/file -L $add 2> /dev/null |
+			 $GREP ": [^:]* bundle" >/dev/null; then
+		      if test "X$dlopenmodule" != "X$lib"; then
+			$ECHO "*** Warning: lib $linklib is a module, not a shared library"
+			if test -z "$old_library"; then
+			  echo
+			  echo "*** And there doesn't seem to be a static archive available"
+			  echo "*** The link will probably fail, sorry"
+			else
+			  add=$dir/$old_library
+			fi
+		      elif test -n "$old_library"; then
+			add=$dir/$old_library
+		      fi
+		    fi
+		esac
+	      elif test no = "$hardcode_minus_L"; then
+		case $host in
+		*-*-sunos*) add_shlibpath=$dir ;;
+		esac
+		add_dir=-L$dir
+		add=-l$name
+	      elif test no = "$hardcode_shlibpath_var"; then
+		add_shlibpath=$dir
+		add=-l$name
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    relink)
+	      if test yes = "$hardcode_direct" &&
+	         test no = "$hardcode_direct_absolute"; then
+		add=$dir/$linklib
+	      elif test yes = "$hardcode_minus_L"; then
+		add_dir=-L$absdir
+		# Try looking first in the location we're being installed to.
+		if test -n "$inst_prefix_dir"; then
+		  case $libdir in
+		    [\\/]*)
+		      func_append add_dir " -L$inst_prefix_dir$libdir"
+		      ;;
+		  esac
+		fi
+		add=-l$name
+	      elif test yes = "$hardcode_shlibpath_var"; then
+		add_shlibpath=$dir
+		add=-l$name
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    *) lib_linked=no ;;
+	    esac
+
+	    if test yes != "$lib_linked"; then
+	      func_fatal_configuration "unsupported hardcode properties"
+	    fi
+
+	    if test -n "$add_shlibpath"; then
+	      case :$compile_shlibpath: in
+	      *":$add_shlibpath:"*) ;;
+	      *) func_append compile_shlibpath "$add_shlibpath:" ;;
+	      esac
+	    fi
+	    if test prog = "$linkmode"; then
+	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	      if test yes != "$hardcode_direct" &&
+		 test yes != "$hardcode_minus_L" &&
+		 test yes = "$hardcode_shlibpath_var"; then
+		case :$finalize_shlibpath: in
+		*":$libdir:"*) ;;
+		*) func_append finalize_shlibpath "$libdir:" ;;
+		esac
+	      fi
+	    fi
+	  fi
+
+	  if test prog = "$linkmode" || test relink = "$opt_mode"; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    # Finalize command for both is simple: just hardcode it.
+	    if test yes = "$hardcode_direct" &&
+	       test no = "$hardcode_direct_absolute"; then
+	      add=$libdir/$linklib
+	    elif test yes = "$hardcode_minus_L"; then
+	      add_dir=-L$libdir
+	      add=-l$name
+	    elif test yes = "$hardcode_shlibpath_var"; then
+	      case :$finalize_shlibpath: in
+	      *":$libdir:"*) ;;
+	      *) func_append finalize_shlibpath "$libdir:" ;;
+	      esac
+	      add=-l$name
+	    elif test yes = "$hardcode_automatic"; then
+	      if test -n "$inst_prefix_dir" &&
+		 test -f "$inst_prefix_dir$libdir/$linklib"; then
+		add=$inst_prefix_dir$libdir/$linklib
+	      else
+		add=$libdir/$linklib
+	      fi
+	    else
+	      # We cannot seem to hardcode it, guess we'll fake it.
+	      add_dir=-L$libdir
+	      # Try looking first in the location we're being installed to.
+	      if test -n "$inst_prefix_dir"; then
+		case $libdir in
+		  [\\/]*)
+		    func_append add_dir " -L$inst_prefix_dir$libdir"
+		    ;;
+		esac
+	      fi
+	      add=-l$name
+	    fi
+
+	    if test prog = "$linkmode"; then
+	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	    fi
+	  fi
+	elif test prog = "$linkmode"; then
+	  # Here we assume that one of hardcode_direct or hardcode_minus_L
+	  # is not unsupported.  This is valid on all known static and
+	  # shared platforms.
+	  if test unsupported != "$hardcode_direct"; then
+	    test -n "$old_library" && linklib=$old_library
+	    compile_deplibs="$dir/$linklib $compile_deplibs"
+	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
+	  else
+	    compile_deplibs="-l$name -L$dir $compile_deplibs"
+	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+	  fi
+	elif test yes = "$build_libtool_libs"; then
+	  # Not a shared library
+	  if test pass_all != "$deplibs_check_method"; then
+	    # We're trying link a shared library against a static one
+	    # but the system doesn't support it.
+
+	    # Just print a warning and add the library to dependency_libs so
+	    # that the program can be linked against the static library.
+	    echo
+	    $ECHO "*** Warning: This system cannot link to static lib archive $lib."
+	    echo "*** I have the capability to make that library automatically link in when"
+	    echo "*** you link to this library.  But I can only do this if you have a"
+	    echo "*** shared version of the library, which you do not appear to have."
+	    if test yes = "$module"; then
+	      echo "*** But as you try to build a module library, libtool will still create "
+	      echo "*** a static module, that should work as long as the dlopening application"
+	      echo "*** is linked with the -dlopen flag to resolve symbols at runtime."
+	      if test -z "$global_symbol_pipe"; then
+		echo
+		echo "*** However, this would only work if libtool was able to extract symbol"
+		echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
+		echo "*** not find such a program.  So, this module is probably useless."
+		echo "*** 'nm' from GNU binutils and a full rebuild may help."
+	      fi
+	      if test no = "$build_old_libs"; then
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  else
+	    deplibs="$dir/$old_library $deplibs"
+	    link_static=yes
+	  fi
+	fi # link shared/static library?
+
+	if test lib = "$linkmode"; then
+	  if test -n "$dependency_libs" &&
+	     { test yes != "$hardcode_into_libs" ||
+	       test yes = "$build_old_libs" ||
+	       test yes = "$link_static"; }; then
+	    # Extract -R from dependency_libs
+	    temp_deplibs=
+	    for libdir in $dependency_libs; do
+	      case $libdir in
+	      -R*) func_stripname '-R' '' "$libdir"
+	           temp_xrpath=$func_stripname_result
+		   case " $xrpath " in
+		   *" $temp_xrpath "*) ;;
+		   *) func_append xrpath " $temp_xrpath";;
+		   esac;;
+	      *) func_append temp_deplibs " $libdir";;
+	      esac
+	    done
+	    dependency_libs=$temp_deplibs
+	  fi
+
+	  func_append newlib_search_path " $absdir"
+	  # Link against this library
+	  test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+	  # ... and its dependency_libs
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    newdependency_libs="$deplib $newdependency_libs"
+	    case $deplib in
+              -L*) func_stripname '-L' '' "$deplib"
+                   func_resolve_sysroot "$func_stripname_result";;
+              *) func_resolve_sysroot "$deplib" ;;
+            esac
+	    if $opt_preserve_dup_deps; then
+	      case "$tmp_libs " in
+	      *" $func_resolve_sysroot_result "*)
+                func_append specialdeplibs " $func_resolve_sysroot_result" ;;
+	      esac
+	    fi
+	    func_append tmp_libs " $func_resolve_sysroot_result"
+	  done
+
+	  if test no != "$link_all_deplibs"; then
+	    # Add the search paths of all dependency libraries
+	    for deplib in $dependency_libs; do
+	      path=
+	      case $deplib in
+	      -L*) path=$deplib ;;
+	      *.la)
+	        func_resolve_sysroot "$deplib"
+	        deplib=$func_resolve_sysroot_result
+	        func_dirname "$deplib" "" "."
+		dir=$func_dirname_result
+		# We need an absolute path.
+		case $dir in
+		[\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;;
+		*)
+		  absdir=`cd "$dir" && pwd`
+		  if test -z "$absdir"; then
+		    func_warning "cannot determine absolute directory name of '$dir'"
+		    absdir=$dir
+		  fi
+		  ;;
+		esac
+		if $GREP "^installed=no" $deplib > /dev/null; then
+		case $host in
+		*-*-darwin*)
+		  depdepl=
+		  eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+		  if test -n "$deplibrary_names"; then
+		    for tmp in $deplibrary_names; do
+		      depdepl=$tmp
+		    done
+		    if test -f "$absdir/$objdir/$depdepl"; then
+		      depdepl=$absdir/$objdir/$depdepl
+		      darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+                      if test -z "$darwin_install_name"; then
+                          darwin_install_name=`$OTOOL64 -L $depdepl  | awk '{if (NR == 2) {print $1;exit}}'`
+                      fi
+		      func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl"
+		      func_append linker_flags " -dylib_file $darwin_install_name:$depdepl"
+		      path=
+		    fi
+		  fi
+		  ;;
+		*)
+		  path=-L$absdir/$objdir
+		  ;;
+		esac
+		else
+		  eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  test -z "$libdir" && \
+		    func_fatal_error "'$deplib' is not a valid libtool archive"
+		  test "$absdir" != "$libdir" && \
+		    func_warning "'$deplib' seems to be moved"
+
+		  path=-L$absdir
+		fi
+		;;
+	      esac
+	      case " $deplibs " in
+	      *" $path "*) ;;
+	      *) deplibs="$path $deplibs" ;;
+	      esac
+	    done
+	  fi # link_all_deplibs != no
+	fi # linkmode = lib
+      done # for deplib in $libs
+      if test link = "$pass"; then
+	if test prog = "$linkmode"; then
+	  compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+	  finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+	else
+	  compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	fi
+      fi
+      dependency_libs=$newdependency_libs
+      if test dlpreopen = "$pass"; then
+	# Link the dlpreopened libraries before other libraries
+	for deplib in $save_deplibs; do
+	  deplibs="$deplib $deplibs"
+	done
+      fi
+      if test dlopen != "$pass"; then
+	test conv = "$pass" || {
+	  # Make sure lib_search_path contains only unique directories.
+	  lib_search_path=
+	  for dir in $newlib_search_path; do
+	    case "$lib_search_path " in
+	    *" $dir "*) ;;
+	    *) func_append lib_search_path " $dir" ;;
+	    esac
+	  done
+	  newlib_search_path=
+	}
+
+	if test prog,link = "$linkmode,$pass"; then
+	  vars="compile_deplibs finalize_deplibs"
+	else
+	  vars=deplibs
+	fi
+	for var in $vars dependency_libs; do
+	  # Add libraries to $var in reverse order
+	  eval tmp_libs=\"\$$var\"
+	  new_libs=
+	  for deplib in $tmp_libs; do
+	    # FIXME: Pedantically, this is the right thing to do, so
+	    #        that some nasty dependency loop isn't accidentally
+	    #        broken:
+	    #new_libs="$deplib $new_libs"
+	    # Pragmatically, this seems to cause very few problems in
+	    # practice:
+	    case $deplib in
+	    -L*) new_libs="$deplib $new_libs" ;;
+	    -R*) ;;
+	    *)
+	      # And here is the reason: when a library appears more
+	      # than once as an explicit dependence of a library, or
+	      # is implicitly linked in more than once by the
+	      # compiler, it is considered special, and multiple
+	      # occurrences thereof are not removed.  Compare this
+	      # with having the same library being listed as a
+	      # dependency of multiple other libraries: in this case,
+	      # we know (pedantically, we assume) the library does not
+	      # need to be listed more than once, so we keep only the
+	      # last copy.  This is not always right, but it is rare
+	      # enough that we require users that really mean to play
+	      # such unportable linking tricks to link the library
+	      # using -Wl,-lname, so that libtool does not consider it
+	      # for duplicate removal.
+	      case " $specialdeplibs " in
+	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	      *)
+		case " $new_libs " in
+		*" $deplib "*) ;;
+		*) new_libs="$deplib $new_libs" ;;
+		esac
+		;;
+	      esac
+	      ;;
+	    esac
+	  done
+	  tmp_libs=
+	  for deplib in $new_libs; do
+	    case $deplib in
+	    -L*)
+	      case " $tmp_libs " in
+	      *" $deplib "*) ;;
+	      *) func_append tmp_libs " $deplib" ;;
+	      esac
+	      ;;
+	    *) func_append tmp_libs " $deplib" ;;
+	    esac
+	  done
+	  eval $var=\"$tmp_libs\"
+	done # for var
+      fi
+
+      # Add Sun CC postdeps if required:
+      test CXX = "$tagname" && {
+        case $host_os in
+        linux*)
+          case `$CC -V 2>&1 | sed 5q` in
+          *Sun\ C*) # Sun C++ 5.9
+            func_suncc_cstd_abi
+
+            if test no != "$suncc_use_cstd_abi"; then
+              func_append postdeps ' -library=Cstd -library=Crun'
+            fi
+            ;;
+          esac
+          ;;
+
+        solaris*)
+          func_cc_basename "$CC"
+          case $func_cc_basename_result in
+          CC* | sunCC*)
+            func_suncc_cstd_abi
+
+            if test no != "$suncc_use_cstd_abi"; then
+              func_append postdeps ' -library=Cstd -library=Crun'
+            fi
+            ;;
+          esac
+          ;;
+        esac
+      }
+
+      # Last step: remove runtime libs from dependency_libs
+      # (they stay in deplibs)
+      tmp_libs=
+      for i in $dependency_libs; do
+	case " $predeps $postdeps $compiler_lib_search_path " in
+	*" $i "*)
+	  i=
+	  ;;
+	esac
+	if test -n "$i"; then
+	  func_append tmp_libs " $i"
+	fi
+      done
+      dependency_libs=$tmp_libs
+    done # for pass
+    if test prog = "$linkmode"; then
+      dlfiles=$newdlfiles
+    fi
+    if test prog = "$linkmode" || test lib = "$linkmode"; then
+      dlprefiles=$newdlprefiles
+    fi
+
+    case $linkmode in
+    oldlib)
+      if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
+	func_warning "'-dlopen' is ignored for archives"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "'-l' and '-L' are ignored for archives" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "'-rpath' is ignored for archives"
+
+      test -n "$xrpath" && \
+	func_warning "'-R' is ignored for archives"
+
+      test -n "$vinfo" && \
+	func_warning "'-version-info/-version-number' is ignored for archives"
+
+      test -n "$release" && \
+	func_warning "'-release' is ignored for archives"
+
+      test -n "$export_symbols$export_symbols_regex" && \
+	func_warning "'-export-symbols' is ignored for archives"
+
+      # Now set the variables for building old libraries.
+      build_libtool_libs=no
+      oldlibs=$output
+      func_append objs "$old_deplibs"
+      ;;
+
+    lib)
+      # Make sure we only generate libraries of the form 'libNAME.la'.
+      case $outputname in
+      lib*)
+	func_stripname 'lib' '.la' "$outputname"
+	name=$func_stripname_result
+	eval shared_ext=\"$shrext_cmds\"
+	eval libname=\"$libname_spec\"
+	;;
+      *)
+	test no = "$module" \
+	  && func_fatal_help "libtool library '$output' must begin with 'lib'"
+
+	if test no != "$need_lib_prefix"; then
+	  # Add the "lib" prefix for modules if required
+	  func_stripname '' '.la' "$outputname"
+	  name=$func_stripname_result
+	  eval shared_ext=\"$shrext_cmds\"
+	  eval libname=\"$libname_spec\"
+	else
+	  func_stripname '' '.la' "$outputname"
+	  libname=$func_stripname_result
+	fi
+	;;
+      esac
+
+      if test -n "$objs"; then
+	if test pass_all != "$deplibs_check_method"; then
+	  func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs"
+	else
+	  echo
+	  $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+	  $ECHO "*** objects $objs is not portable!"
+	  func_append libobjs " $objs"
+	fi
+      fi
+
+      test no = "$dlself" \
+	|| func_warning "'-dlopen self' is ignored for libtool libraries"
+
+      set dummy $rpath
+      shift
+      test 1 -lt "$#" \
+	&& func_warning "ignoring multiple '-rpath's for a libtool library"
+
+      install_libdir=$1
+
+      oldlibs=
+      if test -z "$rpath"; then
+	if test yes = "$build_libtool_libs"; then
+	  # Building a libtool convenience library.
+	  # Some compilers have problems with a '.al' extension so
+	  # convenience libraries should have the same extension an
+	  # archive normally would.
+	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
+	  build_libtool_libs=convenience
+	  build_old_libs=yes
+	fi
+
+	test -n "$vinfo" && \
+	  func_warning "'-version-info/-version-number' is ignored for convenience libraries"
+
+	test -n "$release" && \
+	  func_warning "'-release' is ignored for convenience libraries"
+      else
+
+	# Parse the version information argument.
+	save_ifs=$IFS; IFS=:
+	set dummy $vinfo 0 0 0
+	shift
+	IFS=$save_ifs
+
+	test -n "$7" && \
+	  func_fatal_help "too many parameters to '-version-info'"
+
+	# convert absolute version numbers to libtool ages
+	# this retains compatibility with .la files and attempts
+	# to make the code below a bit more comprehensible
+
+	case $vinfo_number in
+	yes)
+	  number_major=$1
+	  number_minor=$2
+	  number_revision=$3
+	  #
+	  # There are really only two kinds -- those that
+	  # use the current revision as the major version
+	  # and those that subtract age and use age as
+	  # a minor version.  But, then there is irix
+	  # that has an extra 1 added just for fun
+	  #
+	  case $version_type in
+	  # correct linux to gnu/linux during the next big refactor
+	  darwin|freebsd-elf|linux|osf|windows|none)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age=$number_minor
+	    revision=$number_revision
+	    ;;
+	  freebsd-aout|qnx|sunos)
+	    current=$number_major
+	    revision=$number_minor
+	    age=0
+	    ;;
+	  irix|nonstopux)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age=$number_minor
+	    revision=$number_minor
+	    lt_irix_increment=no
+	    ;;
+	  esac
+	  ;;
+	no)
+	  current=$1
+	  revision=$2
+	  age=$3
+	  ;;
+	esac
+
+	# Check that each of the things are valid numbers.
+	case $current in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "CURRENT '$current' must be a nonnegative integer"
+	  func_fatal_error "'$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $revision in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "REVISION '$revision' must be a nonnegative integer"
+	  func_fatal_error "'$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $age in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "AGE '$age' must be a nonnegative integer"
+	  func_fatal_error "'$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	if test "$age" -gt "$current"; then
+	  func_error "AGE '$age' is greater than the current interface number '$current'"
+	  func_fatal_error "'$vinfo' is not valid version information"
+	fi
+
+	# Calculate the version variables.
+	major=
+	versuffix=
+	verstring=
+	case $version_type in
+	none) ;;
+
+	darwin)
+	  # Like Linux, but with the current version available in
+	  # verstring for coding it into the library header
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=$major.$age.$revision
+	  # Darwin ld doesn't like 0 for these options...
+	  func_arith $current + 1
+	  minor_current=$func_arith_result
+	  xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
+	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+          # On Darwin other compilers
+          case $CC in
+              nagfor*)
+                  verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision"
+                  ;;
+              *)
+                  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+                  ;;
+          esac
+	  ;;
+
+	freebsd-aout)
+	  major=.$current
+	  versuffix=.$current.$revision
+	  ;;
+
+	freebsd-elf)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=$major.$age.$revision
+	  ;;
+
+	irix | nonstopux)
+	  if test no = "$lt_irix_increment"; then
+	    func_arith $current - $age
+	  else
+	    func_arith $current - $age + 1
+	  fi
+	  major=$func_arith_result
+
+	  case $version_type in
+	    nonstopux) verstring_prefix=nonstopux ;;
+	    *)         verstring_prefix=sgi ;;
+	  esac
+	  verstring=$verstring_prefix$major.$revision
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$revision
+	  while test 0 -ne "$loop"; do
+	    func_arith $revision - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring=$verstring_prefix$major.$iface:$verstring
+	  done
+
+	  # Before this point, $major must not contain '.'.
+	  major=.$major
+	  versuffix=$major.$revision
+	  ;;
+
+	linux) # correct to gnu/linux during the next big refactor
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=$major.$age.$revision
+	  ;;
+
+	osf)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=.$current.$age.$revision
+	  verstring=$current.$age.$revision
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$age
+	  while test 0 -ne "$loop"; do
+	    func_arith $current - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring=$verstring:$iface.0
+	  done
+
+	  # Make executables depend on our current version.
+	  func_append verstring ":$current.0"
+	  ;;
+
+	qnx)
+	  major=.$current
+	  versuffix=.$current
+	  ;;
+
+	sco)
+	  major=.$current
+	  versuffix=.$current
+	  ;;
+
+	sunos)
+	  major=.$current
+	  versuffix=.$current.$revision
+	  ;;
+
+	windows)
+	  # Use '-' rather than '.', since we only want one
+	  # extension on DOS 8.3 file systems.
+	  func_arith $current - $age
+	  major=$func_arith_result
+	  versuffix=-$major
+	  ;;
+
+	*)
+	  func_fatal_configuration "unknown library version type '$version_type'"
+	  ;;
+	esac
+
+	# Clear the version info if we defaulted, and they specified a release.
+	if test -z "$vinfo" && test -n "$release"; then
+	  major=
+	  case $version_type in
+	  darwin)
+	    # we can't check for "0.0" in archive_cmds due to quoting
+	    # problems, so we reset it completely
+	    verstring=
+	    ;;
+	  *)
+	    verstring=0.0
+	    ;;
+	  esac
+	  if test no = "$need_version"; then
+	    versuffix=
+	  else
+	    versuffix=.0.0
+	  fi
+	fi
+
+	# Remove version info from name if versioning should be avoided
+	if test yes,no = "$avoid_version,$need_version"; then
+	  major=
+	  versuffix=
+	  verstring=
+	fi
+
+	# Check to see if the archive will have undefined symbols.
+	if test yes = "$allow_undefined"; then
+	  if test unsupported = "$allow_undefined_flag"; then
+	    if test yes = "$build_old_libs"; then
+	      func_warning "undefined symbols not allowed in $host shared libraries; building static only"
+	      build_libtool_libs=no
+	    else
+	      func_fatal_error "can't build $host shared library unless -no-undefined is specified"
+	    fi
+	  fi
+	else
+	  # Don't allow undefined symbols.
+	  allow_undefined_flag=$no_undefined_flag
+	fi
+
+      fi
+
+      func_generate_dlsyms "$libname" "$libname" :
+      func_append libobjs " $symfileobj"
+      test " " = "$libobjs" && libobjs=
+
+      if test relink != "$opt_mode"; then
+	# Remove our outputs, but don't remove object files since they
+	# may have been created when compiling PIC objects.
+	removelist=
+	tempremovelist=`$ECHO "$output_objdir/*"`
+	for p in $tempremovelist; do
+	  case $p in
+	    *.$objext | *.gcno)
+	       ;;
+	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*)
+	       if test -n "$precious_files_regex"; then
+		 if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+		 then
+		   continue
+		 fi
+	       fi
+	       func_append removelist " $p"
+	       ;;
+	    *) ;;
+	  esac
+	done
+	test -n "$removelist" && \
+	  func_show_eval "${RM}r \$removelist"
+      fi
+
+      # Now set the variables for building old libraries.
+      if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then
+	func_append oldlibs " $output_objdir/$libname.$libext"
+
+	# Transform .lo files to .o files.
+	oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP`
+      fi
+
+      # Eliminate all temporary directories.
+      #for path in $notinst_path; do
+      #	lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"`
+      #	deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"`
+      #	dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"`
+      #done
+
+      if test -n "$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	temp_xrpath=
+	for libdir in $xrpath; do
+	  func_replace_sysroot "$libdir"
+	  func_append temp_xrpath " -R$func_replace_sysroot_result"
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) func_append finalize_rpath " $libdir" ;;
+	  esac
+	done
+	if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then
+	  dependency_libs="$temp_xrpath $dependency_libs"
+	fi
+      fi
+
+      # Make sure dlfiles contains only unique files that won't be dlpreopened
+      old_dlfiles=$dlfiles
+      dlfiles=
+      for lib in $old_dlfiles; do
+	case " $dlprefiles $dlfiles " in
+	*" $lib "*) ;;
+	*) func_append dlfiles " $lib" ;;
+	esac
+      done
+
+      # Make sure dlprefiles contains only unique files
+      old_dlprefiles=$dlprefiles
+      dlprefiles=
+      for lib in $old_dlprefiles; do
+	case "$dlprefiles " in
+	*" $lib "*) ;;
+	*) func_append dlprefiles " $lib" ;;
+	esac
+      done
+
+      if test yes = "$build_libtool_libs"; then
+	if test -n "$rpath"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*)
+	    # these systems don't actually have a c library (as such)!
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C library is in the System framework
+	    func_append deplibs " System.ltframework"
+	    ;;
+	  *-*-netbsd*)
+	    # Don't link with libc until the a.out ld.so is fixed.
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    ;;
+	  *)
+	    # Add libc to deplibs on all other systems if necessary.
+	    if test yes = "$build_libtool_need_lc"; then
+	      func_append deplibs " -lc"
+	    fi
+	    ;;
+	  esac
+	fi
+
+	# Transform deplibs into only deplibs that can be linked in shared.
+	name_save=$name
+	libname_save=$libname
+	release_save=$release
+	versuffix_save=$versuffix
+	major_save=$major
+	# I'm not sure if I'm treating the release correctly.  I think
+	# release should show up in the -l (ie -lgmp5) so we don't want to
+	# add it in twice.  Is that correct?
+	release=
+	versuffix=
+	major=
+	newdeplibs=
+	droppeddeps=no
+	case $deplibs_check_method in
+	pass_all)
+	  # Don't check for shared/static.  Everything works.
+	  # This might be a little naive.  We might want to check
+	  # whether the library exists or not.  But this is on
+	  # osf3 & osf4 and I'm not really sure... Just
+	  # implementing what was already the behavior.
+	  newdeplibs=$deplibs
+	  ;;
+	test_compile)
+	  # This code stresses the "libraries are programs" paradigm to its
+	  # limits. Maybe even breaks it.  We compile a program, linking it
+	  # against the deplibs as a proxy for the library.  Then we can check
+	  # whether they linked in statically or dynamically with ldd.
+	  $opt_dry_run || $RM conftest.c
+	  cat > conftest.c <<EOF
+	  int main() { return 0; }
+EOF
+	  $opt_dry_run || $RM conftest
+	  if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+	    ldd_output=`ldd conftest`
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+		  case " $predeps $postdeps " in
+		  *" $i "*)
+		    func_append newdeplibs " $i"
+		    i=
+		    ;;
+		  esac
+		fi
+		if test -n "$i"; then
+		  libname=`eval "\\$ECHO \"$libname_spec\""`
+		  deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		  set dummy $deplib_matches; shift
+		  deplib_match=$1
+		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
+		    func_append newdeplibs " $i"
+		  else
+		    droppeddeps=yes
+		    echo
+		    $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		    echo "*** I have the capability to make that library automatically link in when"
+		    echo "*** you link to this library.  But I can only do this if you have a"
+		    echo "*** shared version of the library, which I believe you do not have"
+		    echo "*** because a test_compile did reveal that the linker did not use it for"
+		    echo "*** its dynamic dependency list that programs get resolved with at runtime."
+		  fi
+		fi
+		;;
+	      *)
+		func_append newdeplibs " $i"
+		;;
+	      esac
+	    done
+	  else
+	    # Error occurred in the first compile.  Let's try to salvage
+	    # the situation: Compile a separate program for each library.
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		$opt_dry_run || $RM conftest
+		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+		  ldd_output=`ldd conftest`
+		  if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+		    case " $predeps $postdeps " in
+		    *" $i "*)
+		      func_append newdeplibs " $i"
+		      i=
+		      ;;
+		    esac
+		  fi
+		  if test -n "$i"; then
+		    libname=`eval "\\$ECHO \"$libname_spec\""`
+		    deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		    set dummy $deplib_matches; shift
+		    deplib_match=$1
+		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then
+		      func_append newdeplibs " $i"
+		    else
+		      droppeddeps=yes
+		      echo
+		      $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		      echo "*** I have the capability to make that library automatically link in when"
+		      echo "*** you link to this library.  But I can only do this if you have a"
+		      echo "*** shared version of the library, which you do not appear to have"
+		      echo "*** because a test_compile did reveal that the linker did not use this one"
+		      echo "*** as a dynamic dependency that programs can get resolved with at runtime."
+		    fi
+		  fi
+		else
+		  droppeddeps=yes
+		  echo
+		  $ECHO "*** Warning!  Library $i is needed by this library but I was not able to"
+		  echo "*** make it link in!  You will probably need to install it or some"
+		  echo "*** library that it depends on before this library will be fully"
+		  echo "*** functional.  Installing it before continuing would be even better."
+		fi
+		;;
+	      *)
+		func_append newdeplibs " $i"
+		;;
+	      esac
+	    done
+	  fi
+	  ;;
+	file_magic*)
+	  set dummy $deplibs_check_method; shift
+	  file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  func_append newdeplibs " $a_deplib"
+		  a_deplib=
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib"; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		if test -n "$file_magic_glob"; then
+		  libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob`
+		else
+		  libnameglob=$libname
+		fi
+		test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  if test yes = "$want_nocaseglob"; then
+		    shopt -s nocaseglob
+		    potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
+		    $nocaseglob
+		  else
+		    potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null`
+		  fi
+		  for potent_lib in $potential_libs; do
+		      # Follow soft links.
+		      if ls -lLd "$potent_lib" 2>/dev/null |
+			 $GREP " -> " >/dev/null; then
+			continue
+		      fi
+		      # The statement above tries to avoid entering an
+		      # endless loop below, in case of cyclic links.
+		      # We might still enter an endless loop, since a link
+		      # loop can be closed while we follow links,
+		      # but so what?
+		      potlib=$potent_lib
+		      while test -h "$potlib" 2>/dev/null; do
+			potliblink=`ls -ld $potlib | $SED 's/.* -> //'`
+			case $potliblink in
+			[\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;;
+			*) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";;
+			esac
+		      done
+		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+			 $SED -e 10q |
+			 $EGREP "$file_magic_regex" > /dev/null; then
+			func_append newdeplibs " $a_deplib"
+			a_deplib=
+			break 2
+		      fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib"; then
+		droppeddeps=yes
+		echo
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		echo "*** I have the capability to make that library automatically link in when"
+		echo "*** you link to this library.  But I can only do this if you have a"
+		echo "*** shared version of the library, which you do not appear to have"
+		echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib"; then
+		  $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a file magic. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      func_append newdeplibs " $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	match_pattern*)
+	  set dummy $deplibs_check_method; shift
+	  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  func_append newdeplibs " $a_deplib"
+		  a_deplib=
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib"; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		    potlib=$potent_lib # see symlink-check above in file_magic test
+		    if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \
+		       $EGREP "$match_pattern_regex" > /dev/null; then
+		      func_append newdeplibs " $a_deplib"
+		      a_deplib=
+		      break 2
+		    fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib"; then
+		droppeddeps=yes
+		echo
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		echo "*** I have the capability to make that library automatically link in when"
+		echo "*** you link to this library.  But I can only do this if you have a"
+		echo "*** shared version of the library, which you do not appear to have"
+		echo "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib"; then
+		  $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a regex pattern. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      func_append newdeplibs " $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	none | unknown | *)
+	  newdeplibs=
+	  tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'`
+	  if test yes = "$allow_libtool_libs_with_static_runtimes"; then
+	    for i in $predeps $postdeps; do
+	      # can't use Xsed below, because $i might contain '/'
+	      tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"`
+	    done
+	  fi
+	  case $tmp_deplibs in
+	  *[!\	\ ]*)
+	    echo
+	    if test none = "$deplibs_check_method"; then
+	      echo "*** Warning: inter-library dependencies are not supported in this platform."
+	    else
+	      echo "*** Warning: inter-library dependencies are not known to be supported."
+	    fi
+	    echo "*** All declared inter-library dependencies are being dropped."
+	    droppeddeps=yes
+	    ;;
+	  esac
+	  ;;
+	esac
+	versuffix=$versuffix_save
+	major=$major_save
+	release=$release_save
+	libname=$libname_save
+	name=$name_save
+
+	case $host in
+	*-*-rhapsody* | *-*-darwin1.[012])
+	  # On Rhapsody replace the C library with the System framework
+	  newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'`
+	  ;;
+	esac
+
+	if test yes = "$droppeddeps"; then
+	  if test yes = "$module"; then
+	    echo
+	    echo "*** Warning: libtool could not satisfy all declared inter-library"
+	    $ECHO "*** dependencies of module $libname.  Therefore, libtool will create"
+	    echo "*** a static module, that should work as long as the dlopening"
+	    echo "*** application is linked with the -dlopen flag."
+	    if test -z "$global_symbol_pipe"; then
+	      echo
+	      echo "*** However, this would only work if libtool was able to extract symbol"
+	      echo "*** lists from a program, using 'nm' or equivalent, but libtool could"
+	      echo "*** not find such a program.  So, this module is probably useless."
+	      echo "*** 'nm' from GNU binutils and a full rebuild may help."
+	    fi
+	    if test no = "$build_old_libs"; then
+	      oldlibs=$output_objdir/$libname.$libext
+	      build_libtool_libs=module
+	      build_old_libs=yes
+	    else
+	      build_libtool_libs=no
+	    fi
+	  else
+	    echo "*** The inter-library dependencies that have been dropped here will be"
+	    echo "*** automatically added whenever a program is linked with this library"
+	    echo "*** or is declared to -dlopen it."
+
+	    if test no = "$allow_undefined"; then
+	      echo
+	      echo "*** Since this library must not contain undefined symbols,"
+	      echo "*** because either the platform does not support them or"
+	      echo "*** it was explicitly requested with -no-undefined,"
+	      echo "*** libtool will only create a static version of it."
+	      if test no = "$build_old_libs"; then
+		oldlibs=$output_objdir/$libname.$libext
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  fi
+	fi
+	# Done checking deplibs!
+	deplibs=$newdeplibs
+      fi
+      # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+      case $host in
+	*-*-darwin*)
+	  newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  ;;
+      esac
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $deplibs " in
+	  *" -L$path/$objdir "*)
+	    func_append new_libs " -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) func_append new_libs " $deplib" ;;
+	  esac
+	  ;;
+	*) func_append new_libs " $deplib" ;;
+	esac
+      done
+      deplibs=$new_libs
+
+      # All the library-specific variables (install_libdir is set above).
+      library_names=
+      old_library=
+      dlname=
+
+      # Test again, we may have decided not to build it any more
+      if test yes = "$build_libtool_libs"; then
+	# Remove $wl instances when linking with ld.
+	# FIXME: should test the right _cmds variable.
+	case $archive_cmds in
+	  *\$LD\ *) wl= ;;
+        esac
+	if test yes = "$hardcode_into_libs"; then
+	  # Hardcode the library paths
+	  hardcode_libdirs=
+	  dep_rpath=
+	  rpath=$finalize_rpath
+	  test relink = "$opt_mode" || rpath=$compile_rpath$rpath
+	  for libdir in $rpath; do
+	    if test -n "$hardcode_libdir_flag_spec"; then
+	      if test -n "$hardcode_libdir_separator"; then
+		func_replace_sysroot "$libdir"
+		libdir=$func_replace_sysroot_result
+		if test -z "$hardcode_libdirs"; then
+		  hardcode_libdirs=$libdir
+		else
+		  # Just accumulate the unique libdirs.
+		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		    ;;
+		  *)
+		    func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
+		    ;;
+		  esac
+		fi
+	      else
+		eval flag=\"$hardcode_libdir_flag_spec\"
+		func_append dep_rpath " $flag"
+	      fi
+	    elif test -n "$runpath_var"; then
+	      case "$perm_rpath " in
+	      *" $libdir "*) ;;
+	      *) func_append perm_rpath " $libdir" ;;
+	      esac
+	    fi
+	  done
+	  # Substitute the hardcoded libdirs into the rpath.
+	  if test -n "$hardcode_libdir_separator" &&
+	     test -n "$hardcode_libdirs"; then
+	    libdir=$hardcode_libdirs
+	    eval "dep_rpath=\"$hardcode_libdir_flag_spec\""
+	  fi
+	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
+	    # We should set the runpath_var.
+	    rpath=
+	    for dir in $perm_rpath; do
+	      func_append rpath "$dir:"
+	    done
+	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+	  fi
+	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+	fi
+
+	shlibpath=$finalize_shlibpath
+	test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath
+	if test -n "$shlibpath"; then
+	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+	fi
+
+	# Get the real and link names of the library.
+	eval shared_ext=\"$shrext_cmds\"
+	eval library_names=\"$library_names_spec\"
+	set dummy $library_names
+	shift
+	realname=$1
+	shift
+
+	if test -n "$soname_spec"; then
+	  eval soname=\"$soname_spec\"
+	else
+	  soname=$realname
+	fi
+	if test -z "$dlname"; then
+	  dlname=$soname
+	fi
+
+	lib=$output_objdir/$realname
+	linknames=
+	for link
+	do
+	  func_append linknames " $link"
+	done
+
+	# Use standard objects if they are pic
+	test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP`
+	test "X$libobjs" = "X " && libobjs=
+
+	delfiles=
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+	  export_symbols=$output_objdir/$libname.uexp
+	  func_append delfiles " $export_symbols"
+	fi
+
+	orig_export_symbols=
+	case $host_os in
+	cygwin* | mingw* | cegcc*)
+	  if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+	    # exporting using user supplied symfile
+	    func_dll_def_p "$export_symbols" || {
+	      # and it's NOT already a .def file. Must figure out
+	      # which of the given symbols are data symbols and tag
+	      # them as such. So, trigger use of export_symbols_cmds.
+	      # export_symbols gets reassigned inside the "prepare
+	      # the list of exported symbols" if statement, so the
+	      # include_expsyms logic still works.
+	      orig_export_symbols=$export_symbols
+	      export_symbols=
+	      always_export_symbols=yes
+	    }
+	  fi
+	  ;;
+	esac
+
+	# Prepare the list of exported symbols
+	if test -z "$export_symbols"; then
+	  if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then
+	    func_verbose "generating symbol list for '$libname.la'"
+	    export_symbols=$output_objdir/$libname.exp
+	    $opt_dry_run || $RM $export_symbols
+	    cmds=$export_symbols_cmds
+	    save_ifs=$IFS; IFS='~'
+	    for cmd1 in $cmds; do
+	      IFS=$save_ifs
+	      # Take the normal branch if the nm_file_list_spec branch
+	      # doesn't work or if tool conversion is not needed.
+	      case $nm_file_list_spec~$to_tool_file_cmd in
+		*~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*)
+		  try_normal_branch=yes
+		  eval cmd=\"$cmd1\"
+		  func_len " $cmd"
+		  len=$func_len_result
+		  ;;
+		*)
+		  try_normal_branch=no
+		  ;;
+	      esac
+	      if test yes = "$try_normal_branch" \
+		 && { test "$len" -lt "$max_cmd_len" \
+		      || test "$max_cmd_len" -le -1; }
+	      then
+		func_show_eval "$cmd" 'exit $?'
+		skipped_export=false
+	      elif test -n "$nm_file_list_spec"; then
+		func_basename "$output"
+		output_la=$func_basename_result
+		save_libobjs=$libobjs
+		save_output=$output
+		output=$output_objdir/$output_la.nm
+		func_to_tool_file "$output"
+		libobjs=$nm_file_list_spec$func_to_tool_file_result
+		func_append delfiles " $output"
+		func_verbose "creating $NM input file list: $output"
+		for obj in $save_libobjs; do
+		  func_to_tool_file "$obj"
+		  $ECHO "$func_to_tool_file_result"
+		done > "$output"
+		eval cmd=\"$cmd1\"
+		func_show_eval "$cmd" 'exit $?'
+		output=$save_output
+		libobjs=$save_libobjs
+		skipped_export=false
+	      else
+		# The command line is too long to execute in one step.
+		func_verbose "using reloadable object file for export list..."
+		skipped_export=:
+		# Break out early, otherwise skipped_export may be
+		# set to false by a later but shorter cmd.
+		break
+	      fi
+	    done
+	    IFS=$save_ifs
+	    if test -n "$export_symbols_regex" && test : != "$skipped_export"; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+	fi
+
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  tmp_export_symbols=$export_symbols
+	  test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
+	  $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
+	fi
+
+	if test : != "$skipped_export" && test -n "$orig_export_symbols"; then
+	  # The given exports_symbols file has to be filtered, so filter it.
+	  func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
+	  # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	  # 's' commands, which not all seds can handle. GNU sed should be fine
+	  # though. Also, the filter scales superlinearly with the number of
+	  # global variables. join(1) would be nice here, but unfortunately
+	  # isn't a blessed tool.
+	  $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	  func_append delfiles " $export_symbols $output_objdir/$libname.filter"
+	  export_symbols=$output_objdir/$libname.def
+	  $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	fi
+
+	tmp_deplibs=
+	for test_deplib in $deplibs; do
+	  case " $convenience " in
+	  *" $test_deplib "*) ;;
+	  *)
+	    func_append tmp_deplibs " $test_deplib"
+	    ;;
+	  esac
+	done
+	deplibs=$tmp_deplibs
+
+	if test -n "$convenience"; then
+	  if test -n "$whole_archive_flag_spec" &&
+	    test yes = "$compiler_needs_object" &&
+	    test -z "$libobjs"; then
+	    # extract the archives, so we have objects to list.
+	    # TODO: could optimize this to just extract one archive.
+	    whole_archive_flag_spec=
+	  fi
+	  if test -n "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  else
+	    gentop=$output_objdir/${outputname}x
+	    func_append generated " $gentop"
+
+	    func_extract_archives $gentop $convenience
+	    func_append libobjs " $func_extract_archives_result"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	fi
+
+	if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then
+	  eval flag=\"$thread_safe_flag_spec\"
+	  func_append linker_flags " $flag"
+	fi
+
+	# Make a backup of the uninstalled library when relinking
+	if test relink = "$opt_mode"; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+	fi
+
+	# Do each of the archive commands.
+	if test yes = "$module" && test -n "$module_cmds"; then
+	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	    eval test_cmds=\"$module_expsym_cmds\"
+	    cmds=$module_expsym_cmds
+	  else
+	    eval test_cmds=\"$module_cmds\"
+	    cmds=$module_cmds
+	  fi
+	else
+	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	    eval test_cmds=\"$archive_expsym_cmds\"
+	    cmds=$archive_expsym_cmds
+	  else
+	    eval test_cmds=\"$archive_cmds\"
+	    cmds=$archive_cmds
+	  fi
+	fi
+
+	if test : != "$skipped_export" &&
+	   func_len " $test_cmds" &&
+	   len=$func_len_result &&
+	   test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  :
+	else
+	  # The command line is too long to link in one step, link piecewise
+	  # or, if using GNU ld and skipped_export is not :, use a linker
+	  # script.
+
+	  # Save the value of $output and $libobjs because we want to
+	  # use them later.  If we have whole_archive_flag_spec, we
+	  # want to use save_libobjs as it was before
+	  # whole_archive_flag_spec was expanded, because we can't
+	  # assume the linker understands whole_archive_flag_spec.
+	  # This may have to be revisited, in case too many
+	  # convenience libraries get linked in and end up exceeding
+	  # the spec.
+	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	  fi
+	  save_output=$output
+	  func_basename "$output"
+	  output_la=$func_basename_result
+
+	  # Clear the reloadable object creation command queue and
+	  # initialize k to one.
+	  test_cmds=
+	  concat_cmds=
+	  objlist=
+	  last_robj=
+	  k=1
+
+	  if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then
+	    output=$output_objdir/$output_la.lnkscript
+	    func_verbose "creating GNU ld script: $output"
+	    echo 'INPUT (' > $output
+	    for obj in $save_libobjs
+	    do
+	      func_to_tool_file "$obj"
+	      $ECHO "$func_to_tool_file_result" >> $output
+	    done
+	    echo ')' >> $output
+	    func_append delfiles " $output"
+	    func_to_tool_file "$output"
+	    output=$func_to_tool_file_result
+	  elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then
+	    output=$output_objdir/$output_la.lnk
+	    func_verbose "creating linker input file list: $output"
+	    : > $output
+	    set x $save_libobjs
+	    shift
+	    firstobj=
+	    if test yes = "$compiler_needs_object"; then
+	      firstobj="$1 "
+	      shift
+	    fi
+	    for obj
+	    do
+	      func_to_tool_file "$obj"
+	      $ECHO "$func_to_tool_file_result" >> $output
+	    done
+	    func_append delfiles " $output"
+	    func_to_tool_file "$output"
+	    output=$firstobj\"$file_list_spec$func_to_tool_file_result\"
+	  else
+	    if test -n "$save_libobjs"; then
+	      func_verbose "creating reloadable object files..."
+	      output=$output_objdir/$output_la-$k.$objext
+	      eval test_cmds=\"$reload_cmds\"
+	      func_len " $test_cmds"
+	      len0=$func_len_result
+	      len=$len0
+
+	      # Loop over the list of objects to be linked.
+	      for obj in $save_libobjs
+	      do
+		func_len " $obj"
+		func_arith $len + $func_len_result
+		len=$func_arith_result
+		if test -z "$objlist" ||
+		   test "$len" -lt "$max_cmd_len"; then
+		  func_append objlist " $obj"
+		else
+		  # The command $test_cmds is almost too long, add a
+		  # command to the queue.
+		  if test 1 -eq "$k"; then
+		    # The first file doesn't have a previous command to add.
+		    reload_objs=$objlist
+		    eval concat_cmds=\"$reload_cmds\"
+		  else
+		    # All subsequent reloadable object files will link in
+		    # the last one created.
+		    reload_objs="$objlist $last_robj"
+		    eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\"
+		  fi
+		  last_robj=$output_objdir/$output_la-$k.$objext
+		  func_arith $k + 1
+		  k=$func_arith_result
+		  output=$output_objdir/$output_la-$k.$objext
+		  objlist=" $obj"
+		  func_len " $last_robj"
+		  func_arith $len0 + $func_len_result
+		  len=$func_arith_result
+		fi
+	      done
+	      # Handle the remaining objects by creating one last
+	      # reloadable object file.  All subsequent reloadable object
+	      # files will link in the last one created.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      reload_objs="$objlist $last_robj"
+	      eval concat_cmds=\"\$concat_cmds$reload_cmds\"
+	      if test -n "$last_robj"; then
+	        eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+	      fi
+	      func_append delfiles " $output"
+
+	    else
+	      output=
+	    fi
+
+	    ${skipped_export-false} && {
+	      func_verbose "generating symbol list for '$libname.la'"
+	      export_symbols=$output_objdir/$libname.exp
+	      $opt_dry_run || $RM $export_symbols
+	      libobjs=$output
+	      # Append the command to create the export file.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+	      if test -n "$last_robj"; then
+		eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+	      fi
+	    }
+
+	    test -n "$save_libobjs" &&
+	      func_verbose "creating a temporary reloadable object file: $output"
+
+	    # Loop through the commands generated above and execute them.
+	    save_ifs=$IFS; IFS='~'
+	    for cmd in $concat_cmds; do
+	      IFS=$save_ifs
+	      $opt_quiet || {
+		  func_quote_for_expand "$cmd"
+		  eval "func_echo $func_quote_for_expand_result"
+	      }
+	      $opt_dry_run || eval "$cmd" || {
+		lt_exit=$?
+
+		# Restore the uninstalled library and exit
+		if test relink = "$opt_mode"; then
+		  ( cd "$output_objdir" && \
+		    $RM "${realname}T" && \
+		    $MV "${realname}U" "$realname" )
+		fi
+
+		exit $lt_exit
+	      }
+	    done
+	    IFS=$save_ifs
+
+	    if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+
+          ${skipped_export-false} && {
+	    if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	      tmp_export_symbols=$export_symbols
+	      test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols
+	      $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"'
+	    fi
+
+	    if test -n "$orig_export_symbols"; then
+	      # The given exports_symbols file has to be filtered, so filter it.
+	      func_verbose "filter symbol list for '$libname.la' to tag DATA exports"
+	      # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	      # 's' commands, which not all seds can handle. GNU sed should be fine
+	      # though. Also, the filter scales superlinearly with the number of
+	      # global variables. join(1) would be nice here, but unfortunately
+	      # isn't a blessed tool.
+	      $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	      func_append delfiles " $export_symbols $output_objdir/$libname.filter"
+	      export_symbols=$output_objdir/$libname.def
+	      $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	    fi
+	  }
+
+	  libobjs=$output
+	  # Restore the value of output.
+	  output=$save_output
+
+	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	  # Expand the library linking commands again to reset the
+	  # value of $libobjs for piecewise linking.
+
+	  # Do each of the archive commands.
+	  if test yes = "$module" && test -n "$module_cmds"; then
+	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	      cmds=$module_expsym_cmds
+	    else
+	      cmds=$module_cmds
+	    fi
+	  else
+	    if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	      cmds=$archive_expsym_cmds
+	    else
+	      cmds=$archive_cmds
+	    fi
+	  fi
+	fi
+
+	if test -n "$delfiles"; then
+	  # Append the command to remove temporary files to $cmds.
+	  eval cmds=\"\$cmds~\$RM $delfiles\"
+	fi
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop=$output_objdir/${outputname}x
+	  func_append generated " $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  func_append libobjs " $func_extract_archives_result"
+	  test "X$libobjs" = "X " && libobjs=
+	fi
+
+	save_ifs=$IFS; IFS='~'
+	for cmd in $cmds; do
+	  IFS=$sp$nl
+	  eval cmd=\"$cmd\"
+	  IFS=$save_ifs
+	  $opt_quiet || {
+	    func_quote_for_expand "$cmd"
+	    eval "func_echo $func_quote_for_expand_result"
+	  }
+	  $opt_dry_run || eval "$cmd" || {
+	    lt_exit=$?
+
+	    # Restore the uninstalled library and exit
+	    if test relink = "$opt_mode"; then
+	      ( cd "$output_objdir" && \
+	        $RM "${realname}T" && \
+		$MV "${realname}U" "$realname" )
+	    fi
+
+	    exit $lt_exit
+	  }
+	done
+	IFS=$save_ifs
+
+	# Restore the uninstalled library and exit
+	if test relink = "$opt_mode"; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+	  if test -n "$convenience"; then
+	    if test -z "$whole_archive_flag_spec"; then
+	      func_show_eval '${RM}r "$gentop"'
+	    fi
+	  fi
+
+	  exit $EXIT_SUCCESS
+	fi
+
+	# Create links to the real library.
+	for linkname in $linknames; do
+	  if test "$realname" != "$linkname"; then
+	    func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+	  fi
+	done
+
+	# If -module or -export-dynamic was specified, set the dlname.
+	if test yes = "$module" || test yes = "$export_dynamic"; then
+	  # On all known operating systems, these are identical.
+	  dlname=$soname
+	fi
+      fi
+      ;;
+
+    obj)
+      if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then
+	func_warning "'-dlopen' is ignored for objects"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "'-l' and '-L' are ignored for objects" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "'-rpath' is ignored for objects"
+
+      test -n "$xrpath" && \
+	func_warning "'-R' is ignored for objects"
+
+      test -n "$vinfo" && \
+	func_warning "'-version-info' is ignored for objects"
+
+      test -n "$release" && \
+	func_warning "'-release' is ignored for objects"
+
+      case $output in
+      *.lo)
+	test -n "$objs$old_deplibs" && \
+	  func_fatal_error "cannot build library object '$output' from non-libtool objects"
+
+	libobj=$output
+	func_lo2o "$libobj"
+	obj=$func_lo2o_result
+	;;
+      *)
+	libobj=
+	obj=$output
+	;;
+      esac
+
+      # Delete the old objects.
+      $opt_dry_run || $RM $obj $libobj
+
+      # Objects from convenience libraries.  This assumes
+      # single-version convenience libraries.  Whenever we create
+      # different ones for PIC/non-PIC, this we'll have to duplicate
+      # the extraction.
+      reload_conv_objs=
+      gentop=
+      # if reload_cmds runs $LD directly, get rid of -Wl from
+      # whole_archive_flag_spec and hope we can get by with turning comma
+      # into space.
+      case $reload_cmds in
+        *\$LD[\ \$]*) wl= ;;
+      esac
+      if test -n "$convenience"; then
+	if test -n "$whole_archive_flag_spec"; then
+	  eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+	  test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'`
+	  reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags
+	else
+	  gentop=$output_objdir/${obj}x
+	  func_append generated " $gentop"
+
+	  func_extract_archives $gentop $convenience
+	  reload_conv_objs="$reload_objs $func_extract_archives_result"
+	fi
+      fi
+
+      # If we're not building shared, we need to use non_pic_objs
+      test yes = "$build_libtool_libs" || libobjs=$non_pic_objects
+
+      # Create the old-style object.
+      reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs
+
+      output=$obj
+      func_execute_cmds "$reload_cmds" 'exit $?'
+
+      # Exit if we aren't doing a library object file.
+      if test -z "$libobj"; then
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	exit $EXIT_SUCCESS
+      fi
+
+      test yes = "$build_libtool_libs" || {
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	# Create an invalid libtool object if no PIC, so that we don't
+	# accidentally link it into a program.
+	# $show "echo timestamp > $libobj"
+	# $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+	exit $EXIT_SUCCESS
+      }
+
+      if test -n "$pic_flag" || test default != "$pic_mode"; then
+	# Only do commands if we really have different PIC objects.
+	reload_objs="$libobjs $reload_conv_objs"
+	output=$libobj
+	func_execute_cmds "$reload_cmds" 'exit $?'
+      fi
+
+      if test -n "$gentop"; then
+	func_show_eval '${RM}r "$gentop"'
+      fi
+
+      exit $EXIT_SUCCESS
+      ;;
+
+    prog)
+      case $host in
+	*cygwin*) func_stripname '' '.exe' "$output"
+	          output=$func_stripname_result.exe;;
+      esac
+      test -n "$vinfo" && \
+	func_warning "'-version-info' is ignored for programs"
+
+      test -n "$release" && \
+	func_warning "'-release' is ignored for programs"
+
+      $preload \
+	&& test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \
+	&& func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+      case $host in
+      *-*-rhapsody* | *-*-darwin1.[012])
+	# On Rhapsody replace the C library is the System framework
+	compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'`
+	finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'`
+	;;
+      esac
+
+      case $host in
+      *-*-darwin*)
+	# Don't allow lazy linking, it breaks C++ global constructors
+	# But is supposedly fixed on 10.4 or later (yay!).
+	if test CXX = "$tagname"; then
+	  case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+	    10.[0123])
+	      func_append compile_command " $wl-bind_at_load"
+	      func_append finalize_command " $wl-bind_at_load"
+	    ;;
+	  esac
+	fi
+	# Time to change all our "foo.ltframework" stuff back to "-framework foo"
+	compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'`
+	;;
+      esac
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $compile_deplibs " in
+	  *" -L$path/$objdir "*)
+	    func_append new_libs " -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $compile_deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) func_append new_libs " $deplib" ;;
+	  esac
+	  ;;
+	*) func_append new_libs " $deplib" ;;
+	esac
+      done
+      compile_deplibs=$new_libs
+
+
+      func_append compile_command " $compile_deplibs"
+      func_append finalize_command " $finalize_deplibs"
+
+      if test -n "$rpath$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	for libdir in $rpath $xrpath; do
+	  # This is the magic to use -rpath.
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) func_append finalize_rpath " $libdir" ;;
+	  esac
+	done
+      fi
+
+      # Now hardcode the library paths
+      rpath=
+      hardcode_libdirs=
+      for libdir in $compile_rpath $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs=$libdir
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    func_append rpath " $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) func_append perm_rpath " $libdir" ;;
+	  esac
+	fi
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$libdir:"*) ;;
+	  ::) dllsearchpath=$libdir;;
+	  *) func_append dllsearchpath ":$libdir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) func_append dllsearchpath ":$testbindir";;
+	  esac
+	  ;;
+	esac
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir=$hardcode_libdirs
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      compile_rpath=$rpath
+
+      rpath=
+      hardcode_libdirs=
+      for libdir in $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs=$libdir
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		func_append hardcode_libdirs "$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    func_append rpath " $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$finalize_perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) func_append finalize_perm_rpath " $libdir" ;;
+	  esac
+	fi
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir=$hardcode_libdirs
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      finalize_rpath=$rpath
+
+      if test -n "$libobjs" && test yes = "$build_old_libs"; then
+	# Transform all the library objects into standard objects.
+	compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
+	finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP`
+      fi
+
+      func_generate_dlsyms "$outputname" "@PROGRAM@" false
+
+      # template prelinking step
+      if test -n "$prelink_cmds"; then
+	func_execute_cmds "$prelink_cmds" 'exit $?'
+      fi
+
+      wrappers_required=:
+      case $host in
+      *cegcc* | *mingw32ce*)
+        # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway.
+        wrappers_required=false
+        ;;
+      *cygwin* | *mingw* )
+        test yes = "$build_libtool_libs" || wrappers_required=false
+        ;;
+      *)
+        if test no = "$need_relink" || test yes != "$build_libtool_libs"; then
+          wrappers_required=false
+        fi
+        ;;
+      esac
+      $wrappers_required || {
+	# Replace the output file specification.
+	compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
+	link_command=$compile_command$compile_rpath
+
+	# We have no uninstalled library dependencies, so finalize right now.
+	exit_status=0
+	func_show_eval "$link_command" 'exit_status=$?'
+
+	if test -n "$postlink_cmds"; then
+	  func_to_tool_file "$output"
+	  postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+	  func_execute_cmds "$postlink_cmds" 'exit $?'
+	fi
+
+	# Delete the generated files.
+	if test -f "$output_objdir/${outputname}S.$objext"; then
+	  func_show_eval '$RM "$output_objdir/${outputname}S.$objext"'
+	fi
+
+	exit $exit_status
+      }
+
+      if test -n "$compile_shlibpath$finalize_shlibpath"; then
+	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+      fi
+      if test -n "$finalize_shlibpath"; then
+	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+      fi
+
+      compile_var=
+      finalize_var=
+      if test -n "$runpath_var"; then
+	if test -n "$perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $perm_rpath; do
+	    func_append rpath "$dir:"
+	  done
+	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+	if test -n "$finalize_perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $finalize_perm_rpath; do
+	    func_append rpath "$dir:"
+	  done
+	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+      fi
+
+      if test yes = "$no_install"; then
+	# We don't need to create a wrapper script.
+	link_command=$compile_var$compile_command$compile_rpath
+	# Replace the output file specification.
+	link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'`
+	# Delete the old output file.
+	$opt_dry_run || $RM $output
+	# Link the executable and exit
+	func_show_eval "$link_command" 'exit $?'
+
+	if test -n "$postlink_cmds"; then
+	  func_to_tool_file "$output"
+	  postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+	  func_execute_cmds "$postlink_cmds" 'exit $?'
+	fi
+
+	exit $EXIT_SUCCESS
+      fi
+
+      case $hardcode_action,$fast_install in
+        relink,*)
+	  # Fast installation is not supported
+	  link_command=$compile_var$compile_command$compile_rpath
+	  relink_command=$finalize_var$finalize_command$finalize_rpath
+
+	  func_warning "this platform does not like uninstalled shared libraries"
+	  func_warning "'$output' will be relinked during installation"
+	  ;;
+        *,yes)
+	  link_command=$finalize_var$compile_command$finalize_rpath
+	  relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'`
+          ;;
+	*,no)
+	  link_command=$compile_var$compile_command$compile_rpath
+	  relink_command=$finalize_var$finalize_command$finalize_rpath
+          ;;
+	*,needless)
+	  link_command=$finalize_var$compile_command$finalize_rpath
+	  relink_command=
+          ;;
+      esac
+
+      # Replace the output file specification.
+      link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+      # Delete the old output files.
+      $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+      func_show_eval "$link_command" 'exit $?'
+
+      if test -n "$postlink_cmds"; then
+	func_to_tool_file "$output_objdir/$outputname"
+	postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'`
+	func_execute_cmds "$postlink_cmds" 'exit $?'
+      fi
+
+      # Now create the wrapper script.
+      func_verbose "creating $output"
+
+      # Quote the relink command for shipping.
+      if test -n "$relink_command"; then
+	# Preserve any variables that may affect compiler behavior
+	for var in $variables_saved_for_relink; do
+	  if eval test -z \"\${$var+set}\"; then
+	    relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	  elif eval var_value=\$$var; test -z "$var_value"; then
+	    relink_command="$var=; export $var; $relink_command"
+	  else
+	    func_quote_for_eval "$var_value"
+	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  fi
+	done
+	relink_command="(cd `pwd`; $relink_command)"
+	relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      fi
+
+      # Only actually do things if not in dry run mode.
+      $opt_dry_run || {
+	# win32 will think the script is a binary if it has
+	# a .exe suffix, so we strip it off here.
+	case $output in
+	  *.exe) func_stripname '' '.exe' "$output"
+	         output=$func_stripname_result ;;
+	esac
+	# test for cygwin because mv fails w/o .exe extensions
+	case $host in
+	  *cygwin*)
+	    exeext=.exe
+	    func_stripname '' '.exe' "$outputname"
+	    outputname=$func_stripname_result ;;
+	  *) exeext= ;;
+	esac
+	case $host in
+	  *cygwin* | *mingw* )
+	    func_dirname_and_basename "$output" "" "."
+	    output_name=$func_basename_result
+	    output_path=$func_dirname_result
+	    cwrappersource=$output_path/$objdir/lt-$output_name.c
+	    cwrapper=$output_path/$output_name.exe
+	    $RM $cwrappersource $cwrapper
+	    trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_cwrapperexe_src > $cwrappersource
+
+	    # The wrapper executable is built using the $host compiler,
+	    # because it contains $host paths and files. If cross-
+	    # compiling, it, like the target executable, must be
+	    # executed on the $host or under an emulation environment.
+	    $opt_dry_run || {
+	      $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+	      $STRIP $cwrapper
+	    }
+
+	    # Now, create the wrapper script for func_source use:
+	    func_ltwrapper_scriptname $cwrapper
+	    $RM $func_ltwrapper_scriptname_result
+	    trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+	    $opt_dry_run || {
+	      # note: this script will not be executed, so do not chmod.
+	      if test "x$build" = "x$host"; then
+		$cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+	      else
+		func_emit_wrapper no > $func_ltwrapper_scriptname_result
+	      fi
+	    }
+	  ;;
+	  * )
+	    $RM $output
+	    trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_wrapper no > $output
+	    chmod +x $output
+	  ;;
+	esac
+      }
+      exit $EXIT_SUCCESS
+      ;;
+    esac
+
+    # See if we need to build an old-fashioned archive.
+    for oldlib in $oldlibs; do
+
+      case $build_libtool_libs in
+        convenience)
+	  oldobjs="$libobjs_save $symfileobj"
+	  addlibs=$convenience
+	  build_libtool_libs=no
+	  ;;
+	module)
+	  oldobjs=$libobjs_save
+	  addlibs=$old_convenience
+	  build_libtool_libs=no
+          ;;
+	*)
+	  oldobjs="$old_deplibs $non_pic_objects"
+	  $preload && test -f "$symfileobj" \
+	    && func_append oldobjs " $symfileobj"
+	  addlibs=$old_convenience
+	  ;;
+      esac
+
+      if test -n "$addlibs"; then
+	gentop=$output_objdir/${outputname}x
+	func_append generated " $gentop"
+
+	func_extract_archives $gentop $addlibs
+	func_append oldobjs " $func_extract_archives_result"
+      fi
+
+      # Do each command in the archive commands.
+      if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then
+	cmds=$old_archive_from_new_cmds
+      else
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop=$output_objdir/${outputname}x
+	  func_append generated " $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  func_append oldobjs " $func_extract_archives_result"
+	fi
+
+	# POSIX demands no paths to be encoded in archives.  We have
+	# to avoid creating archives with duplicate basenames if we
+	# might have to extract them afterwards, e.g., when creating a
+	# static archive out of a convenience library, or when linking
+	# the entirety of a libtool archive into another (currently
+	# not supported by libtool).
+	if (for obj in $oldobjs
+	    do
+	      func_basename "$obj"
+	      $ECHO "$func_basename_result"
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	  :
+	else
+	  echo "copying selected object files to avoid basename conflicts..."
+	  gentop=$output_objdir/${outputname}x
+	  func_append generated " $gentop"
+	  func_mkdir_p "$gentop"
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  counter=1
+	  for obj in $save_oldobjs
+	  do
+	    func_basename "$obj"
+	    objbase=$func_basename_result
+	    case " $oldobjs " in
+	    " ") oldobjs=$obj ;;
+	    *[\ /]"$objbase "*)
+	      while :; do
+		# Make sure we don't pick an alternate name that also
+		# overlaps.
+		newobj=lt$counter-$objbase
+		func_arith $counter + 1
+		counter=$func_arith_result
+		case " $oldobjs " in
+		*[\ /]"$newobj "*) ;;
+		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
+		esac
+	      done
+	      func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+	      func_append oldobjs " $gentop/$newobj"
+	      ;;
+	    *) func_append oldobjs " $obj" ;;
+	    esac
+	  done
+	fi
+	func_to_tool_file "$oldlib" func_convert_file_msys_to_w32
+	tool_oldlib=$func_to_tool_file_result
+	eval cmds=\"$old_archive_cmds\"
+
+	func_len " $cmds"
+	len=$func_len_result
+	if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  cmds=$old_archive_cmds
+	elif test -n "$archiver_list_spec"; then
+	  func_verbose "using command file archive linking..."
+	  for obj in $oldobjs
+	  do
+	    func_to_tool_file "$obj"
+	    $ECHO "$func_to_tool_file_result"
+	  done > $output_objdir/$libname.libcmd
+	  func_to_tool_file "$output_objdir/$libname.libcmd"
+	  oldobjs=" $archiver_list_spec$func_to_tool_file_result"
+	  cmds=$old_archive_cmds
+	else
+	  # the command line is too long to link in one step, link in parts
+	  func_verbose "using piecewise archive linking..."
+	  save_RANLIB=$RANLIB
+	  RANLIB=:
+	  objlist=
+	  concat_cmds=
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  # Is there a better way of finding the last object in the list?
+	  for obj in $save_oldobjs
+	  do
+	    last_oldobj=$obj
+	  done
+	  eval test_cmds=\"$old_archive_cmds\"
+	  func_len " $test_cmds"
+	  len0=$func_len_result
+	  len=$len0
+	  for obj in $save_oldobjs
+	  do
+	    func_len " $obj"
+	    func_arith $len + $func_len_result
+	    len=$func_arith_result
+	    func_append objlist " $obj"
+	    if test "$len" -lt "$max_cmd_len"; then
+	      :
+	    else
+	      # the above command should be used before it gets too long
+	      oldobjs=$objlist
+	      if test "$obj" = "$last_oldobj"; then
+		RANLIB=$save_RANLIB
+	      fi
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\$concat_cmds$old_archive_cmds\"
+	      objlist=
+	      len=$len0
+	    fi
+	  done
+	  RANLIB=$save_RANLIB
+	  oldobjs=$objlist
+	  if test -z "$oldobjs"; then
+	    eval cmds=\"\$concat_cmds\"
+	  else
+	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+	  fi
+	fi
+      fi
+      func_execute_cmds "$cmds" 'exit $?'
+    done
+
+    test -n "$generated" && \
+      func_show_eval "${RM}r$generated"
+
+    # Now create the libtool archive.
+    case $output in
+    *.la)
+      old_library=
+      test yes = "$build_old_libs" && old_library=$libname.$libext
+      func_verbose "creating $output"
+
+      # Preserve any variables that may affect compiler behavior
+      for var in $variables_saved_for_relink; do
+	if eval test -z \"\${$var+set}\"; then
+	  relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	elif eval var_value=\$$var; test -z "$var_value"; then
+	  relink_command="$var=; export $var; $relink_command"
+	else
+	  func_quote_for_eval "$var_value"
+	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	fi
+      done
+      # Quote the link command for shipping.
+      relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"`
+      if test yes = "$hardcode_automatic"; then
+	relink_command=
+      fi
+
+      # Only create the output if not a dry run.
+      $opt_dry_run || {
+	for installed in no yes; do
+	  if test yes = "$installed"; then
+	    if test -z "$install_libdir"; then
+	      break
+	    fi
+	    output=$output_objdir/${outputname}i
+	    # Replace all uninstalled libtool libraries with the installed ones
+	    newdependency_libs=
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      *.la)
+		func_basename "$deplib"
+		name=$func_basename_result
+		func_resolve_sysroot "$deplib"
+		eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result`
+		test -z "$libdir" && \
+		  func_fatal_error "'$deplib' is not a valid libtool archive"
+		func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name"
+		;;
+	      -L*)
+		func_stripname -L '' "$deplib"
+		func_replace_sysroot "$func_stripname_result"
+		func_append newdependency_libs " -L$func_replace_sysroot_result"
+		;;
+	      -R*)
+		func_stripname -R '' "$deplib"
+		func_replace_sysroot "$func_stripname_result"
+		func_append newdependency_libs " -R$func_replace_sysroot_result"
+		;;
+	      *) func_append newdependency_libs " $deplib" ;;
+	      esac
+	    done
+	    dependency_libs=$newdependency_libs
+	    newdlfiles=
+
+	    for lib in $dlfiles; do
+	      case $lib in
+	      *.la)
+	        func_basename "$lib"
+		name=$func_basename_result
+		eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "'$lib' is not a valid libtool archive"
+		func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name"
+		;;
+	      *) func_append newdlfiles " $lib" ;;
+	      esac
+	    done
+	    dlfiles=$newdlfiles
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+	      *.la)
+		# Only pass preopened files to the pseudo-archive (for
+		# eventual linking with the app. that links it) if we
+		# didn't already link the preopened objects directly into
+		# the library:
+		func_basename "$lib"
+		name=$func_basename_result
+		eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "'$lib' is not a valid libtool archive"
+		func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name"
+		;;
+	      esac
+	    done
+	    dlprefiles=$newdlprefiles
+	  else
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      func_append newdlfiles " $abs"
+	    done
+	    dlfiles=$newdlfiles
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      func_append newdlprefiles " $abs"
+	    done
+	    dlprefiles=$newdlprefiles
+	  fi
+	  $RM $output
+	  # place dlname in correct position for cygwin
+	  # In fact, it would be nice if we could use this code for all target
+	  # systems that can't hard-code library paths into their executables
+	  # and that have no shared library path variable independent of PATH,
+	  # but it turns out we can't easily determine that from inspecting
+	  # libtool variables, so we have to hard-code the OSs to which it
+	  # applies here; at the moment, that means platforms that use the PE
+	  # object format with DLL files.  See the long comment at the top of
+	  # tests/bindir.at for full details.
+	  tdlname=$dlname
+	  case $host,$output,$installed,$module,$dlname in
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll)
+	      # If a -bindir argument was supplied, place the dll there.
+	      if test -n "$bindir"; then
+		func_relative_path "$install_libdir" "$bindir"
+		tdlname=$func_relative_path_result/$dlname
+	      else
+		# Otherwise fall back on heuristic.
+		tdlname=../bin/$dlname
+	      fi
+	      ;;
+	  esac
+	  $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that cannot go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+	  if test no,yes = "$installed,$need_relink"; then
+	    $ECHO >> $output "\
+relink_command=\"$relink_command\""
+	  fi
+	done
+      }
+
+      # Do a symbolic link so that the libtool archive can be found in
+      # LD_LIBRARY_PATH before the program is installed.
+      func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+      ;;
+    esac
+    exit $EXIT_SUCCESS
+}
+
+if test link = "$opt_mode" || test relink = "$opt_mode"; then
+  func_mode_link ${1+"$@"}
+fi
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+    $debug_cmd
+
+    RM=$nonopt
+    files=
+    rmforce=false
+    exit_status=0
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic=$magic
+
+    for arg
+    do
+      case $arg in
+      -f) func_append RM " $arg"; rmforce=: ;;
+      -*) func_append RM " $arg" ;;
+      *) func_append files " $arg" ;;
+      esac
+    done
+
+    test -z "$RM" && \
+      func_fatal_help "you must specify an RM program"
+
+    rmdirs=
+
+    for file in $files; do
+      func_dirname "$file" "" "."
+      dir=$func_dirname_result
+      if test . = "$dir"; then
+	odir=$objdir
+      else
+	odir=$dir/$objdir
+      fi
+      func_basename "$file"
+      name=$func_basename_result
+      test uninstall = "$opt_mode" && odir=$dir
+
+      # Remember odir for removal later, being careful to avoid duplicates
+      if test clean = "$opt_mode"; then
+	case " $rmdirs " in
+	  *" $odir "*) ;;
+	  *) func_append rmdirs " $odir" ;;
+	esac
+      fi
+
+      # Don't error if the file doesn't exist and rm -f was used.
+      if { test -L "$file"; } >/dev/null 2>&1 ||
+	 { test -h "$file"; } >/dev/null 2>&1 ||
+	 test -f "$file"; then
+	:
+      elif test -d "$file"; then
+	exit_status=1
+	continue
+      elif $rmforce; then
+	continue
+      fi
+
+      rmfiles=$file
+
+      case $name in
+      *.la)
+	# Possibly a libtool archive, so verify it.
+	if func_lalib_p "$file"; then
+	  func_source $dir/$name
+
+	  # Delete the libtool libraries and symlinks.
+	  for n in $library_names; do
+	    func_append rmfiles " $odir/$n"
+	  done
+	  test -n "$old_library" && func_append rmfiles " $odir/$old_library"
+
+	  case $opt_mode in
+	  clean)
+	    case " $library_names " in
+	    *" $dlname "*) ;;
+	    *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;;
+	    esac
+	    test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i"
+	    ;;
+	  uninstall)
+	    if test -n "$library_names"; then
+	      # Do each command in the postuninstall commands.
+	      func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1'
+	    fi
+
+	    if test -n "$old_library"; then
+	      # Do each command in the old_postuninstall commands.
+	      func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1'
+	    fi
+	    # FIXME: should reinstall the best remaining shared library.
+	    ;;
+	  esac
+	fi
+	;;
+
+      *.lo)
+	# Possibly a libtool object, so verify it.
+	if func_lalib_p "$file"; then
+
+	  # Read the .lo file
+	  func_source $dir/$name
+
+	  # Add PIC object to the list of files to remove.
+	  if test -n "$pic_object" && test none != "$pic_object"; then
+	    func_append rmfiles " $dir/$pic_object"
+	  fi
+
+	  # Add non-PIC object to the list of files to remove.
+	  if test -n "$non_pic_object" && test none != "$non_pic_object"; then
+	    func_append rmfiles " $dir/$non_pic_object"
+	  fi
+	fi
+	;;
+
+      *)
+	if test clean = "$opt_mode"; then
+	  noexename=$name
+	  case $file in
+	  *.exe)
+	    func_stripname '' '.exe' "$file"
+	    file=$func_stripname_result
+	    func_stripname '' '.exe' "$name"
+	    noexename=$func_stripname_result
+	    # $file with .exe has already been added to rmfiles,
+	    # add $file without .exe
+	    func_append rmfiles " $file"
+	    ;;
+	  esac
+	  # Do a test to see if this is a libtool program.
+	  if func_ltwrapper_p "$file"; then
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      relink_command=
+	      func_source $func_ltwrapper_scriptname_result
+	      func_append rmfiles " $func_ltwrapper_scriptname_result"
+	    else
+	      relink_command=
+	      func_source $dir/$noexename
+	    fi
+
+	    # note $name still contains .exe if it was in $file originally
+	    # as does the version of $file that was added into $rmfiles
+	    func_append rmfiles " $odir/$name $odir/${name}S.$objext"
+	    if test yes = "$fast_install" && test -n "$relink_command"; then
+	      func_append rmfiles " $odir/lt-$name"
+	    fi
+	    if test "X$noexename" != "X$name"; then
+	      func_append rmfiles " $odir/lt-$noexename.c"
+	    fi
+	  fi
+	fi
+	;;
+      esac
+      func_show_eval "$RM $rmfiles" 'exit_status=1'
+    done
+
+    # Try to remove the $objdir's in the directories where we deleted files
+    for dir in $rmdirs; do
+      if test -d "$dir"; then
+	func_show_eval "rmdir $dir >/dev/null 2>&1"
+      fi
+    done
+
+    exit $exit_status
+}
+
+if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then
+  func_mode_uninstall ${1+"$@"}
+fi
+
+test -z "$opt_mode" && {
+  help=$generic_help
+  func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+  func_fatal_help "invalid operation mode '$opt_mode'"
+
+if test -n "$exec_cmd"; then
+  eval exec "$exec_cmd"
+  exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# where we disable both kinds of libraries.  Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them.  This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration.  But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
diff --git a/contrib/ldapc++/missing b/contrib/ldapc++/missing
new file mode 100755
index 0000000..f62bbae
--- /dev/null
+++ b/contrib/ldapc++/missing
@@ -0,0 +1,215 @@
+#! /bin/sh
+# Common wrapper for a few potentially missing GNU programs.
+
+scriptversion=2013-10-28.13; # UTC
+
+# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try '$0 --help' for more information"
+  exit 1
+fi
+
+case $1 in
+
+  --is-lightweight)
+    # Used by our autoconf macros to check whether the available missing
+    # script is modern enough.
+    exit 0
+    ;;
+
+  --run)
+    # Back-compat with the calling convention used by older automake.
+    shift
+    ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
+to PROGRAM being missing or too old.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+
+Supported PROGRAM values:
+  aclocal   autoconf  autoheader   autom4te  automake  makeinfo
+  bison     yacc      flex         lex       help2man
+
+Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
+'g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: unknown '$1' option"
+    echo 1>&2 "Try '$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# Run the given program, remember its exit status.
+"$@"; st=$?
+
+# If it succeeded, we are done.
+test $st -eq 0 && exit 0
+
+# Also exit now if we it failed (or wasn't found), and '--version' was
+# passed; such an option is passed most likely to detect whether the
+# program is present and works.
+case $2 in --version|--help) exit $st;; esac
+
+# Exit code 63 means version mismatch.  This often happens when the user
+# tries to use an ancient version of a tool on a file that requires a
+# minimum version.
+if test $st -eq 63; then
+  msg="probably too old"
+elif test $st -eq 127; then
+  # Program was missing.
+  msg="missing on your system"
+else
+  # Program was found and executed, but failed.  Give up.
+  exit $st
+fi
+
+perl_URL=http://www.perl.org/
+flex_URL=http://flex.sourceforge.net/
+gnu_software_URL=http://www.gnu.org/software
+
+program_details ()
+{
+  case $1 in
+    aclocal|automake)
+      echo "The '$1' program is part of the GNU Automake package:"
+      echo "<$gnu_software_URL/automake>"
+      echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/autoconf>"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+    autoconf|autom4te|autoheader)
+      echo "The '$1' program is part of the GNU Autoconf package:"
+      echo "<$gnu_software_URL/autoconf/>"
+      echo "It also requires GNU m4 and Perl in order to run:"
+      echo "<$gnu_software_URL/m4/>"
+      echo "<$perl_URL>"
+      ;;
+  esac
+}
+
+give_advice ()
+{
+  # Normalize program name to check for.
+  normalized_program=`echo "$1" | sed '
+    s/^gnu-//; t
+    s/^gnu//; t
+    s/^g//; t'`
+
+  printf '%s\n' "'$1' is $msg."
+
+  configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
+  case $normalized_program in
+    autoconf*)
+      echo "You should only need it if you modified 'configure.ac',"
+      echo "or m4 files included by it."
+      program_details 'autoconf'
+      ;;
+    autoheader*)
+      echo "You should only need it if you modified 'acconfig.h' or"
+      echo "$configure_deps."
+      program_details 'autoheader'
+      ;;
+    automake*)
+      echo "You should only need it if you modified 'Makefile.am' or"
+      echo "$configure_deps."
+      program_details 'automake'
+      ;;
+    aclocal*)
+      echo "You should only need it if you modified 'acinclude.m4' or"
+      echo "$configure_deps."
+      program_details 'aclocal'
+      ;;
+   autom4te*)
+      echo "You might have modified some maintainer files that require"
+      echo "the 'autom4te' program to be rebuilt."
+      program_details 'autom4te'
+      ;;
+    bison*|yacc*)
+      echo "You should only need it if you modified a '.y' file."
+      echo "You may want to install the GNU Bison package:"
+      echo "<$gnu_software_URL/bison/>"
+      ;;
+    lex*|flex*)
+      echo "You should only need it if you modified a '.l' file."
+      echo "You may want to install the Fast Lexical Analyzer package:"
+      echo "<$flex_URL>"
+      ;;
+    help2man*)
+      echo "You should only need it if you modified a dependency" \
+           "of a man page."
+      echo "You may want to install the GNU Help2man package:"
+      echo "<$gnu_software_URL/help2man/>"
+    ;;
+    makeinfo*)
+      echo "You should only need it if you modified a '.texi' file, or"
+      echo "any other file indirectly affecting the aspect of the manual."
+      echo "You might want to install the Texinfo package:"
+      echo "<$gnu_software_URL/texinfo/>"
+      echo "The spurious makeinfo call might also be the consequence of"
+      echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
+      echo "want to install GNU make:"
+      echo "<$gnu_software_URL/make/>"
+      ;;
+    *)
+      echo "You might have modified some files without having the proper"
+      echo "tools for further handling them.  Check the 'README' file, it"
+      echo "often tells you about the needed prerequisites for installing"
+      echo "this package.  You may also peek at any GNU archive site, in"
+      echo "case some other package contains this missing '$1' program."
+      ;;
+  esac
+}
+
+give_advice "$1" | sed -e '1s/^/WARNING: /' \
+                       -e '2,$s/^/         /' >&2
+
+# Propagate the correct exit status (expected to be 127 for a program
+# not found, 63 for a program that failed due to version mismatch).
+exit $st
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/contrib/ldapc++/src/LDAPAddRequest.cpp b/contrib/ldapc++/src/LDAPAddRequest.cpp
new file mode 100644
index 0000000..8ae0ea1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAddRequest.cpp
@@ -0,0 +1,79 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPAddRequest.h"
+#include "LDAPEntry.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPAddRequest::LDAPAddRequest(const LDAPAddRequest& req) :
+        LDAPRequest(req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAddRequest::LDAPAddRequest(&)" << endl);
+    m_entry=new LDAPEntry(*(req.m_entry));
+}
+
+LDAPAddRequest::LDAPAddRequest(const LDAPEntry* entry, 
+        LDAPAsynConnection *connect, const LDAPConstraints *cons,
+        bool isReferral, const LDAPRequest* parent) 
+        : LDAPRequest(connect, cons, isReferral,parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAddRequest::LDAPAddRequest()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, 
+            "   entry:" << entry << endl 
+            << "   isReferral:" << isReferral << endl);
+    m_requestType = LDAPRequest::ADD;
+    m_entry = new LDAPEntry(*entry);
+}
+
+LDAPAddRequest::~LDAPAddRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPAddRequest::~LDAPAddRequest()" << endl);
+    delete m_entry;
+}
+
+LDAPMessageQueue* LDAPAddRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAddRequest::sendRequest()" << endl);
+    int msgID=0;
+    const LDAPAttributeList* list=m_entry->getAttributes();
+    LDAPMod** attrs=list->toLDAPModArray();
+    LDAPControl** tmpSrvCtrls = m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls = m_cons->getClCtrlsArray();
+    int err=ldap_add_ext(m_connection->getSessionHandle(),
+            m_entry->getDN().c_str(),attrs,tmpSrvCtrls,tmpClCtrls,&msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    ldap_mods_free(attrs,1);
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPAddRequest::followReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAddRequest::followReferral()"<< endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+    LDAPAsynConnection* con = 0;
+    try {
+        con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    } catch(LDAPException e){
+        delete con;
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPAddRequest(m_entry, con, m_cons,true,this);
+    }
+    return 0;
+}
+
diff --git a/contrib/ldapc++/src/LDAPAddRequest.h b/contrib/ldapc++/src/LDAPAddRequest.h
new file mode 100644
index 0000000..c74f7b3
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAddRequest.h
@@ -0,0 +1,30 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ADD_REQUEST_H
+#define  LDAP_ADD_REQUEST_H
+
+#include <LDAPRequest.h>
+#include <LDAPEntry.h>
+
+class LDAPMessageQueue;
+
+class LDAPAddRequest : LDAPRequest {
+    public:
+        LDAPAddRequest(const LDAPAddRequest& req);
+        LDAPAddRequest(const LDAPEntry* entry, 
+                LDAPAsynConnection *connect,
+                const LDAPConstraints *cons, bool isReferral=false, 
+                const LDAPRequest* parent=0);
+        virtual ~LDAPAddRequest();
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* refs);
+    private:
+        LDAPEntry* m_entry;
+
+};
+#endif // LDAP_ADD_REQUEST_H
+
diff --git a/contrib/ldapc++/src/LDAPAsynConnection.cpp b/contrib/ldapc++/src/LDAPAsynConnection.cpp
new file mode 100644
index 0000000..98fbd25
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAsynConnection.cpp
@@ -0,0 +1,366 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "config.h"
+#include "debug.h"
+#include "LDAPAsynConnection.h"
+
+#include "LDAPAddRequest.h"
+#include "LDAPBindRequest.h"
+#include "LDAPCompareRequest.h"
+#include "LDAPDeleteRequest.h"
+#include "LDAPExtRequest.h"
+#include "LDAPEntry.h"
+#include "LDAPModDNRequest.h"
+#include "LDAPModifyRequest.h"
+#include "LDAPRequest.h"
+#include "LDAPRebind.h"
+#include "LDAPRebindAuth.h"
+#include "LDAPSearchRequest.h"
+#include <lber.h>
+#include <sstream>
+
+using namespace std;
+
+LDAPAsynConnection::LDAPAsynConnection(const string& url, int port,
+                               LDAPConstraints *cons ){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPAsynConnection::LDAPAsynConnection()"
+            << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   URL:" << url << endl << "   port:" << port << endl);
+    cur_session=0;
+    m_constr = 0;
+    // Is this an LDAP URI?
+    if ( url.find("://") == std::string::npos ) {
+    	this->init(url, port);
+    } else {
+    	this->initialize(url);
+    }
+    this->setConstraints(cons);
+}
+
+LDAPAsynConnection::~LDAPAsynConnection(){
+	unbind();
+	delete m_constr;
+}
+
+void LDAPAsynConnection::init(const string& hostname, int port){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::init" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   hostname:" << hostname << endl
+            << "   port:" << port << endl);
+
+	unbind();
+
+    m_uri.setScheme("ldap");
+    m_uri.setHost(hostname);
+    m_uri.setPort(port);
+    
+    const char *ldapuri = m_uri.getURLString().c_str();
+    int ret = ldap_initialize(&cur_session, ldapuri);
+    if ( ret != LDAP_SUCCESS ) {
+        throw LDAPException( ret );
+    }
+    int opt=3;
+    ldap_set_option(cur_session, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+    ldap_set_option(cur_session, LDAP_OPT_PROTOCOL_VERSION, &opt);
+}
+
+void LDAPAsynConnection::initialize(const std::string& uri){
+	unbind();
+
+	m_uri.setURLString(uri);
+    int ret = ldap_initialize(&cur_session, m_uri.getURLString().c_str());
+    if ( ret != LDAP_SUCCESS ) {
+        throw LDAPException( ret );
+    }
+    int opt=3;
+    ldap_set_option(cur_session, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+    ldap_set_option(cur_session, LDAP_OPT_PROTOCOL_VERSION, &opt);
+}
+
+void LDAPAsynConnection::start_tls(){
+    int ret = ldap_start_tls_s( cur_session, NULL, NULL );
+    if( ret != LDAP_SUCCESS ) {
+        throw LDAPException(this);
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::bind(const string& dn,
+        const string& passwd, const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::bind()" <<  endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER, "   dn:" << dn << endl
+               << "   passwd:" << passwd << endl);
+    LDAPBindRequest *req = new LDAPBindRequest(dn,passwd,this,cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::saslBind(const std::string &mech,
+		const std::string &cred,
+		const LDAPConstraints *cons)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::saslBind()" <<  endl);
+    LDAPSaslBindRequest *req = new LDAPSaslBindRequest(mech, cred, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+
+}
+
+LDAPMessageQueue* LDAPAsynConnection::saslInteractiveBind(
+                        const std::string &mech,
+                        int flags,
+                        SaslInteractionHandler *sih,
+                        const LDAPConstraints *cons)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::saslInteractiveBind" 
+            << std::endl);
+    LDAPSaslInteractiveBind *req = 
+            new LDAPSaslInteractiveBind(mech, flags, sih, this, cons);
+    try {
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    } 
+}
+
+LDAPMessageQueue* LDAPAsynConnection::search(const string& base,int scope, 
+                                         const string& filter, 
+                                         const StringList& attrs, 
+                                         bool attrsOnly,
+                                         const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::search()" <<  endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER, "   base:" << base << endl
+               << "   scope:" << scope << endl
+               << "   filter:" << filter << endl );
+    LDAPSearchRequest *req = new LDAPSearchRequest(base, scope,filter, attrs, 
+            attrsOnly, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::del(const string& dn, 
+        const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::del()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   dn:" << dn << endl);
+    LDAPDeleteRequest *req = new LDAPDeleteRequest(dn, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::compare(const string& dn, 
+        const LDAPAttribute& attr, const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::compare()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   dn:" << dn << endl
+            << "   attr:" << attr << endl);
+    LDAPCompareRequest *req = new LDAPCompareRequest(dn, attr, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::add( const LDAPEntry* le, 
+        const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::add()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   entry:" << *le << endl);
+    LDAPAddRequest *req = new LDAPAddRequest(le, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::modify(const string& dn,
+        const LDAPModList *mod, const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::modify()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   dn:" << dn << endl);
+    LDAPModifyRequest *req = new LDAPModifyRequest(dn, mod, this, cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+LDAPMessageQueue* LDAPAsynConnection::rename(const string& dn, 
+        const string& newRDN, bool delOldRDN, const string& newParentDN,
+        const LDAPConstraints *cons ){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::rename()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   dn:" << dn << endl
+            << "   newRDN:" << newRDN << endl
+            << "   newParentDN:" << newParentDN << endl
+            << "   delOldRDN:" << delOldRDN << endl);
+    LDAPModDNRequest *req = new  LDAPModDNRequest(dn, newRDN, delOldRDN, 
+            newParentDN, this, cons );
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+
+LDAPMessageQueue* LDAPAsynConnection::extOperation(const string& oid, 
+        const string& value, const LDAPConstraints *cons ){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::extOperation()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   oid:" << oid << endl);
+    LDAPExtRequest *req = new  LDAPExtRequest(oid, value, this,cons);
+    try{
+        LDAPMessageQueue *ret = req->sendRequest();
+        return ret;
+    }catch(LDAPException e){
+        delete req;
+        throw;
+    }
+}
+
+
+void LDAPAsynConnection::abandon(LDAPMessageQueue *q){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::abandon()" << endl);
+    LDAPRequestStack *reqStack=q->getRequestStack();
+    LDAPRequest *req;
+    while(! reqStack->empty()){
+        req=reqStack->top();
+        if (ldap_abandon_ext(cur_session, req->getMsgID(), 0, 0) 
+                != LDAP_SUCCESS){
+            throw LDAPException(this);
+        }
+        delete req;
+        reqStack->pop();
+    }
+}
+
+void LDAPAsynConnection::unbind(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::unbind()" << endl);
+    if(cur_session){
+        LDAPControl** tmpSrvCtrls=m_constr->getSrvCtrlsArray();
+        LDAPControl** tmpClCtrls=m_constr->getClCtrlsArray();
+        int err=ldap_unbind_ext(cur_session, tmpSrvCtrls, tmpClCtrls);
+        cur_session=0;
+        LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+        LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+        if(err != LDAP_SUCCESS){
+            throw LDAPException(err);
+        }
+    }
+}
+
+void LDAPAsynConnection::setConstraints(LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setConstraints()" << endl);
+	delete m_constr;
+    m_constr=cons;
+}
+
+const LDAPConstraints* LDAPAsynConnection::getConstraints() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getConstraints()" << endl);
+    return m_constr;
+}
+ 
+TlsOptions LDAPAsynConnection::getTlsOptions() const {
+    return TlsOptions( cur_session );
+}
+
+LDAP* LDAPAsynConnection::getSessionHandle() const{ 
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getSessionHandle()" << endl);
+    return cur_session;
+}
+
+const string& LDAPAsynConnection::getHost() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::setHost()" << endl);
+    return m_uri.getHost();
+}
+
+int LDAPAsynConnection::getPort() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAsynConnection::getPort()" << endl);
+    return m_uri.getPort();
+}
+
+LDAPAsynConnection* LDAPAsynConnection::referralConnect(
+        const LDAPUrlList& urls, LDAPUrlList::const_iterator& usedUrl,
+        const LDAPConstraints* cons) const {
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAsynConnection::referralConnect()" << endl)
+    LDAPUrlList::const_iterator conUrl;
+    LDAPAsynConnection* tmpConn=0;
+    const LDAPRebind* rebind = cons->getReferralRebind();
+    LDAPRebindAuth* auth = 0;
+
+    for(conUrl=urls.begin(); conUrl!=urls.end(); conUrl++){
+        string host= conUrl->getHost();
+        int port= conUrl->getPort();
+        DEBUG(LDAP_DEBUG_TRACE,"   connecting to: " << host << ":" <<
+                port << endl);
+        //Set the new connection's constraints-object ?
+        tmpConn=new LDAPAsynConnection(host.c_str(),port);
+        int err=0;
+
+        if(rebind){ 
+            auth=rebind->getRebindAuth(host, port);
+        }
+        if(auth){
+            string dn = auth->getDN();
+            string passwd = auth->getPassword();
+            const char* c_dn=0;
+            struct berval c_passwd = { 0, 0 };
+            if(dn != ""){
+                c_dn = dn.c_str();
+            }
+            if(passwd != ""){
+                c_passwd.bv_val = const_cast<char*>(passwd.c_str());
+                c_passwd.bv_len = passwd.size();
+            }
+            err = ldap_sasl_bind_s(tmpConn->getSessionHandle(), c_dn,
+                    LDAP_SASL_SIMPLE, &c_passwd, NULL, NULL, NULL);
+        } else {   
+            // Do anonymous bind
+            err = ldap_sasl_bind_s(tmpConn->getSessionHandle(),NULL,
+                    LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL);
+        }
+        if( err == LDAP_SUCCESS ){
+            usedUrl=conUrl;
+            return tmpConn;
+        }else{
+            delete tmpConn;
+            tmpConn=0;
+        }
+        auth=0;
+    }
+    return 0;
+}
+
diff --git a/contrib/ldapc++/src/LDAPAsynConnection.h b/contrib/ldapc++/src/LDAPAsynConnection.h
new file mode 100644
index 0000000..ba2016e
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAsynConnection.h
@@ -0,0 +1,338 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ASYN_CONNECTION_H
+#define LDAP_ASYN_CONNECTION_H
+
+#include<iostream>
+#include<string>
+
+#include<ldap.h>
+
+#include <LDAPEntry.h>
+#include <LDAPException.h>
+#include <LDAPMessageQueue.h>
+#include <LDAPConstraints.h>
+#include <LDAPModification.h>
+#include <LDAPModList.h>
+#include <LDAPUrl.h>
+#include <LDAPUrlList.h>
+#include <SaslInteractionHandler.h>
+#include <TlsOptions.h>
+
+//* Main class for an asynchronous LDAP connection 
+/**
+ * This class represents an asynchronous connection to an LDAP-Server. It 
+ * provides the methods for authentication, and all other LDAP-Operations
+ * (e.g. search, add, delete, etc.)
+ * All of the LDAP-Operations return a pointer to a LDAPMessageQueue-Object,
+ * which can be used to obtain the results of that operation.
+ * A basic example of this class could be like this:  <BR>
+ * 1. Create a new LDAPAsynConnection Object: <BR>
+ * 2. Use the init-method to initialize the connection <BR>
+ * 3. Call the bind-method to authenticate to the directory <BR>
+ * 4. Obtain the bind results from the return LDAPMessageQueue-Object <BR>
+ * 5. Perform on of the operations on the directory (add, delete, search, ..)
+ *    <BR>
+ * 6. Use the return LDAPMessageQueue to obtain the results of the operation 
+ * <BR>
+ * 7. Close the connection (feature not implemented yet :) ) <BR>
+ */
+class LDAPAsynConnection{
+    public :
+        /** 
+         * Constant for the Search-Operation to indicate a Base-Level
+         * Search
+         */
+        static const int SEARCH_BASE=0;
+        
+        /** 
+         * Constant for the Search-Operation to indicate a One-Level
+         * Search
+         */
+        static const int SEARCH_ONE=1;
+        
+        /** 
+         * Constant for the Search-Operation to indicate a subtree 
+         * Search
+         */
+        static const int SEARCH_SUB=2;
+
+        /** Constructor that initializes a connection to a server
+         * @param hostname Name (or IP-Address) of the destination host
+         * @param port Port the LDAP server is running on
+         * @param cons Default constraints to use with operations over 
+         *      this connection
+         */
+        LDAPAsynConnection(const std::string& url=std::string("localhost"),
+                int port=0, LDAPConstraints *cons=new LDAPConstraints() );
+
+        //* Destructor
+        virtual ~LDAPAsynConnection();
+        /** 
+         * Initializes a connection to a server. 
+         * 
+         * There actually no
+         * communication to the server. Just the object is initialized
+         * (e.g. this method is called within the 
+         * LDAPAsynConnection(char*,int,LDAPConstraints) constructor.)
+         * @param hostname  The Name or IP-Address of the destination
+         *             LDAP-Server
+         * @param port      The Network Port the server is running on
+         */
+        void init(const std::string& hostname, int port);
+
+        /**
+         * Initializes a connection to a server. 
+         * 
+         * There actually no communication to the server. Just the
+         * object is initialized 
+         * @param uri  The LDAP-Uri for the destination
+         */ 
+        void initialize(const std::string& uri);
+
+        /**
+         * Start TLS on this connection.  This isn't in the constructor,
+         * because it could fail (i.e. server doesn't have SSL cert, client
+         * api wasn't compiled against OpenSSL, etc.). 
+         * @throws LDAPException if the TLS Layer could not be setup 
+         * correctly
+         */
+        void start_tls();
+
+        /** Simple authentication to a LDAP-Server
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * This method does a simple (username, password) bind to the server.
+         * Other, saver, authentcation methods are provided later
+         * @param dn the distinguished name to bind as
+         * @param passwd cleartext password to use
+         */
+        LDAPMessageQueue* bind(const std::string& dn="", 
+                const std::string& passwd="",
+                const LDAPConstraints *cons=0);
+
+        LDAPMessageQueue* saslBind(const std::string& mech, 
+                const std::string& cred, 
+                const LDAPConstraints *cons=0);
+
+        LDAPMessageQueue* saslInteractiveBind(const std::string& mech,
+                int flags=0,
+                SaslInteractionHandler *sih=0,
+                const LDAPConstraints *cons=0);
+
+        /** Performing a search on a directory tree.
+         *
+         * Use the search method to perform a search on the LDAP-Directory
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param base The distinguished name of the starting point for the
+         *      search operation
+         * @param scope The scope of the search. Possible values: <BR> 
+         *      LDAPAsynConnection::SEARCH_BASE, <BR> 
+         *      LDAPAsynConnection::SEARCH_ONE, <BR>
+         *      LDAPAsynConnection::SEARCH_SUB
+         * @param filter The std::string representation of a search filter to
+         *      use with this operation
+         * @param attrsOnly true if only the attributes names (no values) 
+         *      should be returned
+         * @param cons A set of constraints that should be used with this
+         *      request
+         */
+        LDAPMessageQueue* search(const std::string& base="", int scope=0, 
+                                 const std::string& filter="objectClass=*", 
+                                 const StringList& attrs=StringList(), 
+                                 bool attrsOnly=false,
+                                 const LDAPConstraints *cons=0);
+
+        /** Delete an entry from the directory
+         *
+         * This method sends a delete request to the server
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param dn    Distinguished name of the entry that should be deleted
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        LDAPMessageQueue* del(const std::string& dn, const LDAPConstraints *cons=0);
+
+        /** 
+         * Perform the COMPARE-operation on an attribute 
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param dn    Distinguished name of the entry for which the compare
+         *              should be performed
+         * @param attr  An Attribute (one (!) value) to use for the
+         *      compare operation
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        LDAPMessageQueue* compare(const std::string& dn, 
+                const LDAPAttribute& attr, 
+                const LDAPConstraints *cons=0);
+
+        /** Add an entry to the directory
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param le The entry that will be added to the directory
+         */
+        LDAPMessageQueue* add( const LDAPEntry* le,
+                const LDAPConstraints *const=0);
+
+        /** Apply modifications to attributes of an entry
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param dn Distinguished Name of the Entry to modify
+         * @param modlist A set of modification that should be applied
+         *      to the Entry
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        LDAPMessageQueue* modify(const std::string& dn, 
+                const LDAPModList *modlist,
+                const LDAPConstraints *cons=0);
+
+        /** modify the DN of an entry
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param dn            DN to modify
+         * @param newRDN        The new relative DN for the entry
+         * @param delOldRDN     true=The old RDN will be removed from the 
+         *                      attributes <BR>
+         *                      false=The old RDN will still be present in the
+         *                      attributes of the entry
+         * @param newParentDN   The DN of the new parent entry of the entry
+         *                      0 to keep the old one
+         */
+        LDAPMessageQueue* rename(const std::string& dn, 
+                const std::string& newRDN,
+                bool delOldRDN=false, const std::string& newParentDN="",
+                const LDAPConstraints* cons=0);
+
+        /** Perform a LDAP extended Operation
+         *
+         * @throws LDAPException If the Request could not be sent to the
+         *      destination server, a LDAPException-object contains the
+         *      error that occurred.
+         * @param oid The dotted decimal representation of the extended 
+         *      Operation that should be performed
+         * @param value The data associated with this operation
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        LDAPMessageQueue* extOperation(const std::string& oid, 
+                const std::string& value="", const LDAPConstraints *cons=0);
+
+        /** End an outstanding request
+         *
+         * @param q All outstanding request related to this LDAPMessageQueue 
+         *      will be abandoned
+         */
+        void abandon(LDAPMessageQueue *q);
+
+        /**
+         * Performs the UNBIND-operation on the destination server
+         * 
+         * @throws LDAPException in any case of an error
+         */
+        void unbind();
+
+        /**
+         * @returns The C-APIs LDAP-structure that is associated with the
+         *      current connection 
+         */
+        LDAP* getSessionHandle() const ;
+
+        /**
+         * @returns The Hostname of the destination server of the
+         *      connection. 
+         */
+        const std::string& getHost() const;
+
+        /**
+         * @returns The Port to which this connection is connecting to on
+         *      the remote server. 
+         */
+        int getPort() const;
+
+        /** Change the default constraints of the connection
+         *
+         * @parameter cons cons New LDAPConstraints to use with the connection
+         */
+        void setConstraints(LDAPConstraints *cons);
+
+        /** Get the default constraints of the connection
+         *
+         * @return Pointer to the LDAPConstraints-Object that is currently
+         *      used with the Connection
+         */
+        const LDAPConstraints* getConstraints() const;
+        TlsOptions getTlsOptions() const;
+        /**
+         * This method is used internally for automatic referral chasing.
+         * It tries to bind to a destination server of the URLs of a
+         * referral.
+         *
+         * @throws LDAPException in any case of an error
+         * @param urls Contains a std::list of LDAP-Urls that indicate the
+         *      destinations of a referral
+         * @param usedUrl After this method has successfully bind to one of
+         *      the Destination URLs this parameter contains the URLs 
+         *      which was contacted.
+         * @param cons An LDAPConstraints-Object that should be used for
+         *      the new connection. If this object contains a 
+         *      LDAPRebind-object it is used to bind to the new server
+         */ 
+        LDAPAsynConnection* referralConnect(const LDAPUrlList& urls,
+                LDAPUrlList::const_iterator& usedUrl,
+                const LDAPConstraints* cons) const;
+
+    private :
+        /**
+         * Private copy constructor. So nobody can call it.
+         */
+        LDAPAsynConnection(const LDAPAsynConnection& lc){};
+
+        /**
+         * A pointer to the C-API LDAP-structure that is associated with
+         * this connection
+         */
+        LDAP *cur_session;
+
+        /**
+         * A pointer to the default LDAPConstrains-object that is used when
+         * no LDAPConstraints-parameter is provided with a call for a
+         * LDAP-operation
+         */
+        LDAPConstraints *m_constr;
+
+        /**
+         * The URI of this connection
+         */
+        LDAPUrl m_uri;
+
+    protected:
+        /**
+         * Is caching enabled?
+         */
+        bool m_cacheEnabled;
+};
+#endif //LDAP_ASYN_CONNECTION_H
+
+
diff --git a/contrib/ldapc++/src/LDAPAttrType.cpp b/contrib/ldapc++/src/LDAPAttrType.cpp
new file mode 100644
index 0000000..5f5d829
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttrType.cpp
@@ -0,0 +1,148 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPAttrType.h"
+
+
+LDAPAttrType::LDAPAttrType(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPAttrType::LDAPAttrType( )" << endl);
+
+    oid = string ();
+    desc = string ();
+    names = StringList ();
+    single = false;
+    usage = 0;
+}
+
+LDAPAttrType::LDAPAttrType (string at_item, int flags ) { 
+
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPAttrType::LDAPAttrType( )" << endl);
+
+    LDAPAttributeType *a;
+    int ret;
+    const char *errp;
+    a = ldap_str2attributetype (at_item.c_str(), &ret, &errp, flags);
+
+    if (a) {
+	this->setNames( a->at_names );
+	this->setDesc( a->at_desc );
+	this->setOid( a->at_oid );
+	this->setSingle( a->at_single_value );
+	this->setUsage( a->at_usage );
+        this->setSuperiorOid( a->at_sup_oid );
+        this->setEqualityOid( a->at_equality_oid );
+        this->setOrderingOid( a->at_ordering_oid );
+        this->setSubstringOid( a->at_substr_oid );
+        this->setSyntaxOid( a->at_syntax_oid );
+    }
+    // else? -> error
+}
+
+LDAPAttrType::~LDAPAttrType() {
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttrType::~LDAPAttrType()" << endl);
+}
+
+void LDAPAttrType::setSingle (int at_single) {
+    single = (at_single == 1);
+}
+    
+void LDAPAttrType::setNames ( char **at_names ) {
+    names = StringList(at_names);
+}
+
+void LDAPAttrType::setDesc (const char *at_desc) {
+    desc = string ();
+    if (at_desc)
+	desc = at_desc;
+}
+
+void LDAPAttrType::setOid (const char *at_oid) {
+    oid = string ();
+    if (at_oid)
+	oid = at_oid;
+}
+
+void LDAPAttrType::setUsage (int at_usage) {
+    usage = at_usage;
+}
+
+void LDAPAttrType::setSuperiorOid( const char *oid ){
+    if ( oid )
+        superiorOid = oid;
+}
+
+void LDAPAttrType::setEqualityOid( const char *oid ){
+    if ( oid )
+        equalityOid = oid;
+}
+
+void LDAPAttrType::setOrderingOid( const char *oid ){
+    if ( oid )
+        orderingOid = oid;
+}
+
+void LDAPAttrType::setSubstringOid( const char *oid ){
+    if ( oid )
+        substringOid = oid;
+}
+
+void LDAPAttrType::setSyntaxOid( const char *oid ){
+    if ( oid )
+        syntaxOid = oid;
+}
+
+bool LDAPAttrType::isSingle() const {
+    return single;
+} 
+
+string LDAPAttrType::getOid() const {
+    return oid;
+}
+
+string LDAPAttrType::getDesc() const {
+    return desc;
+}
+
+StringList LDAPAttrType::getNames() const {
+    return names;
+}
+
+string LDAPAttrType::getName() const {
+
+    if (names.empty())
+	return "";
+    else
+	return *(names.begin());
+}
+
+int LDAPAttrType::getUsage() const {
+    return usage;
+}
+
+std::string LDAPAttrType::getSuperiorOid() const {
+    return superiorOid;
+}
+
+std::string LDAPAttrType::getEqualityOid() const {
+    return equalityOid;
+}
+
+std::string LDAPAttrType::getOrderingOid() const {
+    return orderingOid;
+}
+
+std::string LDAPAttrType::getSubstringOid() const {
+    return substringOid;
+}
+
+std::string LDAPAttrType::getSyntaxOid() const {
+    return syntaxOid;
+}
+
+
diff --git a/contrib/ldapc++/src/LDAPAttrType.h b/contrib/ldapc++/src/LDAPAttrType.h
new file mode 100644
index 0000000..34948cc
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttrType.h
@@ -0,0 +1,101 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ATTRTYPE_H
+#define LDAP_ATTRTYPE_H
+
+#include <ldap_schema.h>
+#include <string>
+
+#include "StringList.h"
+
+using namespace std;
+
+/**
+ * Represents the Attribute Type (from LDAP schema)
+ */
+class LDAPAttrType{
+    private :
+	StringList names;
+	std::string desc, oid, superiorOid, equalityOid;
+        std::string orderingOid, substringOid, syntaxOid;
+	bool single;
+	int usage;
+
+    public :
+
+        /**
+         * Constructor
+         */   
+        LDAPAttrType();
+
+        /**
+	 * Constructs new object and fills the data structure by parsing the
+	 * argument.
+	 * @param at_item description of attribute type is string returned
+	 *  by the search command. It is in the form:
+	 * "( SuSE.YaST.Attr:19 NAME ( 'skelDir' ) DESC ''
+	 *    EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
+         */   
+        LDAPAttrType (string at_item, int flags = LDAP_SCHEMA_ALLOW_NO_OID | 
+                      LDAP_SCHEMA_ALLOW_QUOTED );
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPAttrType();
+	
+	
+	/**
+	 * Returns attribute description
+	 */
+	string getDesc() const;
+	
+	/**
+	 * Returns attribute oid
+	 */
+	string getOid() const;
+
+	/**
+	 * Returns attribute name (first one if there are more of them)
+	 */
+	string getName() const;
+
+	/**
+	 * Returns all attribute names
+	 */
+	StringList getNames() const;
+	
+	/**
+	 * Returns true if attribute type allows only single value
+	 */
+	bool isSingle() const;
+	
+	/**
+ 	 * Return the 'usage' value:
+ 	 * (0=userApplications, 1=directoryOperation, 2=distributedOperation, 
+	 *  3=dSAOperation)
+ 	 */
+ 	int getUsage () const;
+        std::string getSuperiorOid() const;
+        std::string getEqualityOid() const;
+        std::string getOrderingOid() const;
+        std::string getSubstringOid() const;
+        std::string getSyntaxOid() const;
+
+	void setNames( char **at_names);
+	void setDesc(const char *at_desc);
+	void setOid(const char *at_oid);
+	void setSingle(int at_single_value);
+	void setUsage(int at_usage );
+        void setSuperiorOid( const char *oid );
+        void setEqualityOid( const char *oid );
+        void setOrderingOid( const char *oid );
+        void setSubstringOid( const char *oid );
+        void setSyntaxOid( const char *oid );
+};
+
+#endif // LDAP_ATTRTYPE_H
diff --git a/contrib/ldapc++/src/LDAPAttribute.cpp b/contrib/ldapc++/src/LDAPAttribute.cpp
new file mode 100644
index 0000000..d6689ff
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttribute.cpp
@@ -0,0 +1,199 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+//TODO!!!
+//  * some kind of iterator to step through the attribute values
+//  * remove values from Attribute
+//  * handling of subtypes (;de; and so on)
+//  * some documentation
+
+
+#include <ldap.h> 
+#include <cstdlib>
+
+#include "debug.h"
+#include "StringList.h"
+
+#include "LDAPAttribute.h"
+
+using namespace std;
+
+LDAPAttribute::LDAPAttribute(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute( )" << endl);
+    m_name=string();
+}
+
+LDAPAttribute::LDAPAttribute(const LDAPAttribute& attr){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute(&)" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   attr:" << attr << endl);
+	m_name=attr.m_name;
+    m_values=StringList(attr.m_values);
+}
+
+LDAPAttribute::LDAPAttribute(const string& name, const string& value){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   name:" << name << endl << "   value:" << value << endl);
+    this->setName(name);
+    if(value != ""){
+    	this->addValue(value);
+    }
+}
+
+
+LDAPAttribute::LDAPAttribute(const string& name, const StringList& values){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   name:" << name << endl);
+    m_name=name;
+    m_values=values;
+}
+
+LDAPAttribute::LDAPAttribute(const char *name, char **values){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   name:" << name << endl);
+	this->setName(name);
+	this->setValues(values);
+}
+
+LDAPAttribute::LDAPAttribute(const char *name, BerValue **values){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPAttribute::LDAPAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   name:" << name << endl);
+	this->setName(name);
+	this->setValues(values);
+}
+
+LDAPAttribute::~LDAPAttribute(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttribute::~LDAPAttribute()" << endl);
+}
+
+void LDAPAttribute::addValue(const string& value){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addValue()" << endl);
+    m_values.add(value);
+}
+
+int LDAPAttribute::addValue(const BerValue *value){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addValue()" << endl);
+	if(value!=0){
+		this->addValue(string(value->bv_val, value->bv_len));
+		return 0;
+	}
+	return -1;
+}
+
+int LDAPAttribute::setValues(char **values){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+	if(values){
+        m_values.clear();
+        for( char **i=values; *i!=0; i++){
+            this->addValue(*i);
+        }
+    }
+    return 0;
+}
+
+int LDAPAttribute::setValues(BerValue **values){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+    if(values){
+	    m_values.clear();
+        for( BerValue **i=values; *i!=0; i++){
+            if( this->addValue(*i) ){
+                return -1;
+            }
+        }
+    }
+	return 0;
+}
+
+void LDAPAttribute::setValues(const StringList& values){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::setValues()" << endl);
+    m_values=values;
+}
+
+const StringList& LDAPAttribute::getValues() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getValues()" << endl);
+    return m_values;
+}
+
+BerValue** LDAPAttribute::getBerValues() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getBerValues()" << endl);
+    size_t size=m_values.size();
+    if (size == 0){
+        return 0;
+    }else{
+        BerValue **temp = (BerValue**) malloc(sizeof(BerValue*) * (size+1));
+        StringList::const_iterator i;
+        int p=0;
+
+        for(i=m_values.begin(), p=0; i!=m_values.end(); i++,p++){
+            temp[p]=(BerValue*) malloc(sizeof(BerValue));
+            temp[p]->bv_len= i->size();
+            temp[p]->bv_val= (char*) malloc(sizeof(char) * (i->size()+1));
+            i->copy(temp[p]->bv_val,string::npos);
+        }
+        temp[size]=0;
+        return temp;
+    }
+}
+
+int LDAPAttribute::getNumValues() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getNumValues()" << endl);
+	return m_values.size();
+}
+
+const string& LDAPAttribute::getName() const {
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::getName()" << endl);
+	return m_name;
+}
+
+void LDAPAttribute::setName(const string& name){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::setName()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   name:" << name << endl);
+    m_name.erase();
+    m_name=name;
+}
+
+// The bin-FLAG of the mod_op  is always set to LDAP_MOD_BVALUES (0x80) 
+LDAPMod* LDAPAttribute::toLDAPMod() const {
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPAttribute::toLDAPMod()" << endl);
+    LDAPMod* ret= (LDAPMod*) malloc(sizeof(LDAPMod));
+    ret->mod_op=LDAP_MOD_BVALUES;	//always assume binary-Values
+    ret->mod_type= (char*) malloc(sizeof(char) * (m_name.size()+1));
+    m_name.copy(ret->mod_type,string::npos);
+    ret->mod_type[m_name.size()]=0;
+    ret->mod_bvalues=this->getBerValues();
+    return ret;
+}
+
+bool LDAPAttribute::isNotPrintable() const {
+    StringList::const_iterator i;
+    for(i=m_values.begin(); i!=m_values.end(); i++){
+	size_t len = i->size();
+	for(size_t j=0; j<len; j++){
+	    if (! isprint( (i->data())[j] ) ){
+		return true;
+	    }
+	}
+    }
+    return false;
+}
+
+ostream& operator << (ostream& s, const LDAPAttribute& attr){
+    s << attr.m_name << "=";
+    StringList::const_iterator i;
+    if (attr.isNotPrintable()){
+	    s << "NOT_PRINTABLE" ;
+    }else{
+	for(i=attr.m_values.begin(); i!=attr.m_values.end(); i++){
+	    s << *i << " ";
+	}
+    }
+	return s;
+}
diff --git a/contrib/ldapc++/src/LDAPAttribute.h b/contrib/ldapc++/src/LDAPAttribute.h
new file mode 100644
index 0000000..e978137
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttribute.h
@@ -0,0 +1,181 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ATTRIBUTE_H
+#define LDAP_ATTRIBUTE_H
+
+#include<iostream>
+#include<string>
+#include<ldap.h>
+#include<lber.h> 
+
+#include <StringList.h>
+
+/**
+ * Represents the name an value(s) of an Attribute 
+ */
+class LDAPAttribute{
+    public :
+        /** 
+         * Default constructor.
+         * initializes an empty object.
+         */
+        LDAPAttribute();
+
+        /**
+         * Copy constructor.
+         * Copies all values of an Attribute to a new one
+         * @param attr   The Attribute that should be copied
+         */
+        LDAPAttribute(const LDAPAttribute& attr);
+
+        /**
+         * Construct an Attribute with a single string value
+         * @param name      The attribute's name (type)
+         * @param value     The string value of the attribute, if "" the
+         *                  attribute will have no values, for LDAPv3 
+         *                  this values must be UTF-8 encoded
+         */
+        LDAPAttribute(const std::string& name, const std::string& value="");
+
+        /** 
+         * Construct an attribute with multiple string values
+         * @param name      The attribute's name (type)
+         * @param values    A 0-terminated array of char*. Each char* specifies
+         *                  one value of the attribute (UTF-8 encoded)
+         */
+        LDAPAttribute(const char* name, char **values);
+        
+        /** 
+         * Construct an attribute with multiple string values
+         * @param name      The attribute's name (type)
+         * @param values    A list of strings. Each element specifies
+         *                  one value of the attribute (UTF-8 or binary 
+         *                  encoded)
+         */
+        LDAPAttribute(const std::string& name, const StringList& values);
+
+        /**
+         * Construct an attribute with multiple binary coded values
+         * @param name      The attribute's name (type)
+         * @param values    0-terminated array of binary attribute values
+         *                  The BerValue struct is declared as:<BR>
+         *                  struct berval{
+         *                      unsigned long bv_len;
+         *                      char *bv_val;
+         *                  } BerValue;
+         */         
+        LDAPAttribute(const char* name, BerValue **values);
+        
+        /**
+         * Destructor
+         */
+        ~LDAPAttribute();
+
+        /**
+         * Add a single string value(bin/char) to the Attribute
+         * @param value Value that should be added, it is copied inside the
+         *              object
+         */
+        void addValue(const std::string& value);
+
+        /**
+         * Add a single binary value to the Attribute
+         * @param value The binary coded value that should be added to the
+         *              Attribute.
+         * @return  0  no problem <BR>
+         *          -1 failure (mem. allocation problem)
+         */
+        int addValue(const BerValue *value);
+
+        /**
+         * Set the values of the attribute. If the object contains some values
+         * already, they are deleted
+         * @param values    0-terminated array of char*, each char* 
+         *                  representing a string value to add to the entry
+         * 
+         * @return  0  no problem <BR>
+         *          -1 failure (mem. allocation problem)
+         */
+        int setValues(char** values);
+
+        /**
+         * Set the values of the attribute. If the object does already contain
+         * some values, they will be deleted
+         * @param values    0-terminated array of BerValue*, each BerValue
+         *                  representing a binary value to add to the entry
+         * 
+         * @return  0  no problem <BR>
+         *          -1 failure (mem. allocation problem)
+         */
+        int setValues(BerValue** values);
+
+        /**
+         * Set the values of the attribute. If the object does already contain
+         * some values, they will be deleted
+         * @param values    A list of string-Objects. Each string is 
+         *                  representing a string or binary value to add to
+         *                  the entry
+         */
+        void setValues(const StringList& values); 
+
+        /**
+         * For internal use only.
+         * This method is used to translate the values of the Attribute to
+         * 0-terminated Array of BerValue-structs as used by the C-API
+         * @return  The Values of the Attribute as an 0-terminated Array of 
+         *          BerValue* (is dynamically allocated, delete it after usage) 
+         *          <BR>
+         *          0-pointer in case of error
+         */
+        BerValue** getBerValues() const;
+
+        /**
+         * @return The values of the array as a list of strings
+         */
+        const StringList& getValues() const;
+        
+        /**
+         * @return The number of values of the attribute
+         */
+        int getNumValues() const;
+
+        /**
+         * @return The name(type) of the attribute
+         */
+        const std::string& getName() const ;
+
+        /**
+         * Sets the Attribute's name (type) 
+         * @param the new name of the object  
+         */
+        void setName(const std::string& name);
+
+        /**
+         * For internal use only.
+         *
+         * This method translate the attribute of the object into a
+         * LDAPMod-Structure as used by the C-API
+         */
+        LDAPMod* toLDAPMod() const ;
+
+        /**
+         * @return true If the attribute contains non-printable attributes
+         */
+        bool isNotPrintable() const ;
+
+    private :
+        std::string m_name;
+        StringList m_values;
+
+    /**
+     * This method can be used to dump the data of a LDAPResult-Object.
+     * It is only useful for debugging purposes at the moment
+     */
+    friend std::ostream& operator << (std::ostream& s, const LDAPAttribute& attr);
+};
+#endif //#ifndef LDAP_ATTRIBUTE_H
diff --git a/contrib/ldapc++/src/LDAPAttributeList.cpp b/contrib/ldapc++/src/LDAPAttributeList.cpp
new file mode 100644
index 0000000..9752191
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttributeList.cpp
@@ -0,0 +1,193 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+
+#include "LDAPAttributeList.h"
+
+#include "LDAPException.h"
+#include "LDAPAttribute.h"
+#include "LDAPAsynConnection.h"
+#include "LDAPMessage.h"
+
+#include <cstdlib>
+
+using namespace std;
+
+// little helper function for doing case insensitive string comparison
+bool nocase_compare(char c1, char c2);
+
+LDAPAttributeList::LDAPAttributeList(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPAttributeList::LDAPAttributeList( )" << endl);
+}
+
+LDAPAttributeList::LDAPAttributeList(const LDAPAttributeList& al){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPAttributeList::LDAPAttributeList(&)" << endl);
+    m_attrs=al.m_attrs;
+}
+
+LDAPAttributeList::LDAPAttributeList(const LDAPAsynConnection *ld, 
+        LDAPMessage *msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPAttributeList::LDAPAttributeList()" << endl);
+    BerElement *ptr=0;
+    char *name=ldap_first_attribute(ld->getSessionHandle(), msg, &ptr);
+/*
+   This code was making problems if no attribute were returned
+   How am I supposed to find decoding errors? ldap_first/next_attribute
+   return 0 in case of error or if there are no more attributes. In either
+   case they set the LDAP* error code to 0x54 (Decoding error) ??? Strange..
+
+   There will be some changes in the new version of the C-API so that this
+   code should work in the future.
+   if(name == 0){
+        ber_free(ptr,0);
+        ldap_memfree(name);
+        throw LDAPException(ld);
+    }else{
+*/        BerValue **values;
+        for (;name !=0;
+                name=ldap_next_attribute(ld->getSessionHandle(),msg,ptr) ){
+            values=ldap_get_values_len(ld->getSessionHandle(),
+                    msg, name);
+            this->addAttribute(LDAPAttribute(name, values));
+            ldap_memfree(name);
+            ldap_value_free_len(values);
+        }
+        ber_free(ptr,0);
+//    }
+}
+
+LDAPAttributeList::~LDAPAttributeList(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPAttributeList::~LDAPAttributeList()" << endl);
+}
+
+size_t LDAPAttributeList::size() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::size()" << endl);
+    return m_attrs.size();
+}
+
+bool LDAPAttributeList::empty() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::empty()" << endl);
+    return m_attrs.empty();
+}
+
+LDAPAttributeList::const_iterator LDAPAttributeList::begin() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::begin()" << endl);
+    return m_attrs.begin();
+}
+
+LDAPAttributeList::const_iterator LDAPAttributeList::end() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::end()" << endl);
+    return m_attrs.end();
+}
+
+const LDAPAttribute* LDAPAttributeList::getAttributeByName(
+	const string& name) const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::getAttributeByName()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   name:" << name << endl);
+    LDAPAttributeList::const_iterator i;
+    for( i = m_attrs.begin(); i != m_attrs.end(); i++){
+	const std::string& tmpType = i->getName();
+	if(name.size() == tmpType.size()){
+	    if(equal(name.begin(), name.end(), tmpType.begin(),
+		    nocase_compare)){
+		return &(*i);
+		DEBUG(LDAP_DEBUG_TRACE,"    found:" << name << endl);
+	    }
+	}
+    }
+    return 0;
+}
+
+void LDAPAttributeList::addAttribute(const LDAPAttribute& attr){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::addAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   attr:" << attr << endl);
+    const std::string attrType = attr.getName();
+    const std::string::size_type attrLen = attrType.size();
+    std::string::size_type tmpAttrLen = 0;
+    bool done=false;
+    LDAPAttributeList::iterator i;
+    for( i=m_attrs.begin(); i != m_attrs.end(); i++ ){
+	const std::string tmpAttrType = i->getName();
+	tmpAttrLen = tmpAttrType.size();
+	if(tmpAttrLen == attrLen){
+	    if(equal(tmpAttrType.begin(), tmpAttrType.end(), attrType.begin(),
+		    nocase_compare)){
+		const StringList& values = attr.getValues();
+		StringList::const_iterator j;
+		for(j = values.begin(); j != values.end(); j++){
+		    i->addValue(*j);
+		}
+		DEBUG(LDAP_DEBUG_TRACE,"Attribute" << i->getName() 
+			<< "already present" << endl);
+		done=true;
+		break; // The AttributeType was already present,
+		       // we are done here
+	    }
+	}
+    }
+    if(! done){
+	m_attrs.push_back(attr);
+    }
+}
+
+void LDAPAttributeList::delAttribute(const std::string& type)
+{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::replaceAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER, "   type: " << type << endl);
+    LDAPAttributeList::iterator i;
+    for( i = m_attrs.begin(); i != m_attrs.end(); i++){
+	if(type.size() == i->getName().size()){
+	    if(equal(type.begin(), type.end(), i->getName().begin(),
+		    nocase_compare)){
+                m_attrs.erase(i);
+                break;
+            }
+        }
+    }
+}
+
+void LDAPAttributeList::replaceAttribute(const LDAPAttribute& attr)
+{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::replaceAttribute()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   attr:" << attr << endl);
+    
+    LDAPAttributeList::iterator i;
+    this->delAttribute( attr.getName() );
+    m_attrs.push_back(attr);
+}
+
+LDAPMod** LDAPAttributeList::toLDAPModArray() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPAttribute::toLDAPModArray()" << endl);
+    LDAPMod **ret = (LDAPMod**) malloc((m_attrs.size()+1) * sizeof(LDAPMod*));
+    LDAPAttributeList::const_iterator i;
+    int j=0;
+    for (i=m_attrs.begin(); i!= m_attrs.end(); i++, j++){
+        ret[j]=i->toLDAPMod();
+    }
+    ret[m_attrs.size()]=0;
+    return ret;
+}
+
+ostream& operator << (ostream& s, const LDAPAttributeList& al){
+    LDAPAttributeList::const_iterator i;
+    for(i=al.m_attrs.begin(); i!=al.m_attrs.end(); i++){
+        s << *i << "; ";
+    }
+    return s;
+}
+
+bool nocase_compare( char c1, char c2){
+    return toupper(c1) == toupper(c2);
+}
+
diff --git a/contrib/ldapc++/src/LDAPAttributeList.h b/contrib/ldapc++/src/LDAPAttributeList.h
new file mode 100644
index 0000000..f03275e
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPAttributeList.h
@@ -0,0 +1,121 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ATTRIBUTE_LIST_H
+#define LDAP_ATTRIBUTE_LIST_H
+
+#include <ldap.h>
+#include <list>
+#include <string>
+
+class LDAPAttribute;
+class LDAPAsynConnection;
+class LDAPMsg;
+
+/**
+ * This container class is used to store multiple LDAPAttribute-objects.
+ */
+class LDAPAttributeList{
+    typedef std::list<LDAPAttribute> ListType;
+
+    private :
+        ListType m_attrs;
+
+    public :
+        typedef ListType::const_iterator const_iterator;
+	typedef ListType::iterator iterator;
+
+
+        /**
+         * Copy-constructor
+         */
+        LDAPAttributeList(const LDAPAttributeList& al);
+        
+        /**
+         * For internal use only
+         *
+         * This constructor is used by the library internally to create a
+         * list of attributes from a LDAPMessage-struct that was return by
+         * the C-API
+         */
+        LDAPAttributeList(const LDAPAsynConnection *ld, LDAPMessage *msg);
+
+        /**
+         * Constructs an empty list.
+         */   
+        LDAPAttributeList();
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPAttributeList();
+
+        /**
+         * @return The number of LDAPAttribute-objects that are currently
+         * stored in this list.
+         */
+        size_t size() const;
+
+        /**
+         * @return true if there are zero LDAPAttribute-objects currently
+         * stored in this list.
+         */
+        bool empty() const;
+
+        /**
+         * @return A iterator that points to the first element of the list.
+         */
+        const_iterator begin() const;
+        
+        /**
+         * @return A iterator that points to the element after the last
+         * element of the list.
+         */
+        const_iterator end() const;
+
+	/**
+	 * Get an Attribute by its AttributeType
+	 * @param name The name of the Attribute to look for
+	 * @return a pointer to the LDAPAttribute with the AttributeType 
+	 *	"name" or 0, if there is no Attribute of that Type
+	 */
+	const LDAPAttribute* getAttributeByName(const std::string& name) const;
+
+        /**
+         * Adds one element to the end of the list.
+         * @param attr The attribute to add to the list.
+         */
+        void addAttribute(const LDAPAttribute& attr);
+        
+        /**
+         * Deletes all values of an Attribute for the list
+         * @param type The attribute type to be deleted.
+         */
+        void delAttribute(const std::string& type);
+
+        /**
+         * Replace an Attribute in the List
+         * @param attr The attribute to add to the list.
+         */
+        void replaceAttribute(const LDAPAttribute& attr);
+
+        /**
+         * Translates the list of Attributes to a 0-terminated array of
+         * LDAPMod-structures as needed by the C-API
+         */
+        LDAPMod** toLDAPModArray() const;
+        
+        /**
+         * This method can be used to dump the data of a LDAPResult-Object.
+         * It is only useful for debugging purposes at the moment
+         */
+        friend std::ostream& operator << (std::ostream& s, 
+					  const LDAPAttributeList& al);
+};
+
+#endif // LDAP_ATTRIBUTE_LIST_H
+
diff --git a/contrib/ldapc++/src/LDAPBindRequest.cpp b/contrib/ldapc++/src/LDAPBindRequest.cpp
new file mode 100644
index 0000000..a67a0e1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPBindRequest.cpp
@@ -0,0 +1,173 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPBindRequest.h"
+#include "LDAPException.h"
+#include "SaslInteractionHandler.h"
+#include "SaslInteraction.h"
+
+#include <cstdlib>
+#include <sasl/sasl.h>
+
+using namespace std;
+
+LDAPBindRequest::LDAPBindRequest(const LDAPBindRequest& req) :
+        LDAPRequest(req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPBindRequest::LDAPBindRequest(&)" << endl);
+    m_dn=req.m_dn;
+    m_cred=req.m_cred;
+    m_mech=req.m_mech;
+}
+
+LDAPBindRequest::LDAPBindRequest(const string& dn,const string& passwd, 
+        LDAPAsynConnection *connect, const LDAPConstraints *cons,
+        bool isReferral) : LDAPRequest(connect, cons, isReferral){
+   DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPBindRequest::LDAPBindRequest()" << endl);
+   DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, "   dn:" << dn << endl
+           << "   passwd:" << passwd << endl);
+    m_dn = dn;
+    m_cred = passwd;
+    m_mech = "";
+}
+
+LDAPBindRequest::~LDAPBindRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPBindRequest::~LDAPBindRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPBindRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPBindRequest::sendRequest()" << endl);
+    int msgID=0;
+    
+    const char* mech = (m_mech == "" ? 0 : m_mech.c_str());
+    BerValue* tmpcred=0;
+    if(m_cred != ""){
+        char* tmppwd = (char*) malloc( (m_cred.size()+1) * sizeof(char));
+        m_cred.copy(tmppwd,string::npos);
+        tmppwd[m_cred.size()]=0;
+        tmpcred=ber_bvstr(tmppwd);
+    }else{
+        tmpcred=(BerValue*) malloc(sizeof(BerValue));
+        tmpcred->bv_len=0;
+        tmpcred->bv_val=0;
+    }
+    const char* dn = 0;
+    if(m_dn != ""){
+        dn = m_dn.c_str();
+    }
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int err=ldap_sasl_bind(m_connection->getSessionHandle(),dn, 
+            mech, tmpcred, tmpSrvCtrls, tmpClCtrls, &msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    ber_bvfree(tmpcred);
+
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPSaslBindRequest::LDAPSaslBindRequest(const std::string& mech,
+        const std::string& cred, 
+        LDAPAsynConnection *connect,
+        const LDAPConstraints *cons, 
+        bool isReferral) : LDAPRequest(connect, cons, isReferral),m_mech(mech), m_cred(cred) {}
+
+LDAPMessageQueue* LDAPSaslBindRequest::sendRequest()
+{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPSaslBindRequest::sendRequest()" << endl);
+    int msgID=0;
+    
+    BerValue tmpcred;
+    tmpcred.bv_val = (char*) malloc( m_cred.size() * sizeof(char));
+    m_cred.copy(tmpcred.bv_val,string::npos);
+    tmpcred.bv_len = m_cred.size();
+    
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int err=ldap_sasl_bind(m_connection->getSessionHandle(), "", m_mech.c_str(), 
+            &tmpcred, tmpSrvCtrls, tmpClCtrls, &msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    free(tmpcred.bv_val);
+
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPSaslBindRequest::~LDAPSaslBindRequest()
+{
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPSaslBindRequest::~LDAPSaslBindRequest()" << endl);
+}
+
+LDAPSaslInteractiveBind::LDAPSaslInteractiveBind( const std::string& mech, 
+        int flags, SaslInteractionHandler *sih, LDAPAsynConnection *connect,
+        const LDAPConstraints *cons, bool isReferral) : 
+            LDAPRequest(connect, cons, isReferral),
+            m_mech(mech), m_flags(flags), m_sih(sih), m_res(0)
+{
+}
+
+static int my_sasl_interact(LDAP *l, unsigned flags, void *cbh, void *interact)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPSaslInteractiveBind::my_sasl_interact()" 
+            << std::endl );
+    std::list<SaslInteraction*> interactions;
+
+    sasl_interact_t *iter = (sasl_interact_t*) interact;
+    while ( iter->id != SASL_CB_LIST_END ) {
+        SaslInteraction *si = new SaslInteraction(iter);
+        interactions.push_back( si );
+        iter++;
+    }
+    ((SaslInteractionHandler*)cbh)->handleInteractions(interactions);
+    return LDAP_SUCCESS;
+}
+
+/* This kind of fakes an asynchronous operation, ldap_sasl_interactive_bind_s
+ * is synchronous */
+LDAPMessageQueue *LDAPSaslInteractiveBind::sendRequest()
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPSaslInteractiveBind::sendRequest()" <<
+            m_mech << std::endl);
+
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int res = ldap_sasl_interactive_bind_s( m_connection->getSessionHandle(),
+            "", m_mech.c_str(), tmpSrvCtrls, tmpClCtrls, m_flags, 
+            my_sasl_interact, m_sih );
+
+    DEBUG(LDAP_DEBUG_TRACE, "ldap_sasl_interactive_bind_s returned: " 
+            << res << std::endl);
+    if(res != LDAP_SUCCESS){
+        throw LDAPException(res);
+    } else {
+        m_res = new LDAPResult(LDAPMsg::BIND_RESPONSE, res, ""); 
+    }
+    return new LDAPMessageQueue(this);
+}
+
+LDAPMsg* LDAPSaslInteractiveBind::getNextMessage() const 
+{
+    return m_res;
+}
+
+LDAPSaslInteractiveBind::~LDAPSaslInteractiveBind()
+{
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPSaslInteractiveBind::~LDAPSaslInteractiveBind()" << endl);
+}
+
diff --git a/contrib/ldapc++/src/LDAPBindRequest.h b/contrib/ldapc++/src/LDAPBindRequest.h
new file mode 100644
index 0000000..efadffb
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPBindRequest.h
@@ -0,0 +1,61 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_BIND_REQUEST_H
+#define LDAP_BIND_REQUEST_H
+
+#include <LDAPRequest.h>
+#include <LDAPResult.h>
+#include <SaslInteractionHandler.h>
+
+class LDAPBindRequest : LDAPRequest {
+    private:
+        std::string m_dn;
+        std::string m_cred;
+        std::string m_mech;
+
+    public:
+        LDAPBindRequest( const LDAPBindRequest& req);
+        //just for simple authentication
+        LDAPBindRequest(const std::string&, const std::string& passwd, 
+                LDAPAsynConnection *connect, const LDAPConstraints *cons, 
+                bool isReferral=false);
+        virtual ~LDAPBindRequest();
+        virtual LDAPMessageQueue *sendRequest();
+};
+
+class LDAPSaslBindRequest : LDAPRequest
+{
+    public:
+        LDAPSaslBindRequest( const std::string& mech, const std::string& cred, 
+        LDAPAsynConnection *connect, const LDAPConstraints *cons, 
+                bool isReferral=false);
+        virtual LDAPMessageQueue *sendRequest();
+        virtual ~LDAPSaslBindRequest();
+
+    private:
+        std::string m_mech;
+        std::string m_cred;
+};
+
+class LDAPSaslInteractiveBind : LDAPRequest
+{
+    public:
+        LDAPSaslInteractiveBind( const std::string& mech, int flags,
+                SaslInteractionHandler *sih, LDAPAsynConnection *connect, 
+                const LDAPConstraints *cons, bool isReferral=false);
+        virtual LDAPMessageQueue *sendRequest();
+        virtual LDAPMsg* getNextMessage() const;
+        virtual ~LDAPSaslInteractiveBind();
+
+    private:
+        std::string m_mech;
+        int m_flags;
+        SaslInteractionHandler *m_sih;
+        LDAPResult *m_res;
+};
+#endif //LDAP_BIND_REQUEST_H
+
diff --git a/contrib/ldapc++/src/LDAPCompareRequest.cpp b/contrib/ldapc++/src/LDAPCompareRequest.cpp
new file mode 100644
index 0000000..4edc646
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPCompareRequest.cpp
@@ -0,0 +1,79 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPCompareRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPCompareRequest::LDAPCompareRequest(const LDAPCompareRequest& req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+            "LDAPCompareRequest::LDAPCompareRequest(&)" << endl);
+    m_dn=req.m_dn;
+    m_attr=req.m_attr;
+}
+
+LDAPCompareRequest::LDAPCompareRequest(const string& dn, 
+        const LDAPAttribute& attr, LDAPAsynConnection *connect, 
+        const LDAPConstraints *cons, bool isReferral, 
+        const LDAPRequest* parent) :
+        LDAPRequest(connect, cons, isReferral,parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPCompareRequest::LDAPCompareRequest()" 
+            << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, "   dn:" << dn << endl 
+            << "   attr:" << attr << endl);
+    m_requestType=LDAPRequest::COMPARE;
+    m_dn=dn;
+    m_attr=attr;
+} 
+    
+LDAPCompareRequest::~LDAPCompareRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPCompareRequest::~LDAPCompareRequest()" 
+            << endl);
+}
+
+LDAPMessageQueue* LDAPCompareRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPCompareRequest::sendRequest()" << endl);
+    int msgID=0;
+    BerValue **val=m_attr.getBerValues();
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray(); 
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray(); 
+    int err=ldap_compare_ext(m_connection->getSessionHandle(),m_dn.c_str(),
+            m_attr.getName().c_str(), val[0], tmpSrvCtrls, 
+            tmpClCtrls, &msgID);
+    ber_bvecfree(val);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPCompareRequest::followReferral(LDAPMsg* ref){
+	DEBUG(LDAP_DEBUG_TRACE, "LDAPCompareRequest::followReferral()" << endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+    LDAPAsynConnection* con = 0;
+    try{
+        con=getConnection()->referralConnect(urls,usedUrl,m_cons);
+    }catch(LDAPException e){
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPCompareRequest(m_dn, m_attr, con, m_cons, true, this);
+    }
+    return 0;
+}
+
diff --git a/contrib/ldapc++/src/LDAPCompareRequest.h b/contrib/ldapc++/src/LDAPCompareRequest.h
new file mode 100644
index 0000000..3202e04
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPCompareRequest.h
@@ -0,0 +1,31 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_COMPARE_REQUEST_H
+#define LDAP_COMPARE_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPMessageQueue;
+
+class LDAPCompareRequest : public LDAPRequest {
+    public :
+        LDAPCompareRequest(const LDAPCompareRequest& req);
+        LDAPCompareRequest(const std::string& dn, const LDAPAttribute& attr, 
+                LDAPAsynConnection *connect, const LDAPConstraints *cons,
+                bool isReferral=false, const LDAPRequest* parent=0);
+        virtual ~LDAPCompareRequest();
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* urls);
+    
+    private :
+        std::string m_dn;
+        LDAPAttribute m_attr;
+        
+};
+#endif //LDAP_COMPARE_REQUEST_H
+
+
diff --git a/contrib/ldapc++/src/LDAPConnection.cpp b/contrib/ldapc++/src/LDAPConnection.cpp
new file mode 100644
index 0000000..77111a1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPConnection.cpp
@@ -0,0 +1,382 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+
+#include "LDAPResult.h"
+#include "LDAPException.h"
+#include "LDAPUrlList.h"
+
+#include "LDAPConnection.h"
+const int LDAPConnection::SEARCH_BASE = LDAPAsynConnection::SEARCH_BASE;
+const int LDAPConnection::SEARCH_ONE = LDAPAsynConnection::SEARCH_ONE;
+const int LDAPConnection::SEARCH_SUB = LDAPAsynConnection::SEARCH_SUB;
+
+using namespace std;
+
+LDAPConnection::LDAPConnection(const string& hostname, int port, 
+        LDAPConstraints* cons) :
+        LDAPAsynConnection(hostname, port, cons){
+}
+
+LDAPConnection::~LDAPConnection(){
+}
+
+void LDAPConnection::start_tls(){
+    LDAPAsynConnection::start_tls();
+}
+   
+void LDAPConnection::bind(const string& dn, const string& passwd,
+        LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::bind" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::bind(dn,passwd,cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    if(resCode != LDAPResult::SUCCESS) {
+        if(resCode == LDAPResult::REFERRAL){
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }else{
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+        }
+    }
+    delete res;
+    delete msg;   // memcheck
+}
+
+void LDAPConnection::saslInteractiveBind( const std::string &mech,
+                        int flags,
+                        SaslInteractionHandler *sih,
+                        const LDAPConstraints *cons)
+{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::bind" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::saslInteractiveBind(mech, flags, sih, cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    if(resCode != LDAPResult::SUCCESS) {
+        if(resCode == LDAPResult::REFERRAL){
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }else{
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+        }
+    }
+    delete res;
+    delete msg;
+}
+
+void LDAPConnection::unbind(){
+    LDAPAsynConnection::unbind();
+}
+
+bool LDAPConnection::compare(const string& dn, const LDAPAttribute& attr,
+        LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::compare" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::compare(dn,attr,cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::COMPARE_TRUE :
+            delete res; 
+            delete msg;
+            return true;
+        break;
+        case LDAPResult::COMPARE_FALSE :
+            delete res;
+            delete msg;
+            return false;
+        break;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+}
+
+void LDAPConnection::del(const string& dn, const LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::del" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::del(dn,cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::SUCCESS :
+            delete res; 
+            delete msg;
+        break;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+
+}
+
+void LDAPConnection::add(const LDAPEntry* le, const LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::add" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::add(le,cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::SUCCESS :
+            delete res; 
+            delete msg;
+        break;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+}
+
+void LDAPConnection::modify(const string& dn, const LDAPModList* mods,
+        const LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::modify" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::modify(dn,mods,cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::SUCCESS :
+            delete res; 
+            delete msg;
+        break;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+    
+}
+
+void LDAPConnection::rename(const string& dn, const string& newRDN,
+        bool delOldRDN, const string& newParentDN, 
+        const LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::rename" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPResult* res=0;
+    try{
+        msg = LDAPAsynConnection::rename(dn,newRDN,delOldRDN, newParentDN,
+                cons);
+        res = (LDAPResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::SUCCESS :
+            delete res; 
+            delete msg;
+        break;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+}
+
+LDAPSearchResults* LDAPConnection::search(const string& base, int scope,
+        const string& filter, const StringList& attrs, bool attrsOnly, 
+        const LDAPConstraints* cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::search" << endl);
+    LDAPMessageQueue* msgq=0;
+    LDAPResult* res=0;
+    LDAPSearchResults* results= 0;
+    
+    try{
+        results = new LDAPSearchResults();
+        msgq = LDAPAsynConnection::search(base,scope, filter, attrs, attrsOnly,
+                cons);
+        res = results->readMessageQueue(msgq);
+    }catch(LDAPException e){
+        delete results; // memcheck
+        delete msgq;
+        throw;
+    }
+    if(res != 0){
+        int resCode=res->getResultCode();
+        switch (resCode){
+            case LDAPResult::SUCCESS :
+                delete res; 
+                delete msgq;
+                return results;
+            break;
+            case LDAPResult::REFERRAL :
+            {
+                LDAPUrlList urls = res->getReferralUrls();
+                delete results; // memcheck
+                delete res;
+                delete msgq;
+                throw LDAPReferralException(urls);
+            }
+            break;
+            default :
+                string srvMsg = res->getErrMsg();
+                delete results; // memcheck
+                delete res;
+                delete msgq;
+                throw LDAPException(resCode, srvMsg);
+        }
+    }        
+    return 0;
+}
+
+LDAPExtResult* LDAPConnection::extOperation(const string& oid, 
+        const string& value, const LDAPConstraints *cons){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConnection::extOperation" << endl);
+    LDAPMessageQueue* msg=0;
+    LDAPExtResult* res=0;
+    try{
+        msg = LDAPAsynConnection::extOperation(oid,value,cons);
+        res = (LDAPExtResult*)msg->getNext();
+    }catch(LDAPException e){
+        delete msg;
+        delete res;
+        throw;
+    }
+    int resCode=res->getResultCode();
+    switch (resCode){
+        case LDAPResult::SUCCESS :
+            delete msg;
+            return res;
+        case LDAPResult::REFERRAL :
+        {
+            LDAPUrlList urls = res->getReferralUrls();
+            delete res;
+            delete msg;
+            throw LDAPReferralException(urls);
+        }
+        break;
+        default :
+            string srvMsg = res->getErrMsg();
+            delete res;
+            delete msg;
+            throw LDAPException(resCode, srvMsg);
+    }
+}
+
+const string& LDAPConnection::getHost() const{
+    return LDAPAsynConnection::getHost();
+}
+
+int LDAPConnection::getPort() const{
+    return LDAPAsynConnection::getPort();
+}
+
+void LDAPConnection::setConstraints(LDAPConstraints* cons){
+    LDAPAsynConnection::setConstraints(cons);
+}
+
+const LDAPConstraints* LDAPConnection::getConstraints() const{
+    return LDAPAsynConnection::getConstraints();
+}
+
+TlsOptions LDAPConnection::getTlsOptions() const {
+    return LDAPAsynConnection::getTlsOptions();
+}
diff --git a/contrib/ldapc++/src/LDAPConnection.h b/contrib/ldapc++/src/LDAPConnection.h
new file mode 100644
index 0000000..e2d7ccc
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPConnection.h
@@ -0,0 +1,241 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_CONNECTION_H
+#define LDAP_CONNECTION_H
+
+#include <LDAPSearchResults.h>
+#include <LDAPExtResult.h>
+#include <LDAPAsynConnection.h> 
+
+/** Main class for synchronous LDAP-Communication
+ *
+ * The class represent a LDAP-Connection to perform synchronous
+ * LDAP-Operations. This provides methods for the different
+ * LDAP-Operations. All the methods for the LDAP-operations block until
+ * all results for the operation are received or until an error occurs
+ */
+class LDAPConnection : private LDAPAsynConnection {
+
+    public :
+        /** 
+         * Constant for the Search-Operation to indicate a Base-Level
+         * Search
+         */
+        static const int SEARCH_BASE;
+
+        /** 
+         * Constant for the Search-Operation to indicate a One-Level
+         * Search
+         */
+        static const int SEARCH_ONE;
+        
+        /** 
+         * Constant for the Search-Operation to indicate a Subtree 
+         * Search
+         */
+        static const int SEARCH_SUB;
+        
+        /** This Constructor initializes synchronous LDAP-Connection 
+         * 
+         * During execution of this constructor no network communication
+         * is performed. Just some internal data structure are initialized
+         * @param hostname Name (or IP-Address) of the destination host
+         * @param port Port the LDAP server is running on
+         * @param cons Default constraints to use with operations over 
+         *      this connection
+         */
+        LDAPConnection(const std::string& hostname="localhost", int port=389,
+                LDAPConstraints* cons=new LDAPConstraints());
+        
+        /**
+         * Destructor
+         */
+        ~LDAPConnection();
+        
+        /** 
+         * Initializes a synchronous connection to a server.
+         * 
+         * There is actually no
+         * communication to the server. Just the object is initialized
+         * (e.g. this method is called within the 
+         * LDAPConnection(char*,int,LDAPConstraints) constructor.)
+         * @param hostname  The Name or IP-Address of the destination
+         *             LDAP-Server
+         * @param port      The Network Port the server is running on
+         */
+        void init(const std::string& hostname, int port);
+        
+        /**
+         * Start TLS on this connection.  This isn't in the constructor,
+         * because it could fail (i.e. server doesn't have SSL cert, client
+         * api wasn't compiled against OpenSSL, etc.). 
+         * @throws LDAPException if the TLS Layer could not be setup 
+         * correctly
+         */
+        void start_tls();
+
+        /** 
+         * Performs a simple authentication with the server
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param dn    The name of the entry to bind as
+         * @param passwd    The cleartext password for the entry
+         */
+        void bind(const std::string& dn="", const std::string& passwd="",
+                LDAPConstraints* cons=0);
+        void saslInteractiveBind(const std::string& mech,
+                int flags=0,
+                SaslInteractionHandler *sih=0,
+                const LDAPConstraints *cons=0);
+        
+        /**
+         * Performs the UNBIND-operation on the destination server
+         * 
+         * @throws LDAPException in any case of an error
+         */
+        void unbind();
+        
+        /**
+         * Performs a COMPARE-operation on an entry of the destination
+         * server.
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param dn    Distinguished name of the entry for which the compare
+         *              should be performed
+         * @param attr  An Attribute (one (!) value) to use for the
+         *      compare operation
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         * @returns The result of the compare operation. true if the
+         *      attr-parameter matched an Attribute of the entry. false if it
+         *      did not match
+         */
+        bool compare(const std::string& dn, const LDAPAttribute& attr,
+                LDAPConstraints* cons=0);
+       
+        /**
+         * Deletes an entry from the directory
+         *
+         * This method performs the DELETE operation on the server
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param dn    Distinguished name of the entry that should be deleted
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        void del(const std::string& dn, const LDAPConstraints* cons=0);
+        
+        /**
+         * Use this method to perform the ADD-operation
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param le    the entry to add to the directory
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        void add(const LDAPEntry* le, const LDAPConstraints* cons=0);
+        
+        /**
+         * To modify the attributes of an entry, this method can be used
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param dn    The DN of the entry which should be modified
+         * @param mods  A set of modifications for that entry.
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        void modify(const std::string& dn, const LDAPModList* mods, 
+                const LDAPConstraints* cons=0); 
+
+        /**
+         * This method performs the ModDN-operation.
+         *
+         * It can be used to rename or move an entry by modifying its DN.
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param dn    The DN that should be modified
+         * @param newRDN    If the RDN of the entry should be modified the
+         *                  new RDN can be put here.
+         * @param delOldRDN If the old RDN should be removed from the
+         *                  entry's attribute this parameter has to be
+         *                  "true"
+         * @param newParentDN   If the entry should be moved inside the
+         *                      DIT, the DN of the new parent of the entry
+         *                      can be given here.
+         * @param cons  A set of constraints that should be used with this
+         *              request
+         */
+        void rename(const std::string& dn, const std::string& newRDN, 
+                bool delOldRDN=false, const std::string& newParentDN="",
+                const LDAPConstraints* cons=0);
+        
+        /**
+         * This method can be used for the sync. SEARCH-operation.
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param base The distinguished name of the starting point for the
+         *      search
+         * @param scope The scope of the search. Possible values: <BR> 
+         *      LDAPAsynConnection::SEARCH_BASE, <BR> 
+         *      LDAPAsynConnection::SEARCH_ONE, <BR>
+         *      LDAPAsynConnection::SEARCH_SUB
+         * @param filter The std::string representation of a search filter to
+         *      use with this operation
+         * @param attrsOnly true if only the attributes names (no values) 
+         *      should be returned
+         * @param cons A set of constraints that should be used with this
+         *      request
+         * @returns A pointer to a LDAPSearchResults-object that can be
+         *      used to read the results of the search.
+         */
+        LDAPSearchResults* search(const std::string& base, int scope=0, 
+                const std::string& filter="objectClass=*", 
+                const StringList& attrs=StringList(), bool attrsOnly=false,
+                const LDAPConstraints* cons=0);
+       
+        /**
+         * This method is for extended LDAP-Operations.
+         *
+         * @throws LDAPReferralException if a referral is received
+         * @throws LDAPException for any other error occurring during the
+         *              operation
+         * @param oid The Object Identifier of the Extended Operation that
+         *          should be performed.
+         * @param strint If the Extended Operation needs some additional
+         *          data it can be passed to the server by this parameter.
+         * @param cons A set of constraints that should be used with this
+         *      request
+         * @returns The result of the Extended Operation as an
+         *      pointer to a LDAPExtResult-object.
+         */
+        LDAPExtResult* extOperation(const std::string& oid, const std::string&
+                value="", const LDAPConstraints *const = 0);
+        
+        const std::string& getHost() const;
+
+        int getPort() const;
+        
+        void setConstraints(LDAPConstraints *cons);
+        
+        const LDAPConstraints* getConstraints() const ;
+        TlsOptions getTlsOptions() const;
+};
+
+#endif //LDAP_CONNECTION_H
diff --git a/contrib/ldapc++/src/LDAPConstraints.cpp b/contrib/ldapc++/src/LDAPConstraints.cpp
new file mode 100644
index 0000000..c91d7ca
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPConstraints.cpp
@@ -0,0 +1,178 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "config.h"
+#include "ac/time.h"
+#include "LDAPConstraints.h"
+#include "LDAPControlSet.h"
+
+using namespace std;
+
+LDAPConstraints::LDAPConstraints(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPConstraints::LDAPConstraints()" << endl);
+    m_aliasDeref=LDAPConstraints::DEREF_NEVER;
+	m_maxTime=LDAP_NO_LIMIT;
+	m_maxSize=LDAP_NO_LIMIT;
+	m_referralChase=false;
+    m_HopLimit=7;
+    m_serverControls=0;
+    m_clientControls=0;
+    m_refRebind=0;
+}
+
+LDAPConstraints::LDAPConstraints(const LDAPConstraints& c){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPConstraints::LDAPConstraints(&)" << endl);
+    m_aliasDeref=c.m_aliasDeref;
+    m_maxTime=c.m_maxTime;
+    m_maxSize=c.m_maxSize;
+    m_referralChase=c.m_referralChase;
+    m_HopLimit=c.m_HopLimit;
+    m_deref=c.m_deref;
+    if(c.m_serverControls){
+        m_serverControls=new LDAPControlSet(*c.m_serverControls);
+    }else{
+        m_serverControls=0;
+    }
+    if(c.m_clientControls){
+        m_clientControls=new LDAPControlSet(*c.m_clientControls);
+    }else{
+        m_clientControls=0;
+    }
+    m_refRebind=c.m_refRebind;
+}
+
+LDAPConstraints::~LDAPConstraints(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPConstraints::~LDAPConstraints()" << endl);
+    delete m_clientControls;
+    delete m_serverControls;
+}
+
+void LDAPConstraints::setAliasDeref(int deref){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setAliasDeref()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   deref:" << deref << endl);
+    if( (deref == LDAPConstraints::DEREF_NEVER) || 
+            (deref == LDAPConstraints::DEREF_SEARCHING) ||
+            (deref == LDAPConstraints::DEREF_FINDING) ||
+            (deref == LDAPConstraints::DEREF_ALWAYS) 
+        ){
+        m_aliasDeref=deref;
+    }
+}
+        
+
+void LDAPConstraints::setMaxTime(int t){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setMaxTime()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   time:" << t << endl);
+    m_maxTime=t;
+}
+
+void LDAPConstraints::setSizeLimit(int s){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setSizeLimit()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   size:" << s << endl);
+	m_maxSize=s;
+}
+
+void LDAPConstraints::setReferralChase(bool rc){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setReferralChase()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,"   rc:" << rc << endl);
+    m_referralChase=rc;
+}
+
+void LDAPConstraints::setHopLimit(int limit){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setHopLimit()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   limit:" << limit << endl);
+    m_HopLimit=limit;
+}
+
+void LDAPConstraints::setReferralRebind(const LDAPRebind* rebind){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setReferralRebind()" << endl);
+    m_refRebind = rebind;
+}
+
+void LDAPConstraints::setServerControls(const LDAPControlSet* ctrls){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setServerControls()" << endl);
+    m_serverControls=new LDAPControlSet(*ctrls);
+}
+
+void LDAPConstraints::setClientControls(const LDAPControlSet* ctrls){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::setClientControls()" << endl);
+    m_clientControls=new LDAPControlSet(*ctrls);
+}
+
+int LDAPConstraints::getAliasDeref() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getAliasDeref()" << endl);
+    return m_aliasDeref;
+}
+
+int LDAPConstraints::getMaxTime() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getMaxTime()" << endl);
+	return m_maxTime;
+}
+
+int LDAPConstraints::getSizeLimit() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getSizeLimit()" << endl);
+	return m_maxSize;
+}
+
+const LDAPRebind* LDAPConstraints::getReferralRebind() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getReferralRebind()" << endl);
+    return m_refRebind;
+}
+
+const LDAPControlSet* LDAPConstraints::getServerControls() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getServerControls()" << endl);
+    return m_serverControls;
+}
+
+const LDAPControlSet* LDAPConstraints::getClientControls() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getClientControls()" << endl);
+    return m_clientControls;
+}
+
+LDAPControl** LDAPConstraints::getSrvCtrlsArray() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getSrvCtrlsArray()" << endl);
+    if(m_serverControls){
+        return m_serverControls->toLDAPControlArray();
+    }else{
+        return 0;
+    }
+}
+
+LDAPControl** LDAPConstraints::getClCtrlsArray() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getClCtrlsArray()" << endl);
+    if(m_clientControls){
+        return m_clientControls->toLDAPControlArray(); 
+    }else{
+        return 0;
+    }
+}
+
+timeval* LDAPConstraints::getTimeoutStruct() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getTimeoutStruct()" << endl);
+    if(m_maxTime == LDAP_NO_LIMIT){
+        return 0;
+    }else{
+        timeval *ret = new timeval;
+        ret->tv_sec=m_maxTime;
+        ret->tv_usec=0;
+        return ret;
+    }
+}
+
+bool LDAPConstraints::getReferralChase() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getReferralChase()" << endl);
+	return m_referralChase;
+}
+
+int LDAPConstraints::getHopLimit() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPConstraints::getHopLimit()" << endl);
+    return m_HopLimit;
+}
+
diff --git a/contrib/ldapc++/src/LDAPConstraints.h b/contrib/ldapc++/src/LDAPConstraints.h
new file mode 100644
index 0000000..32f1d1d
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPConstraints.h
@@ -0,0 +1,98 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_CONSTRAINTS_H
+#define LDAP_CONSTRAINTS_H 
+#include <list>
+
+#include <LDAPControl.h>
+#include <LDAPControlSet.h>
+#include <LDAPRebind.h>
+
+//TODO!!
+// * implement the Alias-Handling Option (OPT_DEREF)
+// * the Restart-Option ???
+// * default Server(s)
+
+//* Class for representing the various protocol options
+/** This class represents some options that can be set for a LDAPConnection
+ *  operation. Namely these are time and size limits. Options for referral
+ *  chasing and a default set of client of server controls to be used with
+ *  every request
+ */
+class LDAPConstraints{
+        
+    public :
+        static const int DEREF_NEVER = 0x00;   
+        static const int DEREF_SEARCHING = 0x01;   
+        static const int DEREF_FINDING = 0x02;   
+        static const int DEREF_ALWAYS = 0x04;   
+        
+        //* Constructs a LDAPConstraints object with default values
+        LDAPConstraints();
+
+        //* Copy constructor
+        LDAPConstraints(const LDAPConstraints& c);
+
+        ~LDAPConstraints();
+            
+        void setAliasDeref(int deref);
+        void setMaxTime(int t);
+        void setSizeLimit(int s);
+        void setReferralChase(bool rc);
+        void setHopLimit(int hop);
+        void setReferralRebind(const LDAPRebind* rebind);
+        void setServerControls(const LDAPControlSet* ctrls);
+        void setClientControls(const LDAPControlSet* ctrls);
+        
+        int getAliasDeref() const;
+        int getMaxTime() const ;
+        int getSizeLimit() const;
+        const LDAPRebind* getReferralRebind() const;
+        const LDAPControlSet* getServerControls() const;
+        const LDAPControlSet* getClientControls() const;
+        
+        //*for internal use only
+        LDAPControl** getSrvCtrlsArray() const;
+        
+        //*for internal use only
+        LDAPControl** getClCtrlsArray() const;
+        
+        //*for internal use only
+        timeval* getTimeoutStruct() const;
+        bool getReferralChase() const ;
+        int getHopLimit() const;
+
+    private :
+        int m_aliasDeref;
+
+        //* max. time the server may spend for a search request
+        int m_maxTime;
+
+        //* max number of entries to return from a search request
+        int m_maxSize;
+
+        //* Flag for enabling automatic referral/reference chasing
+        bool m_referralChase;
+
+        //* HopLimit for referral chasing
+        int m_HopLimit;
+
+        //* Alias dereferencing option
+        int m_deref;
+	
+        //* Object used to do bind for Referral chasing
+        const LDAPRebind* m_refRebind;
+
+        //* List of Client Controls that should be used for each request	
+        LDAPControlSet* m_clientControls;
+
+        //* List of Server Controls that should be used for each request	
+        LDAPControlSet* m_serverControls;
+
+};
+#endif //LDAP_CONSTRAINTS_H
diff --git a/contrib/ldapc++/src/LDAPControl.cpp b/contrib/ldapc++/src/LDAPControl.cpp
new file mode 100644
index 0000000..7ca4445
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPControl.cpp
@@ -0,0 +1,94 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPControl.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPCtrl::LDAPCtrl(const char *oid, bool critical, const char* data,
+        int length){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   oid:" << oid << endl << "   critical:" << critical << endl);
+    m_oid = oid;
+    m_isCritical=critical;
+    if (data != 0 && length !=0){
+        m_data.assign(data,length);
+        m_noData=false;
+    }else{
+        m_data=string();
+        m_noData=true;
+    }
+}
+
+LDAPCtrl::LDAPCtrl(const string& oid, bool critical, const string& data){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   oid:" << oid << endl << "   critical:" << critical << endl);
+    m_oid=oid;
+    m_isCritical=critical;
+    m_data=data;
+    m_noData=false;
+}
+
+LDAPCtrl::LDAPCtrl(const LDAPControl* ctrl){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPCtrl::LDAPCtrl()" << endl);
+    m_oid = string(ctrl->ldctl_oid);
+    m_isCritical = ctrl->ldctl_iscritical ? true : false;
+    m_data = string(ctrl->ldctl_value.bv_val, ctrl->ldctl_value.bv_len );
+    m_noData = ctrl->ldctl_value.bv_len ? false : true;
+}
+
+LDAPCtrl::~LDAPCtrl(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPCtrl::~LDAPCtrl" << endl);
+}
+
+string LDAPCtrl::getOID() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getOID()" << endl);
+    return m_oid;
+}
+
+bool LDAPCtrl::isCritical()const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::isCritical()" << endl);
+    return m_isCritical;
+}
+
+bool LDAPCtrl::hasData() const{
+    return !m_noData;
+}
+ 
+string LDAPCtrl::getData() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getData()" << endl);
+    return m_data;
+}
+         
+LDAPControl* LDAPCtrl::getControlStruct() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::getControlStruct()" << endl);
+    LDAPControl* ret = new LDAPControl;
+    ret->ldctl_oid= new char[m_oid.size() + 1];
+    m_oid.copy(ret->ldctl_oid,string::npos);
+    ret->ldctl_oid[m_oid.size()]=0;
+    if ( m_noData ) {
+        ret->ldctl_value.bv_len = 0;
+        ret->ldctl_value.bv_val = NULL;
+    } else {
+        ret->ldctl_value.bv_len=m_data.size();
+        ret->ldctl_value.bv_val= new char[m_data.size()];
+        m_data.copy(ret->ldctl_value.bv_val,string::npos);
+    }
+    ret->ldctl_iscritical = ( m_isCritical ? 1:0);
+    return ret;
+}
+
+void LDAPCtrl::freeLDAPControlStruct(LDAPControl *ctrl){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPCtrl::freeControlStruct()" << endl);
+    delete[] ctrl->ldctl_oid;
+    delete[] ctrl->ldctl_value.bv_val;
+    delete ctrl;
+}
+
diff --git a/contrib/ldapc++/src/LDAPControl.h b/contrib/ldapc++/src/LDAPControl.h
new file mode 100644
index 0000000..a8e0c94
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPControl.h
@@ -0,0 +1,87 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_CONTROL_H
+#define LDAP_CONTROL_H
+#include <string>
+#include <ldap.h>
+
+/**
+ * This class is used to store Controls. Controls are a mechanism to extend
+ * and modify LDAP-Operations.
+ */
+class LDAPCtrl{
+    public :
+        /**
+         * Constructor.
+         * @param oid:  The Object Identifier of the Control
+         * @param critical: "true" if the Control should be handled
+         *                  critical by the server.
+         * @param data: If there is data for the control, put it here.
+         * @param length: The length of the data field
+         */
+        LDAPCtrl(const char *oid, bool critical=false, const char *data=0, 
+                int length=0);
+
+        /**
+         * Constructor.
+         * @param oid:  The Object Identifier of the Control
+         * @param critical: "true" if the Control should be handled
+         *                  critical by the server.
+         * @param data: If there is data for the control, put it here.
+         */
+        LDAPCtrl(const std::string& oid, bool critical,
+                 const std::string& data);
+
+        /**
+         * Creates a copy of the Control that "ctrl is pointing to
+         */
+        LDAPCtrl(const LDAPControl* ctrl);
+
+        /**
+         * Destructor
+         */
+        ~LDAPCtrl();
+       
+        /**
+         * @return The OID of the control
+         */
+        std::string getOID() const;
+
+        /**
+         * @return true if there is no "Control Value" (there is a
+         * difference between no and an empty control value)
+         */
+        bool hasData() const;
+
+        /**
+         * @return The Data of the control as a std::string-Object
+         */
+        std::string getData() const;
+
+        /**
+         * @return "true" if the control is critical
+         */
+        bool isCritical() const;
+
+        /**
+         * For internal use only.
+         *
+         * Translates the control to a LDAPControl-structure as needed by
+         * the C-API
+         */
+        LDAPControl* getControlStruct() const;
+	static void freeLDAPControlStruct(LDAPControl *ctrl);
+
+    private :
+        std::string m_oid;
+        std::string m_data;
+        bool m_isCritical;
+        bool m_noData;
+};
+
+#endif //LDAP_CONTROL_H
diff --git a/contrib/ldapc++/src/LDAPControlSet.cpp b/contrib/ldapc++/src/LDAPControlSet.cpp
new file mode 100644
index 0000000..ce9f3de
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPControlSet.cpp
@@ -0,0 +1,84 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPControlSet.h"
+
+using namespace std;
+
+LDAPControlSet::LDAPControlSet(){
+}
+
+LDAPControlSet::LDAPControlSet(const LDAPControlSet& cs){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPControlSet::LDAPControlSet(&)" << endl);
+    data=cs.data;
+}
+
+LDAPControlSet::LDAPControlSet(LDAPControl** controls){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPControlSet::LDAPControlSet()" << endl);
+    if(controls != 0){
+        LDAPControl** i;
+        for( i=controls; *i!=0;i++) {
+            add(LDAPCtrl(*i));
+        }
+    }
+}
+
+LDAPControlSet::~LDAPControlSet(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPControlSet::~LDAPControlSet()" << endl);
+}
+
+size_t LDAPControlSet::size() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::size()" << endl);
+    return data.size();
+}
+
+bool LDAPControlSet::empty() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::empty()" << endl);
+    return data.empty();
+}
+
+LDAPControlSet::const_iterator LDAPControlSet::begin() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::begin()" << endl);
+    return data.begin();
+}
+
+
+LDAPControlSet::const_iterator LDAPControlSet::end() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::end()" << endl);
+    return data.end ();
+}
+
+void LDAPControlSet::add(const LDAPCtrl& ctrl){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPControlSet::add()" << endl);
+    data.push_back(ctrl);
+}
+
+LDAPControl** LDAPControlSet::toLDAPControlArray() const{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPControlSet::toLDAPControlArray()" << endl);
+    if(data.empty()){
+        return 0;
+    }else{
+        LDAPControl** ret= new LDAPControl*[data.size()+1];
+        CtrlList::const_iterator i;
+        int j=0;
+        for(i=data.begin(); i!=data.end(); i++,j++){
+            ret[j] = i->getControlStruct();
+        }
+        ret[data.size()]=0;
+        return ret;
+    }
+}
+
+void LDAPControlSet::freeLDAPControlArray(LDAPControl **ctrl){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPControlSet::freeLDAPControlArray()" << endl);
+    if( ctrl ){
+        for( LDAPControl **i = ctrl; *i != 0; ++i ){
+	    LDAPCtrl::freeLDAPControlStruct(*i);
+	}
+    }
+    delete[] ctrl;
+}
diff --git a/contrib/ldapc++/src/LDAPControlSet.h b/contrib/ldapc++/src/LDAPControlSet.h
new file mode 100644
index 0000000..4c033be
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPControlSet.h
@@ -0,0 +1,89 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_CONTROL_SET_H
+#define LDAP_CONTROL_SET_H
+
+#include <list>
+#include <ldap.h>
+#include <LDAPControl.h>
+
+typedef std::list<LDAPCtrl> CtrlList;
+
+/**
+ * This container class is used to store multiple LDAPCtrl-objects.
+ */
+class LDAPControlSet {
+    typedef CtrlList::const_iterator const_iterator;
+    public :
+        /**
+         * Constructs an empty std::list
+         */
+        LDAPControlSet();   
+
+
+        /**
+         * Copy-constructor
+         */
+        LDAPControlSet(const LDAPControlSet& cs);
+        
+        /**
+         * For internal use only
+         *
+         * This constructor creates a new LDAPControlSet for a
+         * 0-terminated array of LDAPControl-structures as used by the
+         * C-API
+         * @param controls: pointer to a 0-terminated array of pointers to 
+         *                  LDAPControl-structures
+         * @note: untested til now. Due to lack of server that return 
+         *          Controls
+         */
+        LDAPControlSet(LDAPControl** controls);
+
+        /**
+         * Destructor
+         */
+        ~LDAPControlSet();
+
+        /**
+         * @return The number of LDAPCtrl-objects that are currently
+         * stored in this list.
+         */
+        size_t size() const ;
+        
+        /**
+         * @return true if there are zero LDAPCtrl-objects currently
+         * stored in this list.
+         */
+        bool empty() const;
+        
+        /**
+         * @return A iterator that points to the first element of the list.
+         */
+        const_iterator begin() const;
+
+        /**
+         * @return A iterator that points to the element after the last
+         * element of the list.
+         */
+        const_iterator end() const;
+       
+        /**
+         * Adds one element to the end of the list.
+         * @param ctrl The Control to add to the list.
+         */
+        void add(const LDAPCtrl& ctrl); 
+        
+        /**
+         * Translates the list to a 0-terminated array of pointers to
+         * LDAPControl-structures as needed by the C-API
+         */
+        LDAPControl** toLDAPControlArray()const ;
+	static void freeLDAPControlArray(LDAPControl **ctrl);
+    private :
+        CtrlList data;
+} ;
+#endif //LDAP_CONTROL_SET_H
diff --git a/contrib/ldapc++/src/LDAPDeleteRequest.cpp b/contrib/ldapc++/src/LDAPDeleteRequest.cpp
new file mode 100644
index 0000000..8ae82b4
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPDeleteRequest.cpp
@@ -0,0 +1,75 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPDeleteRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPDeleteRequest::LDAPDeleteRequest( const LDAPDeleteRequest& req) :
+        LDAPRequest(req){
+	DEBUG(LDAP_DEBUG_CONSTRUCT, 
+		"LDAPDeleteRequest::LDAPDeleteRequest(&)" << endl);
+    m_dn = req.m_dn;
+}
+
+LDAPDeleteRequest::LDAPDeleteRequest(const string& dn, 
+        LDAPAsynConnection *connect, const LDAPConstraints *cons,
+        bool isReferral, const LDAPRequest* parent) 
+        : LDAPRequest(connect, cons, isReferral, parent) {
+	DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPDeleteRequest::LDAPDeleteRequest()" << endl);
+	DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, "   dn:" << dn << endl);
+    m_requestType=LDAPRequest::DELETE;
+    m_dn=dn;
+}
+
+LDAPDeleteRequest::~LDAPDeleteRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY,
+          "LDAPDeleteRequest::~LDAPDeleteRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPDeleteRequest::sendRequest(){
+	DEBUG(LDAP_DEBUG_TRACE, "LDAPDeleteRequest::sendRequest()" << endl);
+    int msgID=0;
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int err=ldap_delete_ext(m_connection->getSessionHandle(),m_dn.c_str(), 
+            tmpSrvCtrls, tmpClCtrls ,&msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPDeleteRequest::followReferral(LDAPMsg* refs){
+	DEBUG(LDAP_DEBUG_TRACE, "LDAPDeleteRequest::followReferral()" << endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls= ((LDAPResult*)refs)->getReferralUrls();
+    LDAPAsynConnection* con=0;
+    try{
+        con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    }catch (LDAPException e){
+        delete con;
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPDeleteRequest(m_dn, con, m_cons, true, this);
+    }
+    return 0;
+}
+
+
diff --git a/contrib/ldapc++/src/LDAPDeleteRequest.h b/contrib/ldapc++/src/LDAPDeleteRequest.h
new file mode 100644
index 0000000..f1250ff
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPDeleteRequest.h
@@ -0,0 +1,26 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_DELETE_REQUEST_H
+#define LDAP_DELETE_REQUEST_H
+
+#include <LDAPRequest.h>
+class LDAPMessageQueue;
+
+class LDAPDeleteRequest : public LDAPRequest{
+    public :
+        LDAPDeleteRequest(const LDAPDeleteRequest& req);
+        LDAPDeleteRequest(const std::string& dn, LDAPAsynConnection *connect,
+                const LDAPConstraints *cons, bool isReferral=false, 
+                const LDAPRequest* parent=0);
+        virtual ~LDAPDeleteRequest();
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* refs); 
+	
+    private :
+		std::string m_dn;
+};
+#endif //LDAP_DELETE_REQUEST_H
diff --git a/contrib/ldapc++/src/LDAPEntry.cpp b/contrib/ldapc++/src/LDAPEntry.cpp
new file mode 100644
index 0000000..f597426
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPEntry.cpp
@@ -0,0 +1,104 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "LDAPEntry.h"
+
+#include "LDAPAsynConnection.h"
+#include "LDAPException.h"
+
+using namespace std;
+
+LDAPEntry::LDAPEntry(const LDAPEntry& entry){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry(&)" << endl);
+    m_dn=entry.m_dn;
+    m_attrs=new LDAPAttributeList( *(entry.m_attrs));
+}
+
+
+LDAPEntry::LDAPEntry(const string& dn, const LDAPAttributeList *attrs){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   dn:" << dn << endl);
+    if ( attrs )
+        m_attrs=new LDAPAttributeList(*attrs);
+    else
+        m_attrs=new LDAPAttributeList();
+    m_dn=dn;
+}
+
+LDAPEntry::LDAPEntry(const LDAPAsynConnection *ld, LDAPMessage *msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPEntry::LDAPEntry()" << endl);
+    char* tmp=ldap_get_dn(ld->getSessionHandle(),msg);
+    m_dn=string(tmp);
+    ldap_memfree(tmp);
+    m_attrs = new LDAPAttributeList(ld, msg);
+}
+
+LDAPEntry::~LDAPEntry(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPEntry::~LDAPEntry()" << endl);
+    delete m_attrs;
+}
+
+LDAPEntry& LDAPEntry::operator=(const LDAPEntry& from){
+    m_dn = from.m_dn;
+    delete m_attrs;
+    m_attrs = new LDAPAttributeList( *(from.m_attrs));
+    return *this;
+}
+
+void LDAPEntry::setDN(const string& dn){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::setDN()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   dn:" << dn << endl);
+    m_dn=dn;
+}
+
+void LDAPEntry::setAttributes(LDAPAttributeList *attrs){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::setAttributes()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE | LDAP_DEBUG_PARAMETER,
+            "   attrs:" << *attrs << endl);
+    if (m_attrs != 0){
+        delete m_attrs;
+    }
+    m_attrs=attrs;
+}
+
+const string& LDAPEntry::getDN() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::getDN()" << endl);
+    return m_dn;
+}
+
+const LDAPAttributeList* LDAPEntry::getAttributes() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPEntry::getAttributes()" << endl);
+    return m_attrs;
+}
+
+const LDAPAttribute* LDAPEntry::getAttributeByName(const std::string& name) const 
+{
+    return m_attrs->getAttributeByName(name);
+}
+
+void LDAPEntry::addAttribute(const LDAPAttribute& attr)
+{
+    m_attrs->addAttribute(attr);
+}
+
+void LDAPEntry::delAttribute(const std::string& type)
+{
+    m_attrs->delAttribute(type);
+}
+
+void LDAPEntry::replaceAttribute(const LDAPAttribute& attr)
+{
+    m_attrs->replaceAttribute(attr); 
+}
+
+ostream& operator << (ostream& s, const LDAPEntry& le){
+    s << "DN: " << le.m_dn << ": " << *(le.m_attrs); 
+    return s;
+}
diff --git a/contrib/ldapc++/src/LDAPEntry.h b/contrib/ldapc++/src/LDAPEntry.h
new file mode 100644
index 0000000..7155523
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPEntry.h
@@ -0,0 +1,116 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_ENTRY_H
+#define LDAP_ENTRY_H
+#include <ldap.h>
+
+#include <LDAPAttributeList.h>
+
+class LDAPAsynConnection;
+
+/**
+ * This class is used to store every kind of LDAP Entry.
+ */
+class LDAPEntry{
+
+    public :
+        /**
+         * Copy-constructor
+         */
+        LDAPEntry(const LDAPEntry& entry);
+
+        /**
+         * Constructs a new entry (also used as standard constructor).
+         *
+         * @param dn    The Distinguished Name for the new entry.
+         * @param attrs The attributes for the new entry.
+         */
+        LDAPEntry(const std::string& dn=std::string(), 
+                const LDAPAttributeList *attrs=0);
+
+        /**
+         * Used internally only.
+         *
+         * The constructor is used internally to create a LDAPEntry from
+         * the C-API's data structures.
+         */ 
+        LDAPEntry(const LDAPAsynConnection *ld, LDAPMessage *msg);
+
+        /**
+         * Destructor
+         */
+        ~LDAPEntry();
+
+        /**
+         * Assignment operator
+         */
+        LDAPEntry& operator=(const LDAPEntry& from);
+
+        /**
+         * Sets the DN-attribute.
+         * @param dn: The new DN for the entry.
+         */
+        void setDN(const std::string& dn);
+
+        /**
+         * Sets the attributes of the entry.
+         * @param attr: A pointer to a std::list of the new attributes.
+         */
+        void setAttributes(LDAPAttributeList *attrs);
+
+	/**
+	 * Get an Attribute by its AttributeType (simple wrapper around
+         * LDAPAttributeList::getAttributeByName() )
+	 * @param name The name of the Attribute to look for
+	 * @return a pointer to the LDAPAttribute with the AttributeType 
+	 *	"name" or 0, if there is no Attribute of that Type
+	 */
+	const LDAPAttribute* getAttributeByName(const std::string& name) const;
+
+        /**
+         * Adds one Attribute to the List of Attributes (simple wrapper around
+         * LDAPAttributeList::addAttribute() ).
+         * @param attr The attribute to add to the list.
+         */
+        void addAttribute(const LDAPAttribute& attr);
+        
+        /**
+         * Deletes all values of an Attribute from the list of Attributes 
+         * (simple wrapper around LDAPAttributeList::delAttribute() ).
+         * @param type The attribute to delete.
+         */
+        void delAttribute(const std::string& type);
+
+        /**
+         * Replace an Attribute in the List of Attributes (simple wrapper
+         * around LDAPAttributeList::replaceAttribute() ).
+         * @param attr The attribute to add to the list.
+         */
+        void replaceAttribute(const LDAPAttribute& attr);
+
+        /**
+         * @returns The current DN of the entry.
+         */
+        const std::string& getDN() const ;
+
+        /**
+         * @returns A const pointer to the attributes of the entry.  
+         */
+        const LDAPAttributeList* getAttributes() const;
+
+        /**
+         * This method can be used to dump the data of a LDAPResult-Object.
+         * It is only useful for debugging purposes at the moment
+         */
+        friend std::ostream& operator << (std::ostream& s, const LDAPEntry& le);
+	
+    private :
+        LDAPAttributeList *m_attrs;
+        std::string m_dn;
+};
+#endif  //LDAP_ENTRY_H
diff --git a/contrib/ldapc++/src/LDAPEntryList.cpp b/contrib/ldapc++/src/LDAPEntryList.cpp
new file mode 100644
index 0000000..1d0b737
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPEntryList.cpp
@@ -0,0 +1,40 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPEntryList.h"
+#include "LDAPEntry.h"
+
+LDAPEntryList::LDAPEntryList(){
+}
+
+LDAPEntryList::LDAPEntryList(const LDAPEntryList& e){
+    m_entries = e.m_entries;
+}
+
+LDAPEntryList::~LDAPEntryList(){
+}
+
+size_t LDAPEntryList::size() const{
+    return m_entries.size();
+}
+
+bool LDAPEntryList::empty() const{
+    return m_entries.empty();
+}
+
+LDAPEntryList::const_iterator LDAPEntryList::begin() const{
+    return m_entries.begin();
+}
+
+LDAPEntryList::const_iterator LDAPEntryList::end() const{
+    return m_entries.end();
+}
+
+void LDAPEntryList::addEntry(const LDAPEntry& e){
+    m_entries.push_back(e);
+}
+
diff --git a/contrib/ldapc++/src/LDAPEntryList.h b/contrib/ldapc++/src/LDAPEntryList.h
new file mode 100644
index 0000000..d9aea6d
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPEntryList.h
@@ -0,0 +1,70 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_ENTRY_LIST_H
+#define LDAP_ENTRY_LIST_H
+
+#include <cstdio>
+#include <list>
+
+class LDAPEntry;
+   
+/**
+ * For internal use only.
+ * 
+ * This class is used by LDAPSearchResults to store a std::list of
+ * LDAPEntry-Objects
+ */
+class LDAPEntryList{
+    typedef std::list<LDAPEntry> ListType;
+
+    public:
+	typedef ListType::const_iterator const_iterator;
+
+        /**
+         * Copy-Constructor
+         */
+        LDAPEntryList(const LDAPEntryList& el);
+
+        /**
+         * Default-Constructor
+         */
+        LDAPEntryList();
+
+        /**
+         * Destructor
+         */
+        ~LDAPEntryList();
+
+        /**
+         * @return The number of entries currently stored in the list.
+         */
+        size_t size() const;
+
+        /**
+         * @return true if there are zero entries currently stored in the list.
+         */
+        bool empty() const;
+
+        /**
+         * @return An iterator pointing to the first element of the list.
+         */
+        const_iterator begin() const;
+
+        /**
+         * @return An iterator pointing to the end of the list
+         */
+        const_iterator end() const;
+
+        /**
+         * Adds an Entry to the end of the list.
+         */
+        void addEntry(const LDAPEntry& e);
+
+    private:
+        ListType m_entries;
+};
+#endif // LDAP_ENTRY_LIST_H
diff --git a/contrib/ldapc++/src/LDAPException.cpp b/contrib/ldapc++/src/LDAPException.cpp
new file mode 100644
index 0000000..1bda281
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPException.cpp
@@ -0,0 +1,96 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+#include "config.h"
+#include "LDAPException.h"
+
+#include "LDAPAsynConnection.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPException::LDAPException(int res_code, const string& err_string) throw()
+    : std::runtime_error(err_string)
+{
+	m_res_code=res_code;
+	m_res_string=string(ldap_err2string(res_code));
+    m_err_string=err_string;
+}
+
+LDAPException::LDAPException(const LDAPAsynConnection *lc) throw()
+    : std::runtime_error("")
+{
+    LDAP *l = lc->getSessionHandle();
+    ldap_get_option(l,LDAP_OPT_RESULT_CODE,&m_res_code);
+    const char *res_cstring = ldap_err2string(m_res_code);
+    if ( res_cstring ) {
+        m_res_string = string(res_cstring);
+    } else {
+        m_res_string = "";
+    }
+    const char* err_string;
+
+#ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE
+    ldap_get_option(l,LDAP_OPT_DIAGNOSTIC_MESSAGE ,&err_string);
+#else
+    ldap_get_option(l,LDAP_OPT_ERROR_STRING,&err_string);
+#endif
+    if ( err_string ) {
+        m_err_string = string(err_string);
+    } else {
+        m_err_string = "";
+    }
+}
+
+LDAPException::~LDAPException() throw()
+{
+}
+
+int LDAPException::getResultCode() const throw()
+{
+	return m_res_code;
+}
+
+const string& LDAPException::getResultMsg() const throw()
+{
+	return m_res_string;
+}
+
+const string& LDAPException::getServerMsg() const throw()
+{
+    return m_err_string;
+}
+
+const char* LDAPException::what() const throw()
+{
+    return this->m_res_string.c_str(); 
+}
+
+ostream& operator << (ostream& s, LDAPException e) throw()
+{
+	s << "Error " << e.m_res_code << ": " << e.m_res_string;
+	if (!e.m_err_string.empty()) {
+		s << endl <<  "additional info: " << e.m_err_string ;
+	}
+	return s;
+}
+
+
+LDAPReferralException::LDAPReferralException(const LDAPUrlList& urls) throw() 
+        : LDAPException(LDAPResult::REFERRAL) , m_urlList(urls)
+{
+}
+
+LDAPReferralException::~LDAPReferralException() throw()
+{
+}
+
+const LDAPUrlList& LDAPReferralException::getUrls() throw()
+{
+    return m_urlList;
+}
+
diff --git a/contrib/ldapc++/src/LDAPException.h b/contrib/ldapc++/src/LDAPException.h
new file mode 100644
index 0000000..391f855
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPException.h
@@ -0,0 +1,107 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_EXCEPTION_H
+#define LDAP_EXCEPTION_H
+
+#include <iostream>
+#include <string>
+#include <stdexcept>
+
+#include <LDAPUrlList.h>
+
+class LDAPAsynConnection;
+
+/**
+ * This class is only thrown as an Exception and used to signalize error
+ * conditions during LDAP-operations
+ */
+class LDAPException : public std::runtime_error
+{
+		
+    public :
+        /**
+         * Constructs a LDAPException-object from the parameters
+         * @param res_code A valid LDAP result code.
+         * @param err_string    An additional error message for the error
+         *                      that happened (optional)
+         */
+        LDAPException(int res_code, 
+                const std::string& err_string=std::string()) throw();
+		
+        /**
+         * Constructs a LDAPException-object from the error state of a
+         * LDAPAsynConnection-object
+         * @param lc A LDAP-Connection for that an error has happened. The
+         *          Constructor tries to read its error state.
+         */
+        LDAPException(const LDAPAsynConnection *lc) throw();
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPException() throw();
+
+        /**
+         * @return The Result code of the object
+         */
+        int getResultCode() const throw();
+
+        /**
+         * @return The error message that is corresponding to the result
+         *          code .
+         */
+        const std::string& getResultMsg() const throw();
+        
+        /**
+         * @return The additional error message of the error (if it was set)
+         */
+        const std::string& getServerMsg() const throw();
+
+        
+        virtual const char* what() const throw();
+
+        /**
+         * This method can be used to dump the data of a LDAPResult-Object.
+         * It is only useful for debugging purposes at the moment
+         */
+        friend std::ostream& operator << (std::ostream &s, LDAPException e) throw();
+
+    private :
+        int m_res_code;
+        std::string m_res_string;
+        std::string m_err_string;
+};
+
+/**
+ * This class extends LDAPException and is used to signalize Referrals
+ * there were received during synchronous LDAP-operations
+ */
+class LDAPReferralException : public LDAPException
+{
+
+    public :
+        /**
+         * Creates an object that is initialized with a list of URLs
+         */
+        LDAPReferralException(const LDAPUrlList& urls) throw();
+
+        /**
+         * Destructor
+         */
+        ~LDAPReferralException() throw();
+
+        /**
+         * @return The List of URLs of the Referral/Search Reference
+         */
+        const LDAPUrlList& getUrls() throw();
+
+    private :
+        LDAPUrlList m_urlList;
+};
+
+#endif //LDAP_EXCEPTION_H
diff --git a/contrib/ldapc++/src/LDAPExtRequest.cpp b/contrib/ldapc++/src/LDAPExtRequest.cpp
new file mode 100644
index 0000000..a07e648
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPExtRequest.cpp
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+#include <lber.h>
+
+#include "debug.h"
+
+#include "LDAPExtRequest.h"
+#include "LDAPException.h"
+#include "LDAPResult.h"
+
+#include <cstdlib>
+
+using namespace std;
+
+LDAPExtRequest::LDAPExtRequest(const LDAPExtRequest& req) :
+        LDAPRequest(req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPExtRequest::LDAPExtRequest(&)" << endl);
+    m_data=req.m_data;
+    m_oid=req.m_oid;
+}
+
+LDAPExtRequest::LDAPExtRequest(const string& oid, const string& data, 
+        LDAPAsynConnection *connect, const LDAPConstraints *cons,
+        bool isReferral, const LDAPRequest* parent) 
+        : LDAPRequest(connect, cons, isReferral, parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPExtRequest::LDAPExtRequest()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, 
+            "   oid:" << oid << endl);
+    m_oid=oid;
+    m_data=data;
+}
+
+LDAPExtRequest::~LDAPExtRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPExtRequest::~LDAPExtRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPExtRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPExtRequest::sendRequest()" << endl);
+    int msgID=0;
+    BerValue* tmpdata=0;
+    if(m_data != ""){
+        tmpdata=(BerValue*) malloc(sizeof(BerValue));
+        tmpdata->bv_len = m_data.size();
+        tmpdata->bv_val = (char*) malloc(sizeof(char) * (m_data.size()) );
+        m_data.copy(tmpdata->bv_val, string::npos);
+    }
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int err=ldap_extended_operation(m_connection->getSessionHandle(),
+            m_oid.c_str(), tmpdata, tmpSrvCtrls, tmpClCtrls, &msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    ber_bvfree(tmpdata);
+    if(err != LDAP_SUCCESS){
+        delete this;
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPExtRequest::followReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPExtRequest::followReferral()" << endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+    LDAPAsynConnection* con = 0;
+    try {
+        con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    } catch(LDAPException e){
+        delete con;
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPExtRequest(m_oid, m_data, con, m_cons,true,this);
+    }
+    return 0;
+}
+
+
diff --git a/contrib/ldapc++/src/LDAPExtRequest.h b/contrib/ldapc++/src/LDAPExtRequest.h
new file mode 100644
index 0000000..6f9c9bc
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPExtRequest.h
@@ -0,0 +1,28 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_EXT_REQUEST_H
+#define LDAP_EXT_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPExtRequest : LDAPRequest {
+
+    public:
+        LDAPExtRequest(const LDAPExtRequest& req);
+        LDAPExtRequest(const std::string& oid, const std::string& data, 
+                LDAPAsynConnection *connect, const LDAPConstraints *cons,
+                bool isReferral=false, const LDAPRequest* parent=0);
+        virtual ~LDAPExtRequest();
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* urls);
+    
+    private:
+        std::string m_oid;
+        std::string m_data;
+};
+
+#endif // LDAP_EXT_REQUEST_H
diff --git a/contrib/ldapc++/src/LDAPExtResult.cpp b/contrib/ldapc++/src/LDAPExtResult.cpp
new file mode 100644
index 0000000..f3177e8
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPExtResult.cpp
@@ -0,0 +1,49 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include <lber.h>
+#include "LDAPRequest.h"
+#include "LDAPException.h"
+
+#include "LDAPResult.h"
+#include "LDAPExtResult.h"
+
+using namespace std;
+
+LDAPExtResult::LDAPExtResult(const LDAPRequest* req, LDAPMessage* msg) :
+        LDAPResult(req, msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPExtResult::LDAPExtResult()" << endl);
+    char* oid = 0;
+    BerValue* data = 0;
+    LDAP* lc = req->getConnection()->getSessionHandle();
+    int err=ldap_parse_extended_result(lc, msg, &oid, &data, 0);
+    if(err != LDAP_SUCCESS){
+        ber_bvfree(data);
+        ldap_memfree(oid);
+        throw LDAPException(err);
+    }else{
+        m_oid=string(oid);
+        ldap_memfree(oid);
+        if(data){
+            m_data=string(data->bv_val, data->bv_len);
+            ber_bvfree(data);
+        }
+    }
+}
+
+LDAPExtResult::~LDAPExtResult(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPExtResult::~LDAPExtResult()" << endl);
+}
+
+const string& LDAPExtResult::getResponseOid() const{
+    return m_oid;
+}
+
+const string& LDAPExtResult::getResponse() const{
+    return m_data;
+}
+
diff --git a/contrib/ldapc++/src/LDAPExtResult.h b/contrib/ldapc++/src/LDAPExtResult.h
new file mode 100644
index 0000000..90e81af
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPExtResult.h
@@ -0,0 +1,50 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_EXT_RESULT_H
+#define LDAP_EXT_RESULT_H
+
+#include <ldap.h>
+
+#include <LDAPResult.h>
+
+class LDAPRequest;
+
+/**
+ * Object of this class are created by the LDAPMsg::create method if
+ * results for an Extended Operation were returned by a LDAP server.
+ */
+class LDAPExtResult : public LDAPResult {
+    public :
+        /**
+         * Constructor that creates an LDAPExtResult-object from the C-API
+         * structures
+         */
+        LDAPExtResult(const LDAPRequest* req, LDAPMessage* msg);
+
+        /**
+         * The Destructor
+         */
+        virtual ~LDAPExtResult();
+
+        /**
+         * @returns The OID of the Extended Operation that has returned
+         *          this result. 
+         */
+        const std::string& getResponseOid() const;
+
+        /**
+         * @returns If the result contained data this method will return
+         *          the data to the caller as a std::string.
+         */
+        const std::string& getResponse() const;
+
+    private:
+        std::string m_oid;
+        std::string m_data;
+};
+
+#endif // LDAP_EXT_RESULT_H
diff --git a/contrib/ldapc++/src/LDAPMessage.cpp b/contrib/ldapc++/src/LDAPMessage.cpp
new file mode 100644
index 0000000..f63212a
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPMessage.cpp
@@ -0,0 +1,72 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPMessage.h"
+
+#include "LDAPResult.h"
+#include "LDAPExtResult.h"
+#include "LDAPSaslBindResult.h"
+#include "LDAPRequest.h"
+#include "LDAPSearchResult.h"
+#include "LDAPSearchReference.h"
+#include "debug.h"
+#include <iostream>
+
+using namespace std;
+
+LDAPMsg::LDAPMsg(LDAPMessage *msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPMsg::LDAPMsg()" << endl);
+    msgType=ldap_msgtype(msg);
+    m_hasControls=false;
+}
+
+LDAPMsg::LDAPMsg(int type, int id=0){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPMsg::LDAPMsg()" << endl);
+    msgType = type;
+    msgID = id;
+    m_hasControls=false;
+}
+
+LDAPMsg* LDAPMsg::create(const LDAPRequest *req, LDAPMessage *msg){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::create()" << endl);
+    switch(ldap_msgtype(msg)){
+        case SEARCH_ENTRY :
+            return new LDAPSearchResult(req,msg);
+        break;
+        case SEARCH_REFERENCE :
+            return new LDAPSearchReference(req, msg);
+        break;
+        case EXTENDED_RESPONSE :
+            return new LDAPExtResult(req,msg);
+        break;
+        case BIND_RESPONSE :
+            return new LDAPSaslBindResult(req,msg);
+        default :
+            return new LDAPResult(req, msg);
+    }
+    return 0;
+}
+
+
+int LDAPMsg::getMessageType(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::getMessageType()" << endl);
+    return msgType;
+}
+
+int LDAPMsg::getMsgID(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMsg::getMsgID()" << endl);
+    return msgID;
+}
+
+bool LDAPMsg::hasControls() const{
+    return m_hasControls;
+}
+
+const LDAPControlSet& LDAPMsg::getSrvControls() const {
+    return m_srvControls;
+}
+
diff --git a/contrib/ldapc++/src/LDAPMessage.h b/contrib/ldapc++/src/LDAPMessage.h
new file mode 100644
index 0000000..a152d90
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPMessage.h
@@ -0,0 +1,127 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MSG_H
+#define LDAP_MSG_H
+#include <ldap.h>
+
+#include <LDAPControlSet.h>
+
+class LDAPRequest;
+/**
+ * This class represents any type of LDAP- Message returned 
+ * from the server.
+ *
+ * This class is never not instantiated directly. Only
+ * its subclasses are used. The main feature of this class is the
+ * static method create() (see below)
+ */
+class LDAPMsg{
+    public:
+        //public Constants defining the response message types
+        static const int BIND_RESPONSE=LDAP_RES_BIND;
+        static const int SEARCH_ENTRY=LDAP_RES_SEARCH_ENTRY;
+        static const int SEARCH_DONE=LDAP_RES_SEARCH_RESULT;
+        static const int SEARCH_REFERENCE=LDAP_RES_SEARCH_REFERENCE;
+        static const int MODIFY_RESPONSE=LDAP_RES_MODIFY;
+        static const int ADD_RESPONSE=LDAP_RES_ADD;
+        static const int DEL_RESPONSE=LDAP_RES_DELETE;
+        static const int MODDN_RESPONSE=LDAP_RES_MODDN;
+        static const int COMPARE_RESPONSE=LDAP_RES_COMPARE;
+        static const int EXTENDED_RESPONSE=LDAP_RES_EXTENDED;
+        //public Constants defining the request message types
+        static const int BIND_REQUEST=LDAP_REQ_BIND;
+        static const int UNBIND_REQUEST=LDAP_REQ_UNBIND;
+        static const int SEARCH_REQUEST=LDAP_REQ_SEARCH;
+        static const int MODIFY_REQUEST=LDAP_REQ_MODIFY;
+        static const int ADD_REQUEST=LDAP_REQ_ADD;
+        static const int DELETE_REQUEST=LDAP_REQ_DELETE;
+        static const int MODRDN_REQUEST=LDAP_REQ_MODRDN;
+        static const int COMPARE_REQUEST=LDAP_REQ_COMPARE;
+        static const int ABANDON_REQUEST=LDAP_REQ_ABANDON;
+        static const int EXTENDED_REQUEST=LDAP_REQ_EXTENDED;
+       
+        /**
+         * The destructor has no implementation, because this is an abstract
+         * class.
+         */
+        virtual ~LDAPMsg() {}
+
+        /**
+         * This method is used by the library to parse the results returned
+         * by the C-API.
+         *
+         * Based on msgtype-Value of the *msg-Parameter this method creates
+         * an Object of one of the subtypes of LDAPMsg (e.g. LDAPSearchResult
+         * or LDAPResult) that represents the same Message as the
+         * *msg-Parameter. *msg is e.g. a Message returned by the C-API's
+         * ldap_result call.
+         * @param req   The LDAPRequest-object this result message is
+         *          associated with.
+         * @param msg   The LDAPMessage-structure from the C-API that
+         *          contains the LDAP-message to parse.
+         * @return An Object of one of the subtypes of this class. It
+         *          contains the parsed LDAP-message.
+         */
+        static LDAPMsg* create(const LDAPRequest *req, LDAPMessage *msg);   
+        
+        /**
+         * @returns The Type of message that this object contains. Possible
+         *          values are: <BR>
+         *          BIND_RESPONSE <BR>
+         *          SEARCH_ENTRY  <BR>       
+         *          SEARCH_DONE   <BR>      
+         *          SEARCH_REFERENCE   <BR>      
+         *          MODIFY_RESPONSE     <BR>    
+         *          ADD_RESPONSE       <BR>  
+         *          DEL_RESPONSE       <BR>  
+         *          MODDN_RESPONSE     <BR>    
+         *          COMPARE_RESPONSE   <BR>
+         *          EXTENDED_RESPONSE   <BR>
+         */
+        int getMessageType();
+        
+        /**
+         * @returns The message-ID that the C-API return for the
+         *      Result-message. 
+         */
+        int getMsgID();
+
+        /**
+         * @returns If any Control was sent back by the server this method
+         *       returns true. Otherwise false is returned.
+         */
+        bool hasControls() const;
+
+        /**
+         * @returns Server controls that were sent back by the server.
+         * @note This feature is not test well yet.
+         */
+        const LDAPControlSet& getSrvControls() const;
+    
+    protected:
+        /**
+         * This constructor make a copy of a LDAPMsg-pointer. The object
+         * itself (no the pointer) is copied.
+         * Only for internal use.
+         */
+        LDAPMsg(LDAPMessage *msg);
+        LDAPMsg(int msgType, int msgID);
+       
+        /**
+         * This attribute stores Server-Control that were returned with the
+         * message.
+         */
+        LDAPControlSet m_srvControls;
+        
+        bool m_hasControls;
+
+    private:
+        int msgType;
+        int msgID;
+};
+#endif //ifndef LDAP_MSG_H
diff --git a/contrib/ldapc++/src/LDAPMessageQueue.cpp b/contrib/ldapc++/src/LDAPMessageQueue.cpp
new file mode 100644
index 0000000..0cbc0d1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPMessageQueue.cpp
@@ -0,0 +1,171 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "config.h"
+#include "debug.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPRequest.h"
+#include "LDAPResult.h"
+#include "LDAPSearchReference.h"
+#include "LDAPSearchRequest.h"
+#include "LDAPUrl.h"
+#include "LDAPUrlList.h"
+#include "LDAPException.h"
+
+using namespace std;
+
+// TODO: How to handle unsolicited notifications, like notice of
+//       disconnection
+
+LDAPMessageQueue::LDAPMessageQueue(LDAPRequest *req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPMessageQueue::LDAPMessageQueue()" << endl);
+	m_activeReq.push(req);
+    m_issuedReq.push_back(req);
+}
+
+LDAPMessageQueue::~LDAPMessageQueue(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPMessageQueue::~LDAPMessageQueue()" << endl);
+    for(LDAPRequestList::iterator i=m_issuedReq.begin(); 
+            i != m_issuedReq.end(); i++){
+        delete *i;
+    }
+    m_issuedReq.clear();
+}
+
+
+LDAPMsg *LDAPMessageQueue::getNext(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::getNext()" << endl);
+
+    if ( m_activeReq.empty() ) {
+        return 0;
+    }
+
+    LDAPRequest *req=m_activeReq.top();
+    LDAPMsg *ret=0;
+
+    try{
+        ret = req->getNextMessage();
+    }catch(LDAPException e){
+        //do some clean up
+        m_activeReq.pop();
+        throw;   
+    }
+
+    const LDAPConstraints *constr=req->getConstraints();
+    switch (ret->getMessageType()) {
+        case LDAPMsg::SEARCH_REFERENCE : 
+            if (constr->getReferralChase() ){
+                //throws Exception (limit Exceeded)
+                LDAPRequest *refReq=chaseReferral(ret);
+                if(refReq != 0){
+                    m_activeReq.push(refReq);
+                    m_issuedReq.push_back(refReq);
+                    delete ret;
+                    return getNext();
+                }
+            }
+            return ret;
+        break;
+        case LDAPMsg::SEARCH_ENTRY :
+            return ret;
+        break;
+        case LDAPMsg::SEARCH_DONE :
+            if(req->isReferral()){
+                req->unbind();
+            }
+            switch ( ((LDAPResult*)ret)->getResultCode()) {
+                case LDAPResult::REFERRAL :
+                    if(constr->getReferralChase()){
+                        //throws Exception (limit Exceeded)
+                        LDAPRequest *refReq=chaseReferral(ret);
+                        if(refReq != 0){
+                            m_activeReq.pop();
+                            m_activeReq.push(refReq);
+                            m_issuedReq.push_back(refReq);
+                            delete ret;
+                            return getNext();
+                        }
+                    }    
+                    return ret;
+                break;
+                case LDAPResult::SUCCESS :
+                    if(req->isReferral()){
+                        delete ret;
+                        m_activeReq.pop();
+                        return getNext();
+                    }else{
+                        m_activeReq.pop();
+                        return ret;
+                    }
+                break;
+                default:
+                    m_activeReq.pop();
+                    return ret;
+                break;
+            }
+        break;
+        //must be some kind of LDAPResultMessage
+        default:
+            if(req->isReferral()){
+                req->unbind();
+            }
+            LDAPResult* res_p=(LDAPResult*)ret;
+            switch (res_p->getResultCode()) {
+                case LDAPResult::REFERRAL :
+                    if(constr->getReferralChase()){
+                        //throws Exception (limit Exceeded)
+                        LDAPRequest *refReq=chaseReferral(ret);
+                        if(refReq != 0){
+                            m_activeReq.pop();
+                            m_activeReq.push(refReq);
+                            m_issuedReq.push_back(refReq);
+                            delete ret;
+                            return getNext();
+                        }
+                    }    
+                    return ret;
+                break;
+                default:
+                    m_activeReq.pop();
+                    return ret;
+            }
+        break;
+    }
+}
+
+// TODO Maybe moved to LDAPRequest::followReferral seems more reasonable
+//there
+LDAPRequest* LDAPMessageQueue::chaseReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::chaseReferral()" << endl);
+    LDAPRequest *req=m_activeReq.top();
+    LDAPRequest *refReq=req->followReferral(ref);
+    if(refReq !=0){
+        if(refReq->getConstraints()->getHopLimit() < refReq->getHopCount()){
+            delete(refReq);
+            throw LDAPException(LDAP_REFERRAL_LIMIT_EXCEEDED);
+        }
+        if(refReq->isCycle()){
+            delete(refReq);
+            throw LDAPException(LDAP_CLIENT_LOOP);
+        }
+        try {
+            refReq->sendRequest();
+            return refReq;
+        }catch (LDAPException e){
+            DEBUG(LDAP_DEBUG_TRACE,"   caught exception" << endl);
+            return 0;
+        }
+    }else{ 
+        return 0;
+    }
+}
+
+LDAPRequestStack* LDAPMessageQueue::getRequestStack(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPMessageQueue::getRequestStack()" << endl);
+    return &m_activeReq;
+}
+
diff --git a/contrib/ldapc++/src/LDAPMessageQueue.h b/contrib/ldapc++/src/LDAPMessageQueue.h
new file mode 100644
index 0000000..9e42d80
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPMessageQueue.h
@@ -0,0 +1,72 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MESSAGE_QUEUE_H
+#define LDAP_MESSAGE_QUEUE_H
+
+#include <stack>
+
+#include <LDAPUrlList.h>
+#include <LDAPMessage.h>
+
+class LDAPAsynConnection;
+class LDAPRequest;
+class LDAPSearchRequest;
+class LDAPUrl;
+typedef std::stack<LDAPRequest*> LDAPRequestStack;
+typedef std::list<LDAPRequest*> LDAPRequestList;
+
+/**
+ * This class is created for the asynchronous LDAP-operations. And can be
+ * used by the client to retrieve the results of an operation.
+ */
+class LDAPMessageQueue{
+    public :
+
+        /**
+         * This creates a new LDAPMessageQueue. For a LDAP-request
+         *
+         * @param conn  The Request for that is queue can be used to get
+         *              the results.
+         */
+        LDAPMessageQueue(LDAPRequest *conn);
+        /**
+         * Destructor
+         */
+        ~LDAPMessageQueue();
+
+        /**
+         * This method reads exactly one Message from the results of a
+         * Request. 
+         * @throws LDAPException
+         * @return A pointer to an object of one of the classes that were
+         *          derived from LDAPMsg. The user has to cast it to the
+         *          correct type (e.g. LDAPResult or LDAPSearchResult)
+         */           
+        LDAPMsg* getNext();
+
+        /**
+         * For internat use only.
+         *
+         * The method is used to start the automatic referral chasing
+         */
+        LDAPRequest* chaseReferral(LDAPMsg* ref);
+
+        /**
+         * For internal use only
+         *
+         * The referral chasing algorithm needs this method to see the
+         * currently active requests.
+         */
+        LDAPRequestStack* getRequestStack(); 
+    
+    private :
+        LDAPRequestStack m_activeReq;
+        LDAPRequestList m_issuedReq;
+};
+#endif //ifndef LDAP_MESSAGE_QUEUE_H
+
diff --git a/contrib/ldapc++/src/LDAPModDNRequest.cpp b/contrib/ldapc++/src/LDAPModDNRequest.cpp
new file mode 100644
index 0000000..c81484a
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModDNRequest.cpp
@@ -0,0 +1,88 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPModDNRequest.h"
+#include "LDAPException.h"
+#include "LDAPResult.h"
+#include "LDAPUrlList.h"
+
+using namespace std;
+
+LDAPModDNRequest::LDAPModDNRequest(const LDAPModDNRequest& req) :
+        LDAPRequest(req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+            "LDAPModDNRequest::LDAPModDNRequest(&)" << endl);
+    m_dn = req.m_dn;
+    m_newRDN = req.m_newRDN;
+    m_newParentDN = req.m_newParentDN;
+    m_deleteOld = req.m_deleteOld;
+}
+
+LDAPModDNRequest::LDAPModDNRequest(const string& dn, const string& newRDN, 
+        bool deleteOld, const string& newParentDN, 
+        LDAPAsynConnection *connect, 
+        const LDAPConstraints *cons, bool isReferral, 
+        const LDAPRequest* parent):
+        LDAPRequest(connect, cons, isReferral, parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+            "LDAPModDNRequest::LDAPModDNRequest(&)" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, 
+            "   dn:" << dn << endl << "   newRDN:" << newRDN << endl
+            << "   deleteOld:" << deleteOld << endl 
+            << "   newParent:" << newParentDN << endl);
+    m_dn = dn;
+    m_newRDN = newRDN;
+    m_newParentDN = newParentDN;
+    m_deleteOld=deleteOld;
+}
+
+LDAPModDNRequest::~LDAPModDNRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPModDNRequest::~LDAPModDNRequest()" << endl);
+}
+
+LDAPMessageQueue* LDAPModDNRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPModDNRequest::sendRequest()" << endl);
+    int msg_id;
+    const char* newRDN = (m_newRDN == "" ? 0 :m_newRDN.c_str());
+    const char* newParentDN = (m_newParentDN == "" ? 
+            0 :
+            m_newParentDN.c_str());
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    int err=ldap_rename(m_connection->getSessionHandle(),m_dn.c_str(),newRDN,
+            newParentDN,m_deleteOld ? 1 : 0, tmpSrvCtrls, tmpClCtrls,&msg_id);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    if(err!=LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msg_id;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPModDNRequest::followReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::followReferral()" << endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+    LDAPAsynConnection* con = 0;
+    try {
+        con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    } catch(LDAPException e){
+        delete con;
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPModDNRequest(m_dn, m_newRDN, m_deleteOld, m_newParentDN,
+                con, m_cons,true,this);
+    }
+    return 0;
+}
+
diff --git a/contrib/ldapc++/src/LDAPModDNRequest.h b/contrib/ldapc++/src/LDAPModDNRequest.h
new file mode 100644
index 0000000..d45c6a2
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModDNRequest.h
@@ -0,0 +1,33 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_MOD_DN_REQUEST_H
+#define LDAP_MOD_DN_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPModDNRequest : LDAPRequest {
+
+    public:
+        LDAPModDNRequest(const LDAPModDNRequest& req); 
+        LDAPModDNRequest(const std::string& dn, const std::string& newRDN,
+                bool deleteOld, const std::string& newParentDN,
+                LDAPAsynConnection *connect, const LDAPConstraints *cons,
+                bool isReferral=false, const LDAPRequest* parent=0); 
+        virtual ~LDAPModDNRequest(); 
+        
+        virtual LDAPMessageQueue* sendRequest(); 
+        virtual LDAPRequest* followReferral(LDAPMsg*  urls);
+    
+    private:
+        std::string m_dn;
+        std::string m_newRDN;
+        std::string m_newParentDN;
+        bool m_deleteOld;
+};    
+
+#endif // LDAP_MOD_DN_REQUEST_H
+
diff --git a/contrib/ldapc++/src/LDAPModList.cpp b/contrib/ldapc++/src/LDAPModList.cpp
new file mode 100644
index 0000000..1ce248a
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModList.cpp
@@ -0,0 +1,48 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPModList.h"
+#include "debug.h"
+
+#include <cstdlib>
+
+using namespace std;
+
+LDAPModList::LDAPModList(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModList::LDAPModList()" << endl);
+}
+
+LDAPModList::LDAPModList(const LDAPModList& ml){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModList::LDAPModList(&)" << endl);
+    m_modList=ml.m_modList;
+}
+
+void LDAPModList::addModification(const LDAPModification &mod){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPModList::addModification()" << endl);
+	m_modList.push_back(mod);
+}
+
+LDAPMod** LDAPModList::toLDAPModArray(){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPModList::toLDAPModArray()" << endl);
+    LDAPMod **ret = (LDAPMod**) malloc(
+		    (m_modList.size()+1) * sizeof(LDAPMod*));
+    ret[m_modList.size()]=0;
+    LDAPModList::ListType::const_iterator i;
+    int j=0;
+    for (i=m_modList.begin(); i != m_modList.end(); i++ , j++){
+	    ret[j]=i->toLDAPMod();
+    }
+    return ret;
+}
+
+bool LDAPModList::empty() const {
+    return m_modList.empty();
+}
+
+unsigned int LDAPModList::size() const {
+    return m_modList.size();
+}
diff --git a/contrib/ldapc++/src/LDAPModList.h b/contrib/ldapc++/src/LDAPModList.h
new file mode 100644
index 0000000..5b0323c
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModList.h
@@ -0,0 +1,59 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MOD_LIST_H
+#define LDAP_MOD_LIST_H
+
+#include <ldap.h>
+#include <list>
+#include <LDAPModification.h>
+
+/**
+ * This container class is used to store multiple LDAPModification-objects.
+ */
+class LDAPModList{
+    typedef std::list<LDAPModification> ListType;
+
+    public : 
+        /**
+         * Constructs an empty list.
+         */   
+        LDAPModList();
+		
+        /**
+         * Copy-constructor
+         */
+        LDAPModList(const LDAPModList&);
+
+        /**
+         * Adds one element to the end of the list.
+         * @param mod The LDAPModification to add to the std::list.
+         */
+        void addModification(const LDAPModification &mod);
+
+        /**
+         * Translates the list to a 0-terminated array of
+         * LDAPMod-structures as needed by the C-API
+         */
+        LDAPMod** toLDAPModArray();
+
+        /**
+         * @returns true, if the ModList contains no Operations
+         */
+        bool empty() const;
+        
+        /**
+         * @returns number of Modifications in the ModList
+         */
+        unsigned int size() const;
+
+    private : 
+        ListType m_modList;
+};
+#endif //LDAP_MOD_LIST_H
+
+
diff --git a/contrib/ldapc++/src/LDAPModification.cpp b/contrib/ldapc++/src/LDAPModification.cpp
new file mode 100644
index 0000000..f10a792
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModification.cpp
@@ -0,0 +1,48 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPModification.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPModification::LDAPModification(const LDAPAttribute& attr, mod_op op){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPModification::LDAPModification()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   attr:" << attr << endl);
+    m_attr = attr;
+    m_mod_op = op;
+}
+
+LDAPMod* LDAPModification::toLDAPMod() const  {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPModification::toLDAPMod()" << endl);
+    LDAPMod* ret=m_attr.toLDAPMod();
+
+    //The mod_op value of the LDAPMod-struct needs to be ORed with the right
+    // LDAP_MOD_* constant to preserve the BIN-flag (see CAPI-draft for 
+    // explanation of the LDAPMod struct)
+    switch (m_mod_op){
+	case OP_ADD :
+	    ret->mod_op |= LDAP_MOD_ADD;
+	break;
+	case OP_DELETE :
+	    ret->mod_op |= LDAP_MOD_DELETE;
+	break;
+	case OP_REPLACE :
+	    ret->mod_op |= LDAP_MOD_REPLACE;
+	break;
+    }
+    return ret;
+}
+
+const LDAPAttribute* LDAPModification::getAttribute() const {
+	return &m_attr;
+}
+
+LDAPModification::mod_op LDAPModification::getOperation() const {
+	return m_mod_op;
+}
diff --git a/contrib/ldapc++/src/LDAPModification.h b/contrib/ldapc++/src/LDAPModification.h
new file mode 100644
index 0000000..25f5be4
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModification.h
@@ -0,0 +1,30 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_MODIFICATION_H
+#define LDAP_MODIFICATION_H
+
+#include <ldap.h>
+#include <LDAPAttribute.h>
+
+class LDAPModification{
+	public:
+		enum mod_op {OP_ADD, OP_DELETE, OP_REPLACE};
+
+		LDAPModification(const LDAPAttribute& attr, mod_op op);
+		LDAPMod *toLDAPMod() const;
+
+		const LDAPAttribute* getAttribute() const;
+		mod_op getOperation() const;
+
+	private:
+		LDAPAttribute m_attr;
+		mod_op m_mod_op;
+
+};
+#endif //LDAP_MODIFICATION_H
+
diff --git a/contrib/ldapc++/src/LDAPModifyRequest.cpp b/contrib/ldapc++/src/LDAPModifyRequest.cpp
new file mode 100644
index 0000000..a7ca55a
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModifyRequest.cpp
@@ -0,0 +1,81 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <ldap.h>
+
+#include "debug.h"
+
+#include "LDAPModifyRequest.h"
+#include "LDAPException.h"
+#include "LDAPMessageQueue.h"
+#include "LDAPResult.h"
+
+using namespace std;
+
+LDAPModifyRequest::LDAPModifyRequest(const LDAPModifyRequest& req) :
+        LDAPRequest(req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+            "LDAPModifyRequest::LDAPModifyRequest(&)" << endl);
+    m_modList = new LDAPModList(*(req.m_modList));
+    m_dn = req.m_dn;
+}
+
+LDAPModifyRequest::LDAPModifyRequest(const string& dn, 
+        const LDAPModList *modList, LDAPAsynConnection *connect,
+        const LDAPConstraints *cons, bool isReferral,
+        const LDAPRequest* parent) :
+        LDAPRequest(connect, cons, isReferral, parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+            "LDAPModifyRequest::LDAPModifyRequest(&)" << endl);            
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER, 
+            "   dn:" << dn << endl);
+    m_dn = dn;
+    m_modList = new LDAPModList(*modList);
+}
+
+LDAPModifyRequest::~LDAPModifyRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, 
+            "LDAPModifyRequest::~LDAPModifyRequest()" << endl);
+    delete m_modList;
+}
+
+LDAPMessageQueue* LDAPModifyRequest::sendRequest(){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::sendRequest()" << endl);
+    int msgID=0;
+    LDAPControl** tmpSrvCtrls=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrls=m_cons->getClCtrlsArray();
+    LDAPMod** tmpMods=m_modList->toLDAPModArray();
+    int err=ldap_modify_ext(m_connection->getSessionHandle(),m_dn.c_str(),
+            tmpMods, tmpSrvCtrls, tmpClCtrls,&msgID);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrls);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrls);
+    ldap_mods_free(tmpMods,1);
+    if(err != LDAP_SUCCESS){
+        throw LDAPException(err);
+    }else{
+        m_msgID=msgID;
+        return new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPModifyRequest::followReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPModifyRequest::followReferral()" << endl);
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPUrlList urls = ((LDAPResult*)ref)->getReferralUrls();
+    LDAPAsynConnection* con = 0;
+    try {
+        con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    } catch(LDAPException e){
+        delete con;
+        return 0;
+    }
+    if(con != 0){
+        return new LDAPModifyRequest(m_dn, m_modList, con, m_cons,true,this);
+    }
+    return 0;
+}
+
+
diff --git a/contrib/ldapc++/src/LDAPModifyRequest.h b/contrib/ldapc++/src/LDAPModifyRequest.h
new file mode 100644
index 0000000..a1eccdd
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPModifyRequest.h
@@ -0,0 +1,30 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_MODIFY_REQUEST_H
+#define LDAP_MODIFY_REQUEST_H
+
+#include <LDAPRequest.h>
+
+class LDAPMessageQueue;
+
+class LDAPModifyRequest : LDAPRequest {
+    private :
+        std::string m_dn;
+        LDAPModList *m_modList;
+
+    public:
+        LDAPModifyRequest(const LDAPModifyRequest& mod);
+        LDAPModifyRequest(const std::string& dn, const LDAPModList *modList,
+                LDAPAsynConnection *connect, const LDAPConstraints *cons,
+                bool isReferral=false, const LDAPRequest* req=0);
+        virtual ~LDAPModifyRequest();
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* refs);
+};
+
+#endif // LDAP_MODIFY_REQUEST_H
+
diff --git a/contrib/ldapc++/src/LDAPObjClass.cpp b/contrib/ldapc++/src/LDAPObjClass.cpp
new file mode 100644
index 0000000..e3899f1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPObjClass.cpp
@@ -0,0 +1,130 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include "LDAPObjClass.h"
+
+
+LDAPObjClass::LDAPObjClass(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPObjClass::LDAPObjClass( )" << endl);
+
+    oid = string ();
+    desc = string ();
+    names = StringList ();
+    must = StringList();
+    may = StringList();
+    sup = StringList();
+}
+
+LDAPObjClass::LDAPObjClass (const LDAPObjClass &oc){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPObjClass::LDAPObjClass( )" << endl);
+
+    oid = oc.oid;
+    desc = oc.desc;
+    names = oc.names;
+    must = oc.must;
+    may = oc.may;
+    kind = oc.kind;
+    sup = oc.sup;
+}
+
+LDAPObjClass::LDAPObjClass (string oc_item, int flags ) { 
+
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPObjClass::LDAPObjClass( )" << endl);
+
+    LDAPObjectClass *o;
+    int ret;
+    const char *errp;
+    o = ldap_str2objectclass ( oc_item.c_str(), &ret, &errp, flags );
+
+    if (o) {
+        this->setNames (o->oc_names);
+	this->setDesc (o->oc_desc);
+        this->setOid (o->oc_oid);
+	this->setKind (o->oc_kind);
+        this->setMust (o->oc_at_oids_must);
+	this->setMay (o->oc_at_oids_may);
+        this->setSup (o->oc_sup_oids);
+    }
+    // else? -> error
+}
+
+LDAPObjClass::~LDAPObjClass() {
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPObjClass::~LDAPObjClass()" << endl);
+}
+
+void LDAPObjClass::setKind (int oc_kind) {
+    kind = oc_kind;
+}
+    
+void LDAPObjClass::setNames (char **oc_names) {
+    names = StringList (oc_names);
+}
+
+void LDAPObjClass::setMust (char **oc_must) {
+    must = StringList (oc_must);
+}
+
+void LDAPObjClass::setMay (char **oc_may) {
+    may = StringList (oc_may);
+}
+
+void LDAPObjClass::setSup (char **oc_sup) {
+    sup = StringList (oc_sup);
+}
+
+void LDAPObjClass::setDesc (char *oc_desc) {
+    desc = string ();
+    if (oc_desc)
+	desc = oc_desc;
+}
+
+void LDAPObjClass::setOid (char *oc_oid) {
+    oid = string ();
+    if (oc_oid)
+	oid = oc_oid;
+}
+
+string LDAPObjClass::getOid() const {
+    return oid;
+}
+
+string LDAPObjClass::getDesc() const {
+    return desc;
+}
+
+StringList LDAPObjClass::getNames() const {
+    return names;
+}
+
+StringList LDAPObjClass::getMust() const {
+    return must;
+}
+
+StringList LDAPObjClass::getMay() const {
+    return may;
+}
+
+StringList LDAPObjClass::getSup() const {
+    return sup;
+}
+
+string LDAPObjClass::getName() const {
+
+    if (names.empty())
+	return "";
+    else
+	return *(names.begin());
+}
+
+int LDAPObjClass::getKind() const {
+     return kind;
+}
+
+
diff --git a/contrib/ldapc++/src/LDAPObjClass.h b/contrib/ldapc++/src/LDAPObjClass.h
new file mode 100644
index 0000000..e9c7b42
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPObjClass.h
@@ -0,0 +1,104 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_OBJCLASS_H
+#define LDAP_OBJCLASS_H
+
+#include <ldap_schema.h>
+#include <string>
+
+#include "StringList.h"
+
+using namespace std;
+
+/**
+ * Represents the Object Class (from LDAP schema)
+ */
+class LDAPObjClass{
+    private :
+	StringList names, must, may, sup;
+	string desc, oid;
+	int kind;
+	
+    public :
+
+        /**
+         * Constructs an empty object.
+         */   
+        LDAPObjClass();
+
+        /**
+         * Copy constructor
+	 */   
+	LDAPObjClass( const LDAPObjClass& oc );
+
+        /**
+	 * Constructs new object and fills the data structure by parsing the
+	 * argument.
+	 * @param oc_item description of object class is string returned
+	 * by the search command. It is in the form:
+	 * "( SuSE.YaST.OC:5 NAME 'userTemplate' SUP objectTemplate STRUCTURAL
+	 *    DESC 'User object template' MUST ( cn ) MAY ( secondaryGroup ))"
+         */   
+        LDAPObjClass (string oc_item, int flags = LDAP_SCHEMA_ALLOW_NO_OID |
+                      LDAP_SCHEMA_ALLOW_QUOTED);
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPObjClass();
+	
+	/**
+	 * Returns object class description
+	 */
+	string getDesc() const;
+	
+	/**
+	 * Returns object class oid
+	 */
+	string getOid() const;
+
+	/**
+	 * Returns object class name (first one if there are more of them)
+	 */
+	string getName() const;
+
+	/**
+	 * Returns object class kind: 0=ABSTRACT, 1=STRUCTURAL, 2=AUXILIARY
+	 */
+	int getKind() const;
+
+	/**
+	 * Returns all object class names
+	 */
+	StringList getNames() const;
+	
+	/**
+	 * Returns list of required attributes
+	 */
+	StringList getMust() const;
+	
+	/**
+	 * Returns list of allowed (and not required) attributes
+	 */
+	StringList getMay() const;
+	
+        /**
+	 * Returns list of the OIDs of the superior ObjectClasses
+	 */
+	StringList getSup() const;
+
+	void setNames (char **oc_names);
+	void setMay (char **oc_may);
+	void setMust (char **oc_must);
+	void setDesc (char *oc_desc);
+	void setOid (char *oc_oid);
+	void setKind (int oc_kind);
+	void setSup (char **oc_sup);
+	
+};
+
+#endif // LDAP_OBJCLASS_H
diff --git a/contrib/ldapc++/src/LDAPRebind.cpp b/contrib/ldapc++/src/LDAPRebind.cpp
new file mode 100644
index 0000000..cde229a
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRebind.cpp
@@ -0,0 +1,9 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LDAPRebind.h"
+
+
diff --git a/contrib/ldapc++/src/LDAPRebind.h b/contrib/ldapc++/src/LDAPRebind.h
new file mode 100644
index 0000000..9fe7737
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRebind.h
@@ -0,0 +1,27 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REBIND_H
+#define LDAP_REBIND_H
+
+#include <string>
+#include <LDAPRebindAuth.h>
+
+/**
+ * Just an abstract class to provide a mechanism for rebind to another
+ * server when chasing referrals. Clients have to implement a class
+ * derived from this. To use authentication other than anonymous for
+ * referral chasing
+ */
+
+class LDAPRebind{
+    public:
+        virtual ~LDAPRebind() {}
+        virtual LDAPRebindAuth* getRebindAuth(const std::string& hostname, 
+                int port) const = 0;
+};
+#endif //LDAP_REBIND_H
+
diff --git a/contrib/ldapc++/src/LDAPRebindAuth.cpp b/contrib/ldapc++/src/LDAPRebindAuth.cpp
new file mode 100644
index 0000000..80c726b
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRebindAuth.cpp
@@ -0,0 +1,40 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+
+#include "LDAPRebindAuth.h"
+#include "debug.h"
+
+using namespace std;
+
+LDAPRebindAuth::LDAPRebindAuth(const string& dn, const string& pwd){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRebindAuth::LDAPRebindAuth()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,"   dn:" << dn << endl 
+            << "   pwd:" << pwd << endl);
+    m_dn=dn;
+    m_password=pwd;
+}
+
+LDAPRebindAuth::LDAPRebindAuth(const LDAPRebindAuth& lra){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRebindAuth::LDAPRebindAuth(&)" << endl);
+    m_dn=lra.m_dn;
+    m_password=lra.m_password;
+}
+
+LDAPRebindAuth::~LDAPRebindAuth(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPRebindAuth::~LDAPRebindAuth()" << endl);
+}
+
+const string& LDAPRebindAuth::getDN() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRebindAuth::getDN()" << endl);
+    return m_dn;
+}
+
+const string& LDAPRebindAuth::getPassword() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRebindAuth::getPassword()" << endl);
+    return m_password;
+}
diff --git a/contrib/ldapc++/src/LDAPRebindAuth.h b/contrib/ldapc++/src/LDAPRebindAuth.h
new file mode 100644
index 0000000..60c12ac
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRebindAuth.h
@@ -0,0 +1,55 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REBIND_AUTH_H
+#define LDAP_REBIND_AUTH_H
+
+#include<string>
+
+/**
+ * This class represent Authentication information for the case that the
+ * library is chasing referrals.
+ *
+ * The LDAPRebind::getRebindAuth() method returns an object of this type.
+ * And the library uses it to authentication to the destination server of a  
+ * referral.
+ * @note currently only SIMPLE authentication is supported by the library
+ */
+class LDAPRebindAuth{
+    public:
+        /**
+         * @param dn  The DN that should be used for the authentication 
+         * @param pwd   The password that belongs to the DN
+         */
+        LDAPRebindAuth(const std::string& dn="", const std::string& pwd="");
+        
+        /**
+         * Copy-constructor
+         */
+        LDAPRebindAuth(const LDAPRebindAuth& lra);
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPRebindAuth();
+
+        /**
+         * @return The DN that was set in the constructor
+         */
+        const std::string& getDN() const;
+
+        /**
+         * @return The password that was set in the constructor
+         */
+        const std::string& getPassword() const;
+        
+    private:
+        std::string m_dn;
+        std::string m_password;
+};
+
+#endif //LDAP_REBIND_AUTH_H
+
diff --git a/contrib/ldapc++/src/LDAPReferenceList.cpp b/contrib/ldapc++/src/LDAPReferenceList.cpp
new file mode 100644
index 0000000..53cef03
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPReferenceList.cpp
@@ -0,0 +1,40 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPReferenceList.h"
+#include "LDAPSearchReference.h"
+
+LDAPReferenceList::LDAPReferenceList(){
+}
+
+LDAPReferenceList::LDAPReferenceList(const LDAPReferenceList& e){
+    m_refs = e.m_refs;
+}
+
+LDAPReferenceList::~LDAPReferenceList(){
+}
+
+size_t LDAPReferenceList::size() const{
+    return m_refs.size();
+}
+
+bool LDAPReferenceList::empty() const{
+    return m_refs.empty();
+}
+
+LDAPReferenceList::const_iterator LDAPReferenceList::begin() const{
+    return m_refs.begin();
+}
+
+LDAPReferenceList::const_iterator LDAPReferenceList::end() const{
+    return m_refs.end();
+}
+
+void LDAPReferenceList::addReference(const LDAPSearchReference& e){
+    m_refs.push_back(e);
+}
+
diff --git a/contrib/ldapc++/src/LDAPReferenceList.h b/contrib/ldapc++/src/LDAPReferenceList.h
new file mode 100644
index 0000000..f4f60f3
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPReferenceList.h
@@ -0,0 +1,74 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_REFERENCE_LIST_H
+#define LDAP_REFERENCE_LIST_H
+
+#include <cstdio>
+#include <list>
+
+class LDAPSearchReference;
+
+/**
+ * Container class for storing a list of Search References
+ *
+ * Used internally only by LDAPSearchResults
+ */
+class LDAPReferenceList{
+    typedef std::list<LDAPSearchReference> ListType;
+
+    public:
+	typedef ListType::const_iterator const_iterator;
+
+        /**
+         * Constructs an empty list.
+         */   
+        LDAPReferenceList();
+
+        /**
+         * Copy-constructor
+         */
+        LDAPReferenceList(const LDAPReferenceList& rl);
+
+        /**
+         * Destructor
+         */
+        ~LDAPReferenceList();
+
+        /**
+         * @return The number of LDAPSearchReference-objects that are 
+         * currently stored in this list.
+         */
+        size_t size() const;
+
+        /**
+         * @return true if there are zero LDAPSearchReference-objects
+         * currently stored in this list.
+         */
+        bool empty() const;
+
+        /**
+         * @return A iterator that points to the first element of the list.
+         */
+        const_iterator begin() const;
+
+        /**
+         * @return A iterator that points to the element after the last
+         * element of the list.
+         */
+        const_iterator end() const;
+
+        /**
+         * Adds one element to the end of the list.
+         * @param e The LDAPSearchReference to add to the list.
+         */
+        void addReference(const LDAPSearchReference& e);
+
+    private:
+        ListType m_refs;
+};
+#endif // LDAP_REFERENCE_LIST_H
+
diff --git a/contrib/ldapc++/src/LDAPRequest.cpp b/contrib/ldapc++/src/LDAPRequest.cpp
new file mode 100644
index 0000000..57839ce
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRequest.cpp
@@ -0,0 +1,145 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include "LDAPRequest.h"
+
+using namespace std;
+
+LDAPRequest::LDAPRequest(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPRequest::LDAPRequest()" << endl);
+}
+
+LDAPRequest::LDAPRequest(const LDAPRequest& req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPRequest::LDAPRequest(&)" << endl);
+    m_isReferral=req.m_isReferral;
+    m_cons = new LDAPConstraints(*(req.m_cons));
+    m_connection = req.m_connection;
+    m_parent = req.m_parent;
+    m_hopCount = req.m_hopCount;
+    m_msgID = req.m_msgID;
+}
+
+LDAPRequest::LDAPRequest(LDAPAsynConnection* con, 
+       const LDAPConstraints* cons,bool isReferral, const LDAPRequest* parent){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPRequest::LDAPRequest()" << endl);
+    m_connection=con;
+    if(cons == 0){
+        m_cons=new LDAPConstraints( *(con->getConstraints()) );
+    }else{
+        m_cons=new LDAPConstraints( *cons);
+    }
+    m_isReferral=isReferral; 
+    if(m_isReferral){
+        m_hopCount = (parent->getHopCount()+1);
+        m_parent= parent;
+    }else{
+        m_hopCount=0;
+        m_parent=0;
+    }
+}
+
+LDAPRequest::~LDAPRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPRequest::~LDAPRequest()" << endl);
+    delete m_cons;
+}
+
+LDAPMsg* LDAPRequest::getNextMessage() const 
+{
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPRequest::getNextMessage()" << endl);
+    int res;
+    LDAPMessage *msg;
+
+    res=ldap_result(this->m_connection->getSessionHandle(),
+            this->m_msgID,0,0,&msg);
+
+    if (res <= 0){
+        if(msg != 0){
+            ldap_msgfree(msg);
+        }
+        throw  LDAPException(this->m_connection);
+    }else{	
+        LDAPMsg *ret=0;
+        //this can  throw an exception (Decoding Error)
+        ret = LDAPMsg::create(this,msg);
+        ldap_msgfree(msg);
+        return ret;
+    }
+}
+
+LDAPRequest* LDAPRequest::followReferral(LDAPMsg* /*urls*/){
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPBindRequest::followReferral()" << endl);
+    DEBUG(LDAP_DEBUG_TRACE,
+            "ReferralChasing not implemented for this operation" << endl);
+    return 0;
+}
+
+const LDAPConstraints* LDAPRequest::getConstraints() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getConstraints()" << endl);
+    return m_cons;
+}
+
+const LDAPAsynConnection* LDAPRequest::getConnection() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getConnection()" << endl);
+    return m_connection;
+}
+
+int LDAPRequest::getType() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getType()" << endl);
+    return m_requestType;
+}
+
+int LDAPRequest::getMsgID() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getMsgId()" << endl);
+    return m_msgID;
+}
+
+int LDAPRequest::getHopCount() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getHopCount()" << endl);
+    return m_hopCount;
+}
+
+const LDAPRequest* LDAPRequest::getParent() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::getParent()" << endl);
+    return m_parent;
+}
+
+bool LDAPRequest::isReferral() const {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::isReferral()" << endl);
+    return m_isReferral;
+}
+
+bool LDAPRequest::equals(const LDAPRequest* req) const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::equals()" << endl);
+    if( (this->m_requestType == req->getType()) && 
+        (this->m_connection->getHost() == req->m_connection->getHost()) && 
+        (this->m_connection->getPort() == req->m_connection->getPort())
+      ){
+        return true;
+    }return false;        
+}
+
+bool LDAPRequest::isCycle() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::isCycle()" << endl);
+    const LDAPRequest* parent=m_parent;
+    if(parent != 0){
+        do{
+            if(this->equals(parent)){
+                return true;
+            }else{
+                parent=parent->getParent();
+            }
+        }
+        while(parent != 0);
+    }
+    return false;
+}
+
+void LDAPRequest::unbind() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPRequest::unbind()" << endl);
+    m_connection->unbind();
+}
diff --git a/contrib/ldapc++/src/LDAPRequest.h b/contrib/ldapc++/src/LDAPRequest.h
new file mode 100644
index 0000000..059002b
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPRequest.h
@@ -0,0 +1,89 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_REQUEST_H
+#define LDAP_REQUEST_H
+
+#include <LDAPConstraints.h>
+#include <LDAPAsynConnection.h>
+#include <LDAPMessageQueue.h>
+
+class LDAPUrl;
+
+/**
+ * For internal use only
+ * 
+ * Each request that is sent to a LDAP-server by this library is
+ * represented by a special object that contains the parameters and some
+ * other info of the request. This virtual class is the common base class
+ * for these specialized request classes.
+ */
+class LDAPRequest{
+
+    public :
+        static const int BIND=0;
+        static const int UNBIND=2;
+        static const int SEARCH=3;
+        static const int MODIFY=7;
+        static const int ADD=8;
+		static const int DELETE=10;
+        static const int COMPARE=14;
+
+        LDAPRequest(const LDAPRequest& req);
+        LDAPRequest(LDAPAsynConnection* conn, 
+                const LDAPConstraints* cons, bool isReferral=false,
+                const LDAPRequest* parent=0);
+        virtual ~LDAPRequest();
+        
+        const LDAPConstraints* getConstraints() const;
+        const LDAPAsynConnection* getConnection() const;
+        virtual LDAPMsg *getNextMessage() const;
+        int getType()const;
+        int getMsgID() const;
+        int getHopCount() const;
+
+        /**
+         * @return The LDAPRequest that has created this object. Or 0 if
+         * this object was not created by another request.
+         */
+        const LDAPRequest* getParent() const;
+
+        /**
+         * @return true if this object was created during the automatic
+         * chasing of referrals. Otherwise false
+         */
+        bool isReferral() const;
+        
+        void unbind() const; 
+
+        /**
+         * This method encodes the request an calls the appropriate
+         * functions of the C-API to send the Request to a LDAP-Server
+         */
+        virtual LDAPMessageQueue* sendRequest()=0;
+        virtual LDAPRequest* followReferral(LDAPMsg* ref);
+
+        /**
+         * Compare this request with another on. And returns true if they
+         * have the same parameters.
+         */
+        virtual bool equals(const LDAPRequest* req) const;
+
+        bool isCycle() const;
+        
+    protected :
+        bool m_isReferral;
+        int m_requestType;
+        LDAPConstraints *m_cons;
+        LDAPAsynConnection *m_connection;
+        const LDAPRequest* m_parent;
+        int m_hopCount;
+        int m_msgID;  //the associated C-API Message ID
+        LDAPRequest();
+};
+#endif //LDAP_REQUEST_H 
+
diff --git a/contrib/ldapc++/src/LDAPResult.cpp b/contrib/ldapc++/src/LDAPResult.cpp
new file mode 100644
index 0000000..fd35438
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPResult.cpp
@@ -0,0 +1,96 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "debug.h"
+#include"LDAPResult.h"
+#include"LDAPAsynConnection.h"
+#include "LDAPRequest.h"
+#include "LDAPException.h"
+
+#include <cstdlib>
+
+using namespace std;
+
+LDAPResult::LDAPResult(const LDAPRequest *req, LDAPMessage *msg) : 
+        LDAPMsg(msg){
+    if(msg != 0){
+        DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPResult::LDAPResult()" << endl);
+        const LDAPAsynConnection *con=req->getConnection();
+        char **refs=0;
+        LDAPControl** srvctrls=0;
+        char* matchedDN=0;
+        char* errMsg=0;
+        int err=ldap_parse_result(con->getSessionHandle(),msg,&m_resCode,
+                &matchedDN, &errMsg,&refs,&srvctrls,0);
+        if(err != LDAP_SUCCESS){
+            ber_memvfree((void**) refs);
+            ldap_controls_free(srvctrls);
+            throw LDAPException(err);
+        }else{
+            if (refs){
+                m_referrals=LDAPUrlList(refs);
+                ber_memvfree((void**) refs);
+            }
+            if (srvctrls){
+                m_srvControls = LDAPControlSet(srvctrls);
+                m_hasControls = true;
+                ldap_controls_free(srvctrls);
+            }else{
+                m_hasControls = false;
+            }
+            if(matchedDN != 0){
+                m_matchedDN=string(matchedDN);
+                free(matchedDN);
+            }
+            if(errMsg != 0){
+                m_errMsg=string(errMsg);
+                free(errMsg);
+            }
+        }
+    }
+}
+
+LDAPResult::LDAPResult(int type, int resultCode, const std::string &msg) : 
+        LDAPMsg(type,0), m_resCode(resultCode), m_errMsg(msg)
+{}
+
+
+LDAPResult::~LDAPResult(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPResult::~LDAPResult()" << endl);
+}
+
+int LDAPResult::getResultCode() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getResultCode()" << endl);
+    return m_resCode;
+}
+
+string LDAPResult::resToString() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::resToString()" << endl);
+    return string(ldap_err2string(m_resCode));
+}
+
+const string& LDAPResult::getErrMsg() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getErrMsg()" << endl);
+    return m_errMsg;
+}
+
+const string& LDAPResult::getMatchedDN() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getMatchedDN()" << endl);
+    return m_matchedDN;
+}
+
+const LDAPUrlList& LDAPResult::getReferralUrls() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPResult::getReferralUrl()" << endl);
+    return m_referrals;
+}
+
+ostream& operator<<(ostream &s,LDAPResult &l){
+    return s << "Result: " << l.m_resCode << ": "  
+        << ldap_err2string(l.m_resCode) << endl 
+        << "Matched: " << l.m_matchedDN << endl << "ErrMsg: " << l.m_errMsg;
+}
+
diff --git a/contrib/ldapc++/src/LDAPResult.h b/contrib/ldapc++/src/LDAPResult.h
new file mode 100644
index 0000000..a90d010
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPResult.h
@@ -0,0 +1,162 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_RESULT_H
+#define LDAP_RESULT_H
+
+#include<iostream>
+#include<ldap.h>
+#include <LDAPMessage.h>
+#include <LDAPControlSet.h>
+#include <LDAPUrlList.h>
+
+class LDAPRequest;
+class LDAPAsynConnection;
+
+/**
+ * This class is for representing LDAP-Result-Messages.
+ *
+ * It represents all Messages that were returned
+ * from LDAP-Operations except for Messages of the Type 
+ * LDAPMsg::SEARCH_ENTRY, LDAPMsg::SEARCH_REFERENCE and
+ * LDAPMsg::EXTENDED_RESPONSE. <BR>
+ * It defines a integer constant for every possible result type that can be
+ * returned by the server.
+ */
+class LDAPResult : public LDAPMsg{
+    public :
+        //Error codes from RFC 2251
+        static const int SUCCESS                        = 0;
+        static const int OPERATIONS_ERROR               = 1;
+        static const int PROTOCOL_ERROR                 = 2;
+        static const int TIME_LIMIT_EXCEEDED            = 3;
+        static const int SIZE_LIMIT_EXCEEDED            = 4;
+        static const int COMPARE_FALSE                  = 5;
+        static const int COMPARE_TRUE                   = 6;
+        static const int AUTH_METHOD_NOT_SUPPORTED      = 7;
+        static const int STRONG_AUTH_REQUIRED           = 8;
+        
+        static const int REFERRAL                       = 10;
+        static const int ADMIN_LIMIT_EXCEEDED           = 11;
+        static const int UNAVAILABLE_CRITICAL_EXTENSION = 12;
+        static const int CONFIDENTIALITY_REQUIRED       = 13;
+        static const int SASL_BIND_IN_PROGRESS          = 14;
+        
+        static const int NO_SUCH_ATTRIBUTE              = 16;
+        static const int UNDEFINED_ATTRIBUTE_TYP        = 17;
+        static const int INAPPROPRIATE_MATCHING         = 18;
+        static const int CONSTRAINT_VIOLATION           = 19;
+        static const int ATTRIBUTE_OR_VALUE_EXISTS      = 20;
+        static const int INVALID_ATTRIBUTE_SYNTAX       = 21;
+        
+        static const int NO_SUCH_OBJECT                 = 32;
+        static const int ALIAS_PROBLEM                  = 33;
+        static const int INVALID_DN_SYNTAX              = 34;
+
+        static const int ALIAS_DEREFERENCING_PROBLEM    = 36;
+
+        static const int INAPPROPRIATE_AUTHENTICATION    = 48;
+        static const int INVALID_CREDENTIALS            = 49;
+        static const int INSUFFICIENT_ACCESS            = 50;
+        static const int BUSY                           = 51;
+        static const int UNAVAILABLE                    = 52;
+        static const int UNWILLING_TO_PERFORM           = 53;
+        static const int LOOP_DETECT                    = 54;
+
+        static const int NAMING_VIOLATION               = 64;
+        static const int OBJECT_CLASS_VIOLATION         = 65;
+        static const int NOT_ALLOWED_ON_NONLEAF         = 66;
+        static const int NOT_ALLOWED_ON_RDN             = 67;
+        static const int ENTRY_ALREADY_EXISTS           = 68;
+        static const int OBJECT_CLASS_MODS_PROHIBITED   = 69;
+
+        static const int AFFECTS_MULTIPLE_DSAS          = 71;
+        
+        // some Errorcodes defined in the LDAP C API DRAFT
+        static const int OTHER                          = 80;
+        static const int SERVER_DOWN                    = 81;
+        static const int LOCAL_ERROR                    = 82;
+        static const int ENCODING_ERROR                 = 83;
+        static const int DECODING_ERROR                 = 84;
+        static const int TIMEOUT                        = 85;
+        static const int AUTH_UNKNOWN                   = 86;
+        static const int FILTER_ERROR                   = 87;
+        static const int USER_CANCELLED                 = 88;
+        static const int PARAM_ERROR                    = 89;
+        static const int NO_MEMORY                      = 90;
+        static const int CONNECT_ERROR                  = 91;
+        static const int NOT_SUPPORTED                  = 92;
+        static const int CONTROL_NOT_FOUND              = 93;
+        static const int NO_RESULTS_RETURNED            = 94;
+        static const int MORE_RESULTS_TO_RETURN         = 95;
+        static const int CLIENT_LOOP                    = 96;
+        static const int REFERRAL_LIMIT_EXCEEDED        = 97;
+
+        /**
+         * This constructor is called by the LDAPMsg::create method in
+         * order to parse a LDAPResult-Message 
+         * @param req   The request the result is associated with.
+         * @param msg   The LDAPMessage-structure that contains the
+         *              Message.
+         */
+        LDAPResult(const LDAPRequest *req, LDAPMessage *msg);
+        LDAPResult(int type, int resultCode, const std::string &msg); 
+        
+        /**
+         * The destructor.
+         */
+        virtual ~LDAPResult();
+
+        /**
+         * @returns The result code of the Message. Possible values are the
+         *      integer constants defined in this class.
+         */
+        int getResultCode() const;
+
+        /**
+         * This method transforms the result code to a human-readable
+         * result message.
+         * @returns A std::string containing the result message.
+         */
+        std::string resToString() const;
+
+        /**
+         * In some case of error the server may return additional error
+         * messages.
+         * @returns The additional error message returned by the server.
+         */
+        const std::string& getErrMsg() const;
+
+        /**
+         * For messages with a result code of: NO_SUCH_OBJECT,
+         * ALIAS_PROBLEM, ALIAS_DEREFERENCING_PROBLEM or INVALID_DN_SYNTAX
+         * the server returns the DN of deepest entry in the DIT that could
+         * be found for this operation.
+         * @returns The Matched-DN value that was returned by the server.
+         */
+        const std::string& getMatchedDN() const;
+
+        /**
+         * @returns If the result code is REFERRAL this method returns the
+         *      URLs of the referral that was sent by the server.
+         */
+        const LDAPUrlList& getReferralUrls() const;
+
+    private :
+        int m_resCode;
+        std::string m_matchedDN;
+        std::string m_errMsg;
+        LDAPUrlList m_referrals;    
+
+    /**
+     * This method can be used to dump the data of a LDAPResult-Object.
+     * It is only useful for debugging purposes at the moment
+     */
+    friend  std::ostream& operator<<(std::ostream &s,LDAPResult &l);
+};
+#endif //LDAP_RESULT_H
+
diff --git a/contrib/ldapc++/src/LDAPSaslBindResult.cpp b/contrib/ldapc++/src/LDAPSaslBindResult.cpp
new file mode 100644
index 0000000..ae15cfb
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSaslBindResult.cpp
@@ -0,0 +1,45 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "debug.h"
+#include <lber.h>
+#include "LDAPRequest.h"
+#include "LDAPException.h"
+
+#include "LDAPResult.h"
+#include "LDAPSaslBindResult.h"
+
+using namespace std;
+
+LDAPSaslBindResult::LDAPSaslBindResult(const LDAPRequest* req, LDAPMessage* msg) :
+        LDAPResult(req, msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,"LDAPSaslBindResult::LDAPSaslBindResult()" 
+            << std::endl);
+    BerValue* data = 0;
+    LDAP* lc = req->getConnection()->getSessionHandle();
+    int err = ldap_parse_sasl_bind_result(lc, msg, &data, 0);
+    if( err != LDAP_SUCCESS && err != LDAP_SASL_BIND_IN_PROGRESS ){
+        ber_bvfree(data);
+        throw LDAPException(err);
+    }else{
+        if(data){
+            DEBUG(LDAP_DEBUG_TRACE, "   creds present" << std::endl);
+            m_creds=string(data->bv_val, data->bv_len);
+            ber_bvfree(data);
+        } else {
+            DEBUG(LDAP_DEBUG_TRACE, "   no creds present" << std::endl);
+        }
+    }
+}
+
+LDAPSaslBindResult::~LDAPSaslBindResult(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPSaslBindResult::~LDAPSaslBindResult()" << endl);
+}
+
+const string& LDAPSaslBindResult::getServerCreds() const{
+    return m_creds;
+}
+
diff --git a/contrib/ldapc++/src/LDAPSaslBindResult.h b/contrib/ldapc++/src/LDAPSaslBindResult.h
new file mode 100644
index 0000000..b31e89e
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSaslBindResult.h
@@ -0,0 +1,43 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SASL_BIND_RESULT_H
+#define LDAP_SASL_BIND_RESULT_H
+
+#include <ldap.h>
+
+#include <LDAPResult.h>
+
+class LDAPRequest;
+
+/**
+ * Object of this class are created by the LDAPMsg::create method if
+ * results for an Extended Operation were returned by a LDAP server.
+ */
+class LDAPSaslBindResult : public LDAPResult {
+    public :
+        /**
+         * Constructor that creates an LDAPExtResult-object from the C-API
+         * structures
+         */
+        LDAPSaslBindResult(const LDAPRequest* req, LDAPMessage* msg);
+
+        /**
+         * The Destructor
+         */
+        virtual ~LDAPSaslBindResult();
+
+        /**
+         * @returns If the result contained data this method will return
+         *          the data to the caller as a std::string.
+         */
+        const std::string& getServerCreds() const;
+
+    private:
+        std::string m_creds;
+};
+
+#endif // LDAP_SASL_BIND_RESULT_H
diff --git a/contrib/ldapc++/src/LDAPSchema.cpp b/contrib/ldapc++/src/LDAPSchema.cpp
new file mode 100644
index 0000000..38fe282
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSchema.cpp
@@ -0,0 +1,84 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LDAPSchema.h"
+
+#include <ctype.h>
+#include <ldap.h>
+
+#include "debug.h"
+#include "StringList.h"
+
+
+using namespace std;
+
+LDAPSchema::LDAPSchema(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPSchema::LDAPSchema( )" << endl);
+}
+
+LDAPSchema::~LDAPSchema() {
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPSchema::~LDAPSchema()" << endl);
+}
+
+void LDAPSchema::setObjectClasses (const StringList &ocs) {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPSchema::setObjectClasses()" << endl);
+    
+    // parse the stringlist and save it to global map...
+    StringList::const_iterator i,j;
+    for (i = ocs.begin(); i != ocs.end(); i++) {
+	LDAPObjClass oc ( (*i) );
+	StringList names = oc.getNames();
+	// there could be more names for one object...
+	for (j = names.begin(); j != names.end(); j++) {
+            string lc_name = *j;
+            string::iterator k;
+            for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+                (*k) = tolower(*k); 
+            }
+	    object_classes [lc_name] = LDAPObjClass (oc);
+	}
+    }
+}
+
+void LDAPSchema::setAttributeTypes (const StringList &ats) {
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPSchema::setAttributeTypes()" << endl);
+    
+    // parse the stringlist and save it to global map...
+    StringList::const_iterator i,j;
+    for (i = ats.begin(); i != ats.end(); i++) {
+	LDAPAttrType at ( (*i) );
+	StringList names = at.getNames();
+	// there could be more names for one object...
+	for (j = names.begin(); j != names.end(); j++) {
+            string lc_name = *j;
+            string::iterator k;
+            for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+                (*k) = tolower(*k); 
+            }
+	    attr_types [lc_name] = LDAPAttrType (at);
+	}
+    }
+}
+
+LDAPObjClass LDAPSchema::getObjectClassByName (string name) {
+    string lc_name = name;
+    string::iterator k;
+    for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+        (*k) = tolower(*k); 
+    }
+    return object_classes [lc_name];
+}
+
+LDAPAttrType LDAPSchema::getAttributeTypeByName (string name) {
+    string lc_name = name;
+    string::iterator k;
+    for ( k = lc_name.begin(); k != lc_name.end(); k++ ) {
+        (*k) = tolower(*k); 
+    }
+
+    return attr_types [lc_name];
+}
diff --git a/contrib/ldapc++/src/LDAPSchema.h b/contrib/ldapc++/src/LDAPSchema.h
new file mode 100644
index 0000000..c55c9af
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSchema.h
@@ -0,0 +1,73 @@
+// $OpenLDAP$
+/*
+ * Copyright 2003-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SCHEMA_H
+#define LDAP_SCHEMA_H
+
+#include <string>
+#include <map>
+
+#include "LDAPObjClass.h"
+#include "LDAPAttrType.h"
+
+/**
+ * Represents the LDAP schema
+ */
+class LDAPSchema{
+    private :
+	/**
+	 * map of object classes: index is name, value is LDAPObjClass object
+	 */
+	map <string, LDAPObjClass> object_classes;
+	
+	/**
+	 * map of attribute types: index is name, value is LDAPAttrType object
+	 */
+	map <string, LDAPAttrType> attr_types;
+
+    public :
+
+        /**
+         * Constructs an empty object
+         */   
+        LDAPSchema();
+
+        /**
+         * Destructor
+         */
+        virtual ~LDAPSchema();
+	
+        /**
+         * Fill the object_classes map
+	 * @param oc description of one objectclass (string returned by search
+	 * command), in form:
+	 * "( 1.2.3.4.5 NAME '<name>' SUP <supname> STRUCTURAL
+	 *    DESC '<description>' MUST ( <attrtype> ) MAY ( <attrtype> ))"
+         */
+	void setObjectClasses (const StringList &oc);
+
+	 /**
+         * Fill the attr_types map
+	 * @param at description of one attribute type
+	 *  (string returned by search command), in form:
+	 * "( 1.2.3.4.6 NAME ( '<name>' ) DESC '<desc>'
+	 *    EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )"
+         */
+	void setAttributeTypes (const StringList &at);
+
+	/**
+	 * Returns object class object with given name
+	 */
+	LDAPObjClass getObjectClassByName (std::string name);
+	
+	/**
+	 * Returns attribute type object with given name
+	 */
+	LDAPAttrType getAttributeTypeByName (string name);
+
+};
+
+#endif // LDAP_SCHEMA_H
diff --git a/contrib/ldapc++/src/LDAPSearchReference.cpp b/contrib/ldapc++/src/LDAPSearchReference.cpp
new file mode 100644
index 0000000..d82348c
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchReference.cpp
@@ -0,0 +1,53 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <iostream>
+
+#include "debug.h"
+#include "LDAPSearchReference.h"
+#include "LDAPException.h"
+#include "LDAPRequest.h"
+#include "LDAPUrl.h"
+
+using namespace std;
+
+LDAPSearchReference::LDAPSearchReference(const LDAPRequest *req,
+        LDAPMessage *msg) : LDAPMsg(msg){
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPSearchReference::LDAPSearchReference()" << endl;)    
+    char **ref=0;
+    LDAPControl** srvctrls=0;
+    const LDAPAsynConnection* con=req->getConnection();
+    int err = ldap_parse_reference(con->getSessionHandle(), msg, &ref, 
+            &srvctrls,0);
+    if (err != LDAP_SUCCESS){
+        ber_memvfree((void**) ref);
+        ldap_controls_free(srvctrls);
+        throw LDAPException(err);
+    }else{
+        m_urlList=LDAPUrlList(ref);
+        ber_memvfree((void**) ref);
+        if (srvctrls){
+            m_srvControls = LDAPControlSet(srvctrls);
+            m_hasControls = true;
+            ldap_controls_free(srvctrls);
+        }else{
+            m_hasControls = false;
+        }
+    }
+}
+
+LDAPSearchReference::~LDAPSearchReference(){
+    DEBUG(LDAP_DEBUG_DESTROY,"LDAPSearchReference::~LDAPSearchReference()"
+            << endl);
+}
+
+const LDAPUrlList& LDAPSearchReference::getUrls() const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchReference::getUrls()" << endl);
+    return m_urlList;
+}
+
diff --git a/contrib/ldapc++/src/LDAPSearchReference.h b/contrib/ldapc++/src/LDAPSearchReference.h
new file mode 100644
index 0000000..209ae33
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchReference.h
@@ -0,0 +1,46 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_SEARCH_REFERENCE_H
+#define LDAP_SEARCH_REFERENCE_H 
+
+#include <LDAPMessage.h>
+#include <LDAPUrlList.h>
+
+class LDAPRequest;
+class LDAPUrl;
+
+/**
+ * This class is used to represent Continuation References that were
+ * returned during a SEARCH-Operation.
+ */
+class LDAPSearchReference : public LDAPMsg{
+
+    public :
+        /**
+         * Constructor that create an object from the C-API structures
+         */
+        LDAPSearchReference(const LDAPRequest* req, LDAPMessage* msg);
+
+        /**
+         * The Destructor
+         */
+        ~LDAPSearchReference();
+
+        /**
+         * @returns The destination URLs that were send with this message
+         */
+        const LDAPUrlList& getUrls() const;
+
+    private :
+        LDAPUrlList m_urlList;
+        LDAPSearchReference();
+};
+
+
+
+#endif //LDAP_SEARCH_REFERENCE_H
diff --git a/contrib/ldapc++/src/LDAPSearchRequest.cpp b/contrib/ldapc++/src/LDAPSearchRequest.cpp
new file mode 100644
index 0000000..bc752c9
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchRequest.cpp
@@ -0,0 +1,135 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "config.h"
+#include "ac/time.h"
+#include "debug.h"
+#include "LDAPSearchRequest.h"
+#include "LDAPException.h"
+#include "LDAPSearchReference.h"
+#include "LDAPResult.h"
+#include "LDAPRequest.h"
+#include "LDAPUrl.h"
+
+using namespace std;
+
+LDAPSearchRequest::LDAPSearchRequest(const LDAPSearchRequest& req ) :
+        LDAPRequest (req){
+    DEBUG(LDAP_DEBUG_CONSTRUCT, 
+        "LDAPSearchRequest::LDAPSearchRequest(&)" << endl);
+    m_base=req.m_base;
+    m_scope=req.m_scope;
+    m_filter=req.m_filter;
+    m_attrs=req.m_attrs;
+    m_attrsOnly=req.m_attrsOnly;
+}
+        
+
+LDAPSearchRequest::LDAPSearchRequest(const string& base, int scope, 
+        const string& filter, const StringList& attrs, bool attrsOnly,
+        LDAPAsynConnection *connect,
+        const LDAPConstraints* cons, bool isReferral, 
+        const LDAPRequest* parent) 
+            : LDAPRequest (connect,cons,isReferral,parent) {
+    
+    DEBUG(LDAP_DEBUG_CONSTRUCT,
+            "LDAPSearchRequest:LDAPSearchRequest()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT & LDAP_DEBUG_PARAMETER,
+            "   base:" << base << endl << "   scope:" << scope << endl
+            << "   filter:" << filter << endl);
+    m_requestType=LDAPRequest::SEARCH;
+    //insert some validating and copying here  
+    m_base=base;
+    m_scope=scope;
+    if(filter == ""){
+        m_filter="objectClass=*";  
+    }else{
+        m_filter=filter;
+    }
+    m_attrs=attrs;
+    m_attrsOnly=attrsOnly;
+}
+
+LDAPSearchRequest::~LDAPSearchRequest(){
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPSearchRequest::~LDAPSearchRequest" << endl);
+}
+
+LDAPMessageQueue* LDAPSearchRequest::sendRequest(){
+    int msgID; 
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPSearchRequest::sendRequest()" << endl);
+    timeval* tmptime=m_cons->getTimeoutStruct();
+    char** tmpattrs=m_attrs.toCharArray();
+    LDAPControl** tmpSrvCtrl=m_cons->getSrvCtrlsArray();
+    LDAPControl** tmpClCtrl=m_cons->getClCtrlsArray();
+    int aliasDeref = m_cons->getAliasDeref();
+    ldap_set_option(m_connection->getSessionHandle(), LDAP_OPT_DEREF, 
+            &aliasDeref);
+    int err=ldap_search_ext(m_connection->getSessionHandle(), m_base.c_str(),
+            m_scope, m_filter.c_str(), tmpattrs, m_attrsOnly, tmpSrvCtrl,
+            tmpClCtrl, tmptime, m_cons->getSizeLimit(), &msgID );
+    delete tmptime;
+    ber_memvfree((void**)tmpattrs);
+    LDAPControlSet::freeLDAPControlArray(tmpSrvCtrl);
+    LDAPControlSet::freeLDAPControlArray(tmpClCtrl);
+
+    if (err != LDAP_SUCCESS){  
+        throw LDAPException(err);
+    } else if (isReferral()){
+        m_msgID=msgID;
+        return 0;
+    }else{
+        m_msgID=msgID;
+        return  new LDAPMessageQueue(this);
+    }
+}
+
+LDAPRequest* LDAPSearchRequest::followReferral(LDAPMsg* ref){
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPSearchRequest::followReferral()" << endl);
+    LDAPUrlList urls;
+    LDAPUrlList::const_iterator usedUrl;
+    LDAPAsynConnection* con;
+    string filter;
+    int scope;
+    if(ref->getMessageType() == LDAPMsg::SEARCH_REFERENCE){
+        urls = ((LDAPSearchReference *)ref)->getUrls();
+    }else{
+        urls = ((LDAPResult *)ref)->getReferralUrls();
+    }
+    con = getConnection()->referralConnect(urls,usedUrl,m_cons);
+    if(con != 0){
+        if((usedUrl->getFilter() != "") && 
+            (usedUrl->getFilter() != m_filter)){
+                filter=usedUrl->getFilter();
+        }else{
+            filter=m_filter;
+        }
+        if( (ref->getMessageType() == LDAPMsg::SEARCH_REFERENCE) && 
+            (m_scope == LDAPAsynConnection::SEARCH_ONE)
+          ){
+            scope = LDAPAsynConnection::SEARCH_BASE;
+            DEBUG(LDAP_DEBUG_TRACE,"   adjusted scope to BASE" << endl);
+        }else{
+            scope = m_scope;
+        }
+    }else{
+        return 0;
+    }
+    return new LDAPSearchRequest(usedUrl->getDN(), scope, filter,
+            m_attrs, m_attrsOnly, con, m_cons,true,this);
+}
+
+bool LDAPSearchRequest::equals(const LDAPRequest* req)const{
+    DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchRequest::equals()" << endl);
+    if( LDAPRequest::equals(req)){
+        LDAPSearchRequest* sreq = (LDAPSearchRequest*)req;
+        if ( (m_base == sreq->m_base) &&
+             (m_scope == sreq->m_scope) 
+           ){
+            return true;
+        }
+    }
+    return false;
+}
diff --git a/contrib/ldapc++/src/LDAPSearchRequest.h b/contrib/ldapc++/src/LDAPSearchRequest.h
new file mode 100644
index 0000000..59a63a8
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchRequest.h
@@ -0,0 +1,43 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SEARCH_REQUEST_H
+#define LDAP_SEARCH_REQUEST_H
+
+#include <queue>
+#include <LDAPRequest.h>
+
+class LDAPSearchReference;
+class LDAPReferral;
+class LDAPUrl;
+
+class LDAPSearchRequest : public LDAPRequest{ 
+
+    public :
+        LDAPSearchRequest(const LDAPSearchRequest& req);
+
+        LDAPSearchRequest(const std::string& base, int scope, const std::string& filter,
+                          const StringList& attrs, bool attrsOnly, 
+                          LDAPAsynConnection *connect,
+                          const LDAPConstraints* cons, bool isReferral=false,
+                          const LDAPRequest* parent=0);
+        virtual ~LDAPSearchRequest();        
+        virtual LDAPMessageQueue* sendRequest();
+        virtual LDAPRequest* followReferral(LDAPMsg* ref);
+        virtual bool equals(const LDAPRequest* req) const;
+    
+    private :
+        std::string m_base;
+        int m_scope;
+        std::string m_filter;
+        StringList m_attrs;
+        bool m_attrsOnly;
+
+        //no default constructor
+        LDAPSearchRequest(){};
+};
+
+#endif //LDAP_SEARCH_REQUEST_H
diff --git a/contrib/ldapc++/src/LDAPSearchResult.cpp b/contrib/ldapc++/src/LDAPSearchResult.cpp
new file mode 100644
index 0000000..cc850df
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchResult.cpp
@@ -0,0 +1,52 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include <iostream>
+
+#include "debug.h"
+#include "LDAPSearchResult.h"
+#include "LDAPRequest.h"
+
+using namespace std;
+
+LDAPSearchResult::LDAPSearchResult(const LDAPRequest *req,
+        LDAPMessage *msg) : LDAPMsg(msg){
+	DEBUG(LDAP_DEBUG_CONSTRUCT,
+		"LDAPSearchResult::LDAPSearchResult()" << endl);
+    entry = new LDAPEntry(req->getConnection(), msg);
+    //retrieve the controls here
+    LDAPControl** srvctrls=0;
+    int err = ldap_get_entry_controls(req->getConnection()->getSessionHandle(),
+            msg,&srvctrls);
+    if(err != LDAP_SUCCESS){
+        ldap_controls_free(srvctrls);
+    }else{
+        if (srvctrls){
+            m_srvControls = LDAPControlSet(srvctrls);
+            m_hasControls = true;
+            ldap_controls_free(srvctrls);
+        }else{
+            m_hasControls = false;
+        }
+    }
+}
+
+LDAPSearchResult::LDAPSearchResult(const LDAPSearchResult& res) :
+        LDAPMsg(res){
+    entry = new LDAPEntry(*(res.entry));
+}
+
+LDAPSearchResult::~LDAPSearchResult(){
+	DEBUG(LDAP_DEBUG_DESTROY,"LDAPSearchResult::~LDAPSearchResult()" << endl);
+	delete entry;
+}
+
+const LDAPEntry* LDAPSearchResult::getEntry() const{
+	DEBUG(LDAP_DEBUG_TRACE,"LDAPSearchResult::getEntry()" << endl);
+	return entry;
+}
+
diff --git a/contrib/ldapc++/src/LDAPSearchResult.h b/contrib/ldapc++/src/LDAPSearchResult.h
new file mode 100644
index 0000000..c7646e5
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchResult.h
@@ -0,0 +1,45 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_SEARCH_RESULT_H
+#define LDAP_SEARCH_RESULT_H
+
+#include <LDAPMessage.h>
+#include <LDAPEntry.h>
+
+class LDAPRequest;
+
+/**
+ * This class is used to represent the result entries of a
+ * SEARCH-operation.
+ */
+class LDAPSearchResult : public LDAPMsg{
+    public:
+        /**
+         * Constructor that create an object from the C-API structures
+         */
+        LDAPSearchResult(const LDAPRequest *req, LDAPMessage *msg);
+
+        /**
+         * Copy-Constructor
+         */
+        LDAPSearchResult(const LDAPSearchResult& res);
+
+        /**
+         * The Destructor
+         */
+        virtual ~LDAPSearchResult();
+
+        /**
+         * @returns The entry that has been sent with this result message. 
+         */
+        const LDAPEntry* getEntry() const;
+    
+    private:
+        LDAPEntry *entry;
+};
+#endif //LDAP_SEARCH_RESULT_H
diff --git a/contrib/ldapc++/src/LDAPSearchResults.cpp b/contrib/ldapc++/src/LDAPSearchResults.cpp
new file mode 100644
index 0000000..a25afe5
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchResults.cpp
@@ -0,0 +1,60 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPException.h"
+#include "LDAPSearchResult.h"
+#include "LDAPResult.h"
+
+#include "LDAPSearchResults.h"
+
+LDAPSearchResults::LDAPSearchResults(){
+    entryPos = entryList.begin();
+    refPos = refList.begin();
+}
+
+LDAPResult* LDAPSearchResults::readMessageQueue(LDAPMessageQueue* msg){
+    if(msg != 0){
+        LDAPMsg* res=0;
+        for(;;){
+            try{
+                res = msg->getNext();
+            }catch (LDAPException e){
+                throw;
+            }
+            switch(res->getMessageType()){ 
+                case LDAPMsg::SEARCH_ENTRY :
+                    entryList.addEntry(*((LDAPSearchResult*)res)->getEntry());
+                break;
+                case LDAPMsg::SEARCH_REFERENCE :
+                    refList.addReference(*((LDAPSearchReference*)res));
+                break;
+                default:
+                    entryPos=entryList.begin();
+                    refPos=refList.begin();
+                    return ((LDAPResult*) res);
+            }
+            delete res;
+            res=0;
+        }
+    }
+    return 0;
+}
+
+LDAPEntry* LDAPSearchResults::getNext(){
+    if( entryPos != entryList.end() ){
+        LDAPEntry* ret= new LDAPEntry(*entryPos);
+        entryPos++;
+        return ret;
+    }
+    if( refPos != refList.end() ){
+        LDAPUrlList urls= refPos->getUrls();
+        refPos++;
+        throw(LDAPReferralException(urls));
+    }
+    return 0;
+}
+
diff --git a/contrib/ldapc++/src/LDAPSearchResults.h b/contrib/ldapc++/src/LDAPSearchResults.h
new file mode 100644
index 0000000..f675de1
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPSearchResults.h
@@ -0,0 +1,56 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_SEARCH_RESULTS_H
+#define LDAP_SEARCH_RESULTS_H
+
+#include <LDAPEntry.h>
+#include <LDAPEntryList.h>
+#include <LDAPMessage.h>
+#include <LDAPMessageQueue.h>
+#include <LDAPReferenceList.h>
+#include <LDAPSearchReference.h>
+
+class LDAPResult;
+
+/**
+ * The class stores the results of a synchronous SEARCH-Operation 
+ */
+class LDAPSearchResults{
+    public:
+        /**
+         * Default-Constructor
+         */
+        LDAPSearchResults();
+
+        /**
+         * For internal use only.
+         *
+         * This method reads Search result entries from a
+         * LDAPMessageQueue-object.
+         * @param msg The message queue to read
+         */
+        LDAPResult* readMessageQueue(LDAPMessageQueue* msg);
+
+        /**
+         * The method is used by the client-application to read the
+         * result entries of the  SEARCH-Operation. Every call of this
+         * method returns one entry. If all entries were read it return 0.
+         * @throws LDAPReferralException  If a Search Reference was
+         *          returned by the server
+         * @returns A LDAPEntry-object as a result of a SEARCH-Operation or
+         *          0 if no more entries are there to return.
+         */
+        LDAPEntry* getNext();
+    private :
+        LDAPEntryList entryList;
+        LDAPReferenceList refList;
+        LDAPEntryList::const_iterator entryPos;
+        LDAPReferenceList::const_iterator refPos;
+};
+#endif //LDAP_SEARCH_RESULTS_H
+
+
diff --git a/contrib/ldapc++/src/LDAPUrl.cpp b/contrib/ldapc++/src/LDAPUrl.cpp
new file mode 100644
index 0000000..b3a2ec0
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPUrl.cpp
@@ -0,0 +1,518 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#include "LDAPUrl.h"
+#include <sstream>
+#include <iomanip>
+#include "debug.h"
+
+using namespace std;
+
+#define PCT_ENCFLAG_NONE 0x0000U
+#define PCT_ENCFLAG_COMMA 0x0001U
+#define PCT_ENCFLAG_SLASH 0x0002U
+
+#define LDAP_DEFAULT_PORT 389
+#define LDAPS_DEFAULT_PORT 636
+
+LDAPUrl::LDAPUrl(const std::string &url)
+{
+    DEBUG(LDAP_DEBUG_CONSTRUCT, "LDAPUrl::LDAPUrl()" << endl);
+    DEBUG(LDAP_DEBUG_CONSTRUCT | LDAP_DEBUG_PARAMETER,
+            "   url:" << url << endl);
+    m_urlString = url;
+    m_Filter = "";
+    m_Scheme = "ldap";
+    m_Scope = 0;
+    m_Port = 0;
+    regenerate = false;
+    if (url != "") {
+        this->parseUrl();
+    }
+}
+
+LDAPUrl::~LDAPUrl()
+{
+    DEBUG(LDAP_DEBUG_DESTROY, "LDAPUrl::~LDAPUrl()" << endl);
+    m_Attrs.clear();
+}
+
+int LDAPUrl::getPort() const 
+{
+    return m_Port;
+}
+
+void LDAPUrl::setPort(int port)
+{
+    m_Port = port;
+    regenerate = true;
+}
+
+int LDAPUrl::getScope() const 
+{
+    return m_Scope;
+}
+
+void LDAPUrl::setScope( const std::string &scope )
+{
+    if (scope == "base" || scope == "" ) {
+        m_Scope = 0;
+    } else if (scope == "one" ) {
+        m_Scope = 1;
+    } else if (scope == "sub" ) {
+        m_Scope = 2;
+    } else {
+        throw LDAPUrlException(LDAPUrlException::INVALID_SCOPE, 
+                "Scope was:" + scope); 
+    }
+    regenerate = true;
+}
+
+const string& LDAPUrl::getURLString() const
+{
+    if (regenerate){
+        this->components2Url();
+        regenerate=false;
+    }
+    return m_urlString;
+}
+
+void LDAPUrl::setURLString( const std::string &url )
+{
+    m_urlString = url;
+    if (url != "") {
+        this->parseUrl();
+    }
+    regenerate = false;
+}
+
+const string& LDAPUrl::getHost() const 
+{
+    return m_Host;
+}
+
+void LDAPUrl::setHost( const std::string &host )
+{
+    m_Host = host;
+    regenerate = true;
+}
+
+const string& LDAPUrl::getDN() const 
+{
+    return m_DN;
+}
+void LDAPUrl::setDN( const std::string &dn )
+{
+    m_DN = dn;
+    regenerate = true;
+}
+
+const string& LDAPUrl::getFilter() const 
+{
+    return m_Filter;
+}
+void LDAPUrl::setFilter( const std::string &filter )
+{
+    m_Filter = filter;
+    regenerate = true;
+}
+
+const StringList& LDAPUrl::getAttrs() const 
+{
+    return m_Attrs;
+}
+void LDAPUrl::setAttrs( const StringList &attrs )
+{
+    m_Attrs = attrs;
+    regenerate = true;
+}
+
+const StringList& LDAPUrl::getExtensions() const 
+{
+    return m_Extensions;
+}
+
+void LDAPUrl::setExtensions( const StringList &ext )
+{
+    m_Extensions = ext;
+    regenerate = true;
+}
+
+const std::string& LDAPUrl::getScheme() const
+{
+    return m_Scheme;
+}
+
+void LDAPUrl::setScheme( const std::string &scheme )
+{
+    if (scheme == "ldap" || scheme == "ldaps" || 
+            scheme == "ldapi" || scheme == "cldap" ) 
+    {
+        m_Scheme = scheme;
+        regenerate = true;
+    } else {
+        throw LDAPUrlException(LDAPUrlException::INVALID_SCHEME,
+                "Unknown URL scheme: \"" + scheme + "\"");
+    }
+}
+
+void LDAPUrl::parseUrl() 
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPUrl::parseUrl()" << std::endl);
+    // reading Scheme
+    std::string::size_type pos = m_urlString.find(':');
+    std::string::size_type startpos = pos;
+    if (pos == std::string::npos) {
+        throw LDAPUrlException(LDAPUrlException::INVALID_URL,
+                "No colon found in URL");
+    }
+    std::string scheme = m_urlString.substr(0, pos);
+    DEBUG(LDAP_DEBUG_TRACE, "    scheme is <" << scheme << ">" << std::endl);
+
+    if ( scheme == "ldap" ) {
+        m_Scheme = scheme;
+    } else if ( scheme == "ldaps" ) {
+        m_Scheme = scheme;
+    } else if ( scheme == "ldapi" ) {
+        m_Scheme = scheme;
+    } else if ( scheme == "cldap" ) {
+        m_Scheme = scheme;
+    } else {
+        throw LDAPUrlException(LDAPUrlException::INVALID_SCHEME,
+                "Unknown URL Scheme: \"" + scheme + "\"");
+    }
+
+    if ( m_urlString[pos+1] != '/' || m_urlString[pos+2] != '/' ) {
+        throw LDAPUrlException(LDAPUrlException::INVALID_URL);
+    } else {
+        startpos = pos + 3;
+    }
+    if ( m_urlString[startpos] == '/' ) {
+        // no hostname and port
+        startpos++;
+    } else {
+        std::string::size_type hostend, portstart=0;
+        pos = m_urlString.find('/', startpos);
+
+        // IPv6 Address?
+        if ( m_urlString[startpos] == '[' ) {
+            // skip
+            startpos++;
+            hostend =  m_urlString.find(']', startpos);
+            if ( hostend == std::string::npos ){
+                throw LDAPUrlException(LDAPUrlException::INVALID_URL);
+            }
+            portstart = hostend + 1;
+        } else {
+            hostend = m_urlString.find(':', startpos);
+            if ( hostend == std::string::npos || portstart > pos ) {
+                hostend = pos;
+            }
+            portstart = hostend;
+        }
+        std::string host = m_urlString.substr(startpos, hostend - startpos);
+        DEBUG(LDAP_DEBUG_TRACE, "    host: <" << host << ">" << std::endl);
+        percentDecode(host, m_Host);
+
+        if (portstart >= m_urlString.length() || portstart >= pos ) {
+            if ( m_Scheme == "ldap" || m_Scheme == "cldap" ) {
+                m_Port = LDAP_DEFAULT_PORT;
+            } else if ( m_Scheme == "ldaps" ) {
+                m_Port = LDAPS_DEFAULT_PORT;
+            }
+        } else {
+            std::string port = m_urlString.substr(portstart+1, 
+                    (pos == std::string::npos ? pos : pos-portstart-1) );
+            if ( port.length() > 0 ) {
+                std::istringstream i(port);
+                i >> m_Port;
+                if ( i.fail() ){
+                    throw LDAPUrlException(LDAPUrlException::INVALID_PORT);
+                }
+            }
+            DEBUG(LDAP_DEBUG_TRACE, "    Port: <" << m_Port << ">" 
+                    << std::endl);
+        }
+        startpos = pos + 1;
+    }
+    int parserMode = base;
+    while ( pos != std::string::npos ) {
+        pos = m_urlString.find('?', startpos);
+        std::string actComponent = m_urlString.substr(startpos, 
+                pos - startpos);
+        DEBUG(LDAP_DEBUG_TRACE, "    ParserMode:" << parserMode << std::endl);
+        DEBUG(LDAP_DEBUG_TRACE, "    ActComponent: <" << actComponent << ">" 
+                << std::endl);
+        std::string s_scope = "";
+        std::string s_ext = "";
+        switch(parserMode) {
+            case base :
+                percentDecode(actComponent, m_DN);
+                DEBUG(LDAP_DEBUG_TRACE, "    BaseDN:" << m_DN << std::endl); 
+                break;
+            case attrs :
+                DEBUG(LDAP_DEBUG_TRACE, "    reading Attributes" << std::endl);
+                if (actComponent.length() != 0 ) {
+                    string2list(actComponent,m_Attrs, true);
+                }
+                break;
+            case scope :
+                percentDecode(actComponent, s_scope);
+                if (s_scope == "base" || s_scope == "" ) {
+                    m_Scope = 0;
+                } else if (s_scope == "one" ) {
+                    m_Scope = 1;
+                } else if (s_scope == "sub" ) {
+                    m_Scope = 2;
+                } else {
+                    throw LDAPUrlException(LDAPUrlException::INVALID_SCOPE);
+                }
+                DEBUG(LDAP_DEBUG_TRACE, "    Scope: <" << s_scope << ">"
+                        << std::endl);
+                break;
+            case filter :
+                percentDecode(actComponent, m_Filter);
+                DEBUG(LDAP_DEBUG_TRACE, "    filter: <" << m_Filter << ">"
+                        << std::endl);
+                break;
+            case extensions :
+                DEBUG(LDAP_DEBUG_TRACE, "    reading Extensions" << std::endl); 
+                string2list(actComponent, m_Extensions, true);
+                break;
+            default : 
+                DEBUG(LDAP_DEBUG_TRACE, "    unknown state" << std::endl); 
+                break;
+        }
+        startpos = pos + 1;
+        parserMode++;
+    }
+}
+
+void LDAPUrl::percentDecode(const std::string& src, std::string &out)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "LDAPUrl::percentDecode()" << std::endl); 
+    std::string::size_type pos = 0;
+    std::string::size_type startpos = 0;
+    pos = src.find('%', startpos);
+    while ( pos != std::string::npos ) {
+        out += src.substr(startpos, pos - startpos);
+        std::string istr(src.substr(pos+1, 2));
+        std::istringstream i(istr);
+        i.setf(std::ios::hex, std::ios::basefield);
+        i.unsetf(std::ios::showbase);
+        int hex;
+        i >> hex;
+        if ( i.fail() ){
+            throw LDAPUrlException(LDAPUrlException::URL_DECODING_ERROR, 
+                    "Invalid percent encoding");
+        }
+        char j = hex;
+        out.push_back(j);
+        startpos = pos+3;
+        pos = src.find('%', startpos);
+    } 
+    out += src.substr(startpos, pos - startpos);
+}
+
+void LDAPUrl::string2list(const std::string &src, StringList& sl, 
+            bool percentDecode)
+{
+    std::string::size_type comma_startpos = 0;
+    std::string::size_type comma_pos = 0;
+    std::string actItem;
+    while ( comma_pos != std::string::npos ) {
+        comma_pos = src.find(',', comma_startpos);
+        actItem = src.substr(comma_startpos, comma_pos - comma_startpos);
+        if (percentDecode){
+            std::string decoded;
+            this->percentDecode(actItem,decoded);
+            actItem = decoded;
+        }
+        sl.add(actItem);
+        comma_startpos = comma_pos + 1;
+    }
+}
+
+
+void LDAPUrl::components2Url() const
+{
+    std::ostringstream url; 
+    std::string encoded = "";
+    
+    url << m_Scheme << "://";
+    // IPv6 ?
+    if ( m_Host.find( ':', 0 ) != std::string::npos ) {
+        url <<  "[" << this->percentEncode(m_Host, encoded) <<  "]";
+    } else {
+        url << this->percentEncode(m_Host, encoded, PCT_ENCFLAG_SLASH);
+    }
+
+    if ( m_Port != 0 ) {
+        url << ":" << m_Port;
+    }
+
+    url << "/";
+    encoded = "";
+    if ( m_DN != "" ) {
+        this->percentEncode( m_DN, encoded );
+        url << encoded;
+    }
+    string qm = "";
+    if ( ! m_Attrs.empty() ){
+        url << "?";
+        bool first = true;
+        for ( StringList::const_iterator i = m_Attrs.begin();
+                i != m_Attrs.end(); i++) 
+        {
+            this->percentEncode( *i, encoded );
+            if ( ! first ) {
+                url << ",";
+            } else {
+                first = false;
+            }
+            url << encoded;
+        }
+    } else {
+        qm.append("?");
+    }
+    if ( m_Scope == 1 ) {
+        url << qm << "?one";
+        qm = "";
+    } else if ( m_Scope == 2 ) {
+        url << qm << "?sub";
+        qm = "";
+    } else {
+        qm.append("?");
+    }
+    if (m_Filter != "" ){
+        this->percentEncode( m_Filter, encoded );
+        url << qm << "?" << encoded;
+        qm = "";
+    } else {
+        qm.append("?");
+    }
+
+    if ( ! m_Extensions.empty() ){
+        url << qm << "?";
+        bool first = true;
+        for ( StringList::const_iterator i = m_Extensions.begin();
+                i != m_Extensions.end(); i++) 
+        {
+            this->percentEncode( *i, encoded, 1);
+            if ( ! first ) {
+                url << ",";
+            } else {
+                first = false;
+            }
+            url << encoded;
+        }
+    }
+    m_urlString=url.str();  
+}
+
+
+std::string& LDAPUrl::percentEncode( const std::string &src, 
+        std::string &dest, 
+        int flags) const
+{
+    std::ostringstream o;
+    o.setf(std::ios::hex, std::ios::basefield);
+    o.setf(std::ios::uppercase);
+    o.unsetf(std::ios::showbase);
+    bool escape=false;
+    for ( std::string::const_iterator i = src.begin(); i != src.end(); i++ ){
+        switch(*i){
+            /* reserved */
+            case '?' :
+                escape = true;
+            break;
+            case ',' :
+                if ( flags & PCT_ENCFLAG_COMMA ) {
+                    escape = true;
+                } else {
+                    escape = false;
+                }
+            break;
+            case ':' :
+            case '/' :
+                if ( flags & PCT_ENCFLAG_SLASH ) {
+                    escape = true;
+                } else {
+                    escape = false;
+                }
+            break;
+            case '#' :
+            case '[' :
+            case ']' :
+            case '@' :
+            case '!' :
+            case '$' :
+            case '&' :
+            case '\'' :
+            case '(' :
+            case ')' :
+            case '*' :
+            case '+' :
+            case ';' :
+            case '=' :
+            /* unreserved */
+            case '-' :
+            case '.' :
+            case '_' :
+            case '~' :
+                escape = false;
+            break;
+            default :
+                if (  std::isalnum(*i) ) {
+                    escape = false;
+                } else {
+                    escape = true;
+                }
+            break;
+        }
+        if ( escape ) {
+            o << "%" << std::setw(2) << std::setfill('0') << (int)(unsigned char)*i ;
+        } else {
+            o.put(*i);
+        }
+    }
+    dest = o.str();
+    return dest;
+}
+
+const code2string_s LDAPUrlException::code2string[] = {
+   { INVALID_SCHEME,            "Invalid URL Scheme" },
+   { INVALID_PORT,              "Invalid Port in Url" },
+   { INVALID_SCOPE,             "Invalid Search Scope in Url" },
+   { INVALID_URL,               "Invalid LDAP Url" },
+   { URL_DECODING_ERROR,        "Url-decoding Error" },
+   { 0, 0 }
+};
+
+LDAPUrlException::LDAPUrlException( int code, const std::string &msg) :
+    m_code(code), m_addMsg(msg) {}
+
+int LDAPUrlException::getCode() const
+{
+    return m_code;
+}
+
+const std::string LDAPUrlException::getAdditionalInfo() const
+{
+    return m_addMsg;
+}
+
+const std::string LDAPUrlException::getErrorMessage() const
+{
+    for ( int i = 0; code2string[i].string != 0; i++ ) {
+        if ( code2string[i].code == m_code ) {
+            return std::string(code2string[i].string);
+        }
+    }
+    return "";
+
+}
diff --git a/contrib/ldapc++/src/LDAPUrl.h b/contrib/ldapc++/src/LDAPUrl.h
new file mode 100644
index 0000000..9c1f3e3
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPUrl.h
@@ -0,0 +1,207 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+
+#ifndef LDAP_URL_H
+#define LDAP_URL_H
+
+#include <StringList.h>
+
+class LDAPUrlException;
+/**
+ * This class is used to analyze and store LDAP-Urls as returned by a
+ * LDAP-Server as Referrals and Search References. LDAP-URLs are defined
+ * in RFC1959 and have the following format: <BR>
+ * <code>
+ * ldap://host:port/baseDN[?attr[?scope[?filter]]] <BR>
+ * </code>
+ */
+class LDAPUrl{
+
+    public : 
+        /**
+         * Create a new object from a string that contains a LDAP-Url
+         * @param url The URL String
+         */
+        LDAPUrl(const std::string &url="");
+
+        /**
+         * Destructor
+         */
+        ~LDAPUrl();
+
+        /**
+         * @return The part of the URL that is representing the network
+         * port
+         */
+        int getPort() const;
+        
+        /**
+         * Set the port value of the URL
+         * @param dn The port value
+         */
+        void setPort(int port);
+
+        /**
+         * @return The scope part of the URL is returned. 
+         */
+        int getScope() const;
+
+        /**
+         * Set the Scope part of the URL
+         * @param scope The new scope
+         */
+        void setScope(const std::string& scope);
+
+        /**
+         * @return The complete URL as a string
+         */
+        const std::string& getURLString() const;
+
+        /**
+         * Set the URL member attribute
+         * @param url The URL String
+         */
+        void setURLString(const std::string &url);
+
+        /**
+         * @return The hostname or IP-Address of the destination host.
+         */
+        const std::string& getHost() const;
+
+        /**
+         * Set the Host part of the URL
+         * @param host The new host part
+         */
+        void setHost( const std::string &host);
+
+        /**
+         * @return The Protocol Scheme of the URL.
+         */
+        const std::string& getScheme() const;
+
+        /**
+         * Set the Protocol Scheme of the URL
+         * @param host The Protocol scheme. Allowed values are
+         *       ldap,ldapi,ldaps and cldap
+         */
+        void setScheme( const std::string &scheme );
+
+        /**
+         * @return The Base-DN part of the URL
+         */
+        const std::string& getDN() const;
+        
+        /**
+         * Set the DN part of the URL
+         * @param dn The new DN part
+         */
+        void setDN( const std::string &dn);
+
+        
+        /**
+         * @return The Filter part of the URL
+         */
+        const std::string& getFilter() const;
+        
+        /**
+         * Set the Filter part of the URL
+         * @param filter The new Filter
+         */
+        void setFilter( const std::string &filter);
+
+        /**
+         * @return The List of attributes  that was in the URL
+         */
+        const StringList& getAttrs() const;
+        
+        /**
+         * Set the Attributes part of the URL
+         * @param attrs StringList containing the List of Attributes
+         */
+        void setAttrs( const StringList &attrs);
+        void setExtensions( const StringList &ext);
+        const StringList& getExtensions() const;
+
+        /**
+         * Percent-decode a string
+         * @param src The string that is to be decoded
+         * @param dest The decoded result string
+         */
+        void percentDecode( const std::string& src, std::string& dest );
+        
+        /**
+         * Percent-encoded a string
+         * @param src The string that is to be encoded
+         * @param dest The encoded result string
+         * @param flags
+         */
+        std::string& percentEncode( const std::string& src, 
+                    std::string& dest, 
+                    int flags=0 ) const;
+   
+    protected : 
+        /**
+         * Split the url string that is associated with this Object into
+         * it components. The components of the URL can be access via the
+         * get...() methods.
+         * (this function is mostly for internal use and gets called 
+         * automatically whenever necessary)
+         */
+        void parseUrl();
+        
+        /**
+         * Generate an URL string from the components that were set with
+         * the various set...() methods
+         * (this function is mostly for internal use and gets called 
+         * automatically whenever necessary)
+         */
+        void components2Url() const;
+        
+        void string2list(const std::string &src, StringList& sl,
+                bool percentDecode=false);
+
+    protected :
+        mutable bool regenerate;
+        int m_Port;
+        int m_Scope;
+        std::string m_Host;
+        std::string m_DN;
+        std::string m_Filter;
+        StringList m_Attrs;
+        StringList m_Extensions;
+        mutable std::string m_urlString;
+        std::string m_Scheme;
+        enum mode { base, attrs, scope, filter, extensions };
+};
+
+/// @cond
+struct code2string_s {
+    int code;
+    const char* string;
+};
+/// @endcond
+
+class LDAPUrlException {
+    public :
+        LDAPUrlException(int code, const std::string &msg="" );
+
+        int getCode() const;
+        const std::string getErrorMessage() const;
+        const std::string getAdditionalInfo() const;
+
+        static const int INVALID_SCHEME      = 1;
+        static const int INVALID_PORT        = 2;
+        static const int INVALID_SCOPE       = 3;
+        static const int INVALID_URL         = 4;
+        static const int URL_DECODING_ERROR  = 5; 
+        static const code2string_s code2string[]; 
+
+    private:
+        int m_code;
+        std::string m_addMsg;
+};
+#endif //LDAP_URL_H
diff --git a/contrib/ldapc++/src/LDAPUrlList.cpp b/contrib/ldapc++/src/LDAPUrlList.cpp
new file mode 100644
index 0000000..6e4e921
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPUrlList.cpp
@@ -0,0 +1,57 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LDAPUrlList.h"
+#include <assert.h>
+#include "debug.h"
+
+using namespace std;
+
+LDAPUrlList::LDAPUrlList(){
+    DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList()" << endl);
+    m_urls=LDAPUrlList::ListType();
+}
+
+LDAPUrlList::LDAPUrlList(const LDAPUrlList& urls){
+    DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList(&)" << endl);
+    m_urls = urls.m_urls;
+}
+
+
+LDAPUrlList::LDAPUrlList(char** url){
+    DEBUG(LDAP_DEBUG_CONSTRUCT," LDAPUrlList::LDAPUrlList()" << endl);
+    char** i;
+    assert(url);
+    for(i = url; *i != 0; i++){
+        add(LDAPUrl(*i));
+    }
+}
+
+LDAPUrlList::~LDAPUrlList(){
+    DEBUG(LDAP_DEBUG_DESTROY," LDAPUrlList::~LDAPUrlList()" << endl);
+    m_urls.clear();
+}
+
+size_t LDAPUrlList::size() const{
+    return m_urls.size();
+}
+
+bool LDAPUrlList::empty() const{
+    return m_urls.empty();
+}
+
+LDAPUrlList::const_iterator LDAPUrlList::begin() const{
+    return m_urls.begin();
+}
+
+LDAPUrlList::const_iterator LDAPUrlList::end() const{
+    return m_urls.end();
+}
+
+void LDAPUrlList::add(const LDAPUrl& url){
+    m_urls.push_back(url);
+}
+
diff --git a/contrib/ldapc++/src/LDAPUrlList.h b/contrib/ldapc++/src/LDAPUrlList.h
new file mode 100644
index 0000000..0b4f27c
--- /dev/null
+++ b/contrib/ldapc++/src/LDAPUrlList.h
@@ -0,0 +1,78 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDAP_URL_LIST_H
+#define LDAP_URL_LIST_H
+
+#include <list>
+#include <LDAPUrl.h>
+
+/**
+ * This container class is used to store multiple LDAPUrl-objects.
+ */
+class LDAPUrlList{
+    typedef std::list<LDAPUrl> ListType;
+
+    public:
+	typedef ListType::const_iterator const_iterator;
+
+        /**
+         * Constructs an empty list.
+         */   
+        LDAPUrlList();
+
+        /**
+         * Copy-constructor
+         */
+        LDAPUrlList(const LDAPUrlList& urls);
+
+        /**
+         * For internal use only
+         *
+         * This constructor is used by the library internally to create a
+         * std::list of URLs from a array of C-strings that was return by
+         * the C-API
+         */
+        LDAPUrlList(char** urls);
+
+        /**
+         * Destructor
+         */
+        ~LDAPUrlList();
+
+        /**
+         * @return The number of LDAPUrl-objects that are currently
+         * stored in this list.
+         */
+        size_t size() const;
+
+        /**
+         * @return true if there are zero LDAPUrl-objects currently
+         * stored in this list.
+         */
+        bool empty() const;
+
+        /**
+         * @return A iterator that points to the first element of the list.
+         */
+        const_iterator begin() const;
+        
+        /**
+         * @return A iterator that points to the element after the last
+         * element of the list.
+         */
+        const_iterator end() const;
+
+        /**
+         * Adds one element to the end of the list.
+         * @param attr The attribute to add to the list.
+         */
+        void add(const LDAPUrl& url);
+
+    private :
+        ListType m_urls;
+};
+#endif //LDAP_URL_LIST_H
diff --git a/contrib/ldapc++/src/LdifReader.cpp b/contrib/ldapc++/src/LdifReader.cpp
new file mode 100644
index 0000000..207806d
--- /dev/null
+++ b/contrib/ldapc++/src/LdifReader.cpp
@@ -0,0 +1,350 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LdifReader.h"
+#include "LDAPMessage.h"
+#include "LDAPEntry.h"
+#include "LDAPAttributeList.h"
+#include "LDAPAttribute.h"
+#include "LDAPUrl.h"
+#include "debug.h"
+
+#include <string>
+#include <sstream>
+#include <stdexcept>
+
+#include <sasl/saslutil.h> // For base64 routines
+
+typedef std::pair<std::string, std::string> stringpair;
+
+LdifReader::LdifReader( std::istream &input ) 
+        : m_ldifstream(input), m_lineNumber(0)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "<> LdifReader::LdifReader()" << std::endl);
+    this->m_version = 0;
+    // read the first record to find out version and type of the LDIF
+    this->readNextRecord(true);
+    this->m_currentIsFirst = true;
+}
+
+int LdifReader::readNextRecord( bool first )
+{
+    DEBUG(LDAP_DEBUG_TRACE, "-> LdifReader::readRecord()" << std::endl);
+    std::string line;
+    std::string type;
+    std::string value;
+    int numLine = 0;
+    int recordType = 0;
+
+    if ( (! first) && this->m_currentIsFirst == true )
+    {
+        this->m_currentIsFirst = false;
+        return m_curRecType;
+    }
+
+    m_currentRecord.clear();
+
+    while ( !this->getLdifLine(line) )
+    {
+        DEBUG(LDAP_DEBUG_TRACE, "  Line: " << line << std::endl );
+
+        // skip comments and empty lines between entries
+        if ( line[0] == '#' || ( numLine == 0 && line.size() == 0 ) )
+        {
+            DEBUG(LDAP_DEBUG_TRACE, "skipping empty line or comment" << std::endl );
+            continue;
+        }
+        if ( line.size() == 0 ) 
+        {
+            // End of Entry
+            break;
+        }
+
+        this->splitLine(line, type, value);
+
+        if ( numLine == 0 )
+        {
+            if ( type == "version" )
+            {
+                std::istringstream valuestream(value);
+                valuestream >> this->m_version;
+                if ( this->m_version != 1 ) // there is no other Version than LDIFv1 
+                {
+                    std::ostringstream err;
+                    err << "Line " << this->m_lineNumber 
+                        << ": Unsupported LDIF Version";
+                    throw( std::runtime_error(err.str()) );
+                }
+                continue;
+            }
+            if ( type == "dn" ) // Record should start with the DN ...
+            {
+                DEBUG(LDAP_DEBUG_TRACE, " Record DN:" << value << std::endl);
+            }
+            else if ( type == "include" ) // ... or it might be an "include" line
+            {
+                DEBUG(LDAP_DEBUG_TRACE, " Include directive: " << value << std::endl);
+                if ( this->m_version == 1 )
+                {
+                    std::ostringstream err;
+                    err << "Line " << this->m_lineNumber 
+                        << ": \"include\" not allowed in LDIF version 1.";
+                    throw( std::runtime_error(err.str()) );
+                }
+                else
+                {
+                    std::ostringstream err;
+                    err << "Line " << this->m_lineNumber 
+                        << ": \"include\" not yet supported.";
+                    throw( std::runtime_error(err.str()) );
+                }
+            }
+            else
+            {
+                DEBUG(LDAP_DEBUG_TRACE, " Record doesn't start with a DN" 
+                            << std::endl);
+                std::ostringstream err;
+                err << "Line " << this->m_lineNumber 
+                    << ": LDIF record does not start with a DN.";
+                throw( std::runtime_error(err.str()) );
+            }
+        }
+        if ( numLine == 1 ) // might contain "changtype" to indicate a change request
+        {
+            if ( type == "changetype" ) 
+            {
+                if ( first ) 
+                {
+                    this->m_ldifTypeRequest = true;
+                }
+                else if (! this->m_ldifTypeRequest )
+                {
+                    // Change Request in Entry record LDIF, should we accept it?
+                    std::ostringstream err;
+                    err << "Line " << this->m_lineNumber 
+                        << ": Change Request in an entry-only LDIF.";
+                    throw( std::runtime_error(err.str()) );
+                }
+                if ( value == "modify" )
+                {
+                    recordType = LDAPMsg::MODIFY_REQUEST;
+                }
+                else if ( value == "add" )
+                {
+                    recordType = LDAPMsg::ADD_REQUEST;
+                }
+                else if ( value == "delete" )
+                {
+                    recordType = LDAPMsg::DELETE_REQUEST;
+                }
+                else if ( value == "modrdn" )
+                {   
+                    recordType = LDAPMsg::MODRDN_REQUEST;
+                }
+                else
+                {
+                    DEBUG(LDAP_DEBUG_TRACE, " Unknown change request <" 
+                            << value << ">" << std::endl);
+                    std::ostringstream err;
+                    err << "Line " << this->m_lineNumber 
+                        << ": Unknown changetype: \"" << value << "\".";
+                    throw( std::runtime_error(err.str()) );
+                }
+            }
+            else
+            {
+                if ( first ) 
+                {
+                    this->m_ldifTypeRequest = false;
+                }
+                else if (this->m_ldifTypeRequest )
+                {
+                    // Entry record in Change record LDIF, should we accept 
+                    // it (e.g. as AddRequest)?
+                }
+                recordType = LDAPMsg::SEARCH_ENTRY;
+            }
+        }
+        m_currentRecord.push_back( stringpair(type, value) );
+        numLine++;
+    }
+    DEBUG(LDAP_DEBUG_TRACE, "<- LdifReader::readRecord() return: " 
+            << recordType << std::endl);
+    m_curRecType = recordType;
+    return recordType;
+}
+
+LDAPEntry LdifReader::getEntryRecord()
+{
+    std::list<stringpair>::const_iterator i = m_currentRecord.begin();
+    if ( m_curRecType != LDAPMsg::SEARCH_ENTRY )
+    {
+        throw( std::runtime_error( "The LDIF record: '" + i->second +
+                                   "' is not a valid LDAP Entry" ));
+    }
+    LDAPEntry resEntry(i->second);
+    i++;
+    LDAPAttribute curAttr(i->first);
+    LDAPAttributeList *curAl = new LDAPAttributeList();
+    for ( ; i != m_currentRecord.end(); i++ )
+    {
+        if ( i->first == curAttr.getName() )
+        {
+            curAttr.addValue(i->second);
+        }
+        else
+        {
+            const LDAPAttribute* existing = curAl->getAttributeByName( i->first );
+            if ( existing )
+            {
+                // Attribute exists already (handle gracefully)
+                curAl->addAttribute( curAttr );
+                curAttr = LDAPAttribute( *existing );
+                curAttr.addValue(i->second);
+                curAl->delAttribute( i->first );
+            }
+            else
+            {
+                curAl->addAttribute( curAttr );
+                curAttr = LDAPAttribute( i->first, i->second );
+            }
+        }
+    }
+    curAl->addAttribute( curAttr );
+    resEntry.setAttributes( curAl );
+    return resEntry;
+}
+
+int LdifReader::getLdifLine(std::string &ldifline)
+{
+    DEBUG(LDAP_DEBUG_TRACE, "-> LdifReader::getLdifLine()" << std::endl);
+
+    this->m_lineNumber++;
+    if ( ! getline(m_ldifstream, ldifline) )
+    {
+        return -1;
+    }
+    while ( m_ldifstream &&
+        (m_ldifstream.peek() == ' ' || m_ldifstream.peek() == '\t'))
+    {
+        std::string cat;
+        m_ldifstream.ignore();
+        getline(m_ldifstream, cat);
+        ldifline += cat;
+        this->m_lineNumber++;
+    }
+
+    DEBUG(LDAP_DEBUG_TRACE, "<- LdifReader::getLdifLine()" << std::endl);
+    return 0;
+}
+
+void LdifReader::splitLine(
+            const std::string& line, 
+            std::string &type,
+            std::string &value) const
+{
+    std::string::size_type pos = line.find(':');
+    if ( pos == std::string::npos )
+    {
+        DEBUG(LDAP_DEBUG_ANY, "Invalid LDIF line. No `:` separator" 
+                << std::endl );
+        std::ostringstream err;
+        err << "Line " << this->m_lineNumber << ": Invalid LDIF line. No `:` separator";
+        throw( std::runtime_error( err.str() ));
+    }
+
+    type = line.substr(0, pos);
+    if ( pos == line.size() )
+    {
+        // empty value
+        value = "";
+        return;
+    }
+
+    pos++;
+    char delim = line[pos];
+    if ( delim == ':' || delim == '<' )
+    {
+        pos++;
+    }
+
+    for( ; pos < line.size() && isspace(line[pos]); pos++ )
+    { /* empty */ }
+
+    value = line.substr(pos);
+
+    if ( delim == ':' )
+    {
+        // Base64 encoded value
+        DEBUG(LDAP_DEBUG_TRACE, "  base64 encoded value" << std::endl );
+        char outbuf[value.size()];
+        int rc = sasl_decode64(value.c_str(), value.size(), 
+                outbuf, value.size(), NULL);
+        if( rc == SASL_OK )
+        {
+            value = std::string(outbuf);
+        }
+        else if ( rc == SASL_BADPROT )
+        {
+            value = "";
+            DEBUG( LDAP_DEBUG_TRACE, " invalid base64 content" << std::endl );
+            std::ostringstream err;
+            err << "Line " << this->m_lineNumber << ": Can't decode Base64 data";
+            throw( std::runtime_error( err.str() ));
+        }
+        else if ( rc == SASL_BUFOVER )
+        {
+            value = "";
+            DEBUG( LDAP_DEBUG_TRACE, " not enough space in output buffer" 
+                    << std::endl );
+            std::ostringstream err;
+            err << "Line " << this->m_lineNumber 
+                << ": Can't decode Base64 data. Buffer too small";
+            throw( std::runtime_error( err.str() ));
+        }
+    }
+    else if ( delim == '<' )
+    {
+        // URL value
+        DEBUG(LDAP_DEBUG_TRACE, "  url value" << std::endl );
+        std::ostringstream err;
+        err << "Line " << this->m_lineNumber 
+            << ": URLs are currently not supported";
+        throw( std::runtime_error( err.str() ));
+    }
+    else 
+    {
+        // "normal" value
+        DEBUG(LDAP_DEBUG_TRACE, "  string value" << std::endl );
+    }
+    DEBUG(LDAP_DEBUG_TRACE, "  Type: <" << type << ">" << std::endl );
+    DEBUG(LDAP_DEBUG_TRACE, "  Value: <" << value << ">" << std::endl );
+    return;
+}
+
+std::string LdifReader::readIncludeLine( const std::string& line ) const
+{
+    std::string::size_type pos = sizeof("file:") - 1;
+    std::string scheme = line.substr( 0, pos );
+    std::string file;
+
+    // only file:// URLs supported currently
+    if ( scheme != "file:" )
+    {
+        DEBUG( LDAP_DEBUG_TRACE, "unsupported scheme: " << scheme 
+                << std::endl);
+    }
+    else if ( line[pos] == '/' )
+    {
+        if ( line[pos+1] == '/' )
+        {
+            pos += 2;
+        }
+        file = line.substr(pos, std::string::npos);
+        DEBUG( LDAP_DEBUG_TRACE, "target file: " << file << std::endl);
+    }
+    return file;
+}
diff --git a/contrib/ldapc++/src/LdifReader.h b/contrib/ldapc++/src/LdifReader.h
new file mode 100644
index 0000000..7fe6d4d
--- /dev/null
+++ b/contrib/ldapc++/src/LdifReader.h
@@ -0,0 +1,57 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDIF_READER_H
+#define LDIF_READER_H
+
+#include <LDAPEntry.h>
+#include <iosfwd>
+#include <list>
+
+typedef std::list< std::pair<std::string, std::string> > LdifRecord;
+class LdifReader
+{
+    public:
+        LdifReader( std::istream &input );
+
+        inline bool isEntryRecords() const
+        {
+            return !m_ldifTypeRequest;
+        }
+
+        inline bool isChangeRecords() const
+        {
+            return m_ldifTypeRequest;
+        }
+
+        inline int getVersion() const
+        {
+            return m_version;
+        }
+
+        LDAPEntry getEntryRecord();
+        int readNextRecord( bool first=false );
+        //LDAPRequest getChangeRecord();
+
+    private:
+        int getLdifLine(std::string &line);
+
+        void splitLine(const std::string& line, 
+                    std::string &type,
+                    std::string &value ) const;
+
+        std::string readIncludeLine( const std::string &line) const;
+
+        std::istream &m_ldifstream;
+        LdifRecord m_currentRecord;
+        int m_version;
+        int m_curRecType;
+        int m_lineNumber;
+        bool m_ldifTypeRequest;
+        bool m_currentIsFirst;
+};
+
+#endif /* LDIF_READER_H */
diff --git a/contrib/ldapc++/src/LdifWriter.cpp b/contrib/ldapc++/src/LdifWriter.cpp
new file mode 100644
index 0000000..5dcbd41
--- /dev/null
+++ b/contrib/ldapc++/src/LdifWriter.cpp
@@ -0,0 +1,116 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "LdifWriter.h"
+#include "StringList.h"
+#include "LDAPAttribute.h"
+#include "debug.h"
+#include <sstream>
+#include <stdexcept>
+
+LdifWriter::LdifWriter( std::ostream& output, int version ) :
+        m_ldifstream(output), m_version(version), m_addSeparator(false)
+{
+    if ( version )
+    {
+        if ( version == 1 )
+        {
+            m_ldifstream << "version: " << version << std::endl;
+            m_addSeparator = true;
+        } else {
+            std::ostringstream err;
+            err << "Unsupported LDIF Version";
+            throw( std::runtime_error(err.str()) );
+        }
+    }
+    
+}
+
+void LdifWriter::writeRecord(const LDAPEntry& le)
+{
+    std::ostringstream line;
+
+    if ( m_addSeparator )
+    {
+        m_ldifstream << std::endl;
+    } else {
+        m_addSeparator = true;
+    }
+
+    line << "dn: " << le.getDN();
+    this->breakline( line.str(), m_ldifstream );
+
+    const LDAPAttributeList *al = le.getAttributes();
+    LDAPAttributeList::const_iterator i = al->begin();
+    for ( ; i != al->end(); i++ )
+    {
+        StringList values = i->getValues();
+        StringList::const_iterator j = values.begin();
+        for( ; j != values.end(); j++)
+        {
+            // clear output stream
+            line.str("");
+            line << i->getName() << ": " << *j;
+            this->breakline( line.str(), m_ldifstream );
+        }
+    }
+}
+
+void LdifWriter::writeIncludeRecord( const std::string& target )
+{
+    DEBUG(LDAP_DEBUG_TRACE, "writeIncludeRecord: " << target << std::endl);
+    std::string scheme = target.substr( 0, sizeof("file:")-1 );
+    
+    if ( m_version == 1 )
+    {
+        std::ostringstream err;
+        err << "\"include\" not allowed in LDIF version 1.";
+        throw( std::runtime_error(err.str()) );
+    }
+    
+    if ( m_addSeparator )
+    {
+        m_ldifstream << std::endl;
+    } else {
+        m_addSeparator = true;
+    }
+
+    m_ldifstream << "include: ";
+    if ( scheme != "file:" )
+    {
+        m_ldifstream << "file://";
+    }
+
+    m_ldifstream << target << std::endl;
+}
+
+void LdifWriter::breakline( const std::string &line, std::ostream &out )
+{
+    std::string::size_type pos = 0;
+    std::string::size_type linelength = 76;
+    bool first = true;
+    
+    if ( line.length() >= linelength )
+    {
+        while ( pos < line.length() )
+        {
+            if (! first )
+            {
+                out << " ";
+            }
+            out << line.substr(pos, linelength) << std::endl;
+            pos += linelength;
+            if ( first )
+            {
+                first = false;
+                linelength--; //account for the leading space
+            }
+        }
+    } else {
+        out << line << std::endl;
+    }
+}
+
diff --git a/contrib/ldapc++/src/LdifWriter.h b/contrib/ldapc++/src/LdifWriter.h
new file mode 100644
index 0000000..10c487d
--- /dev/null
+++ b/contrib/ldapc++/src/LdifWriter.h
@@ -0,0 +1,31 @@
+// $OpenLDAP$
+/*
+ * Copyright 2008-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef LDIF_WRITER_H
+#define LDIF_WRITER_H
+
+#include <LDAPEntry.h>
+#include <iosfwd>
+#include <list>
+
+class LdifWriter
+{
+    public:
+        LdifWriter( std::ostream& output, int version = 0 );
+        void writeRecord(const LDAPEntry& le);
+        void writeIncludeRecord(const std::string& target);
+
+    private:
+        void breakline( const std::string &line, std::ostream &out );
+
+        std::ostream& m_ldifstream;
+        int m_version;
+        bool m_addSeparator;
+
+};
+
+#endif /* LDIF_WRITER_H */
+
diff --git a/contrib/ldapc++/src/Makefile.am b/contrib/ldapc++/src/Makefile.am
new file mode 100644
index 0000000..83e3abc
--- /dev/null
+++ b/contrib/ldapc++/src/Makefile.am
@@ -0,0 +1,103 @@
+# $OpenLDAP$
+
+###
+# Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+##
+
+lib_LTLIBRARIES = libldapcpp.la
+
+libldapcpp_la_SOURCES = LDAPAddRequest.cpp \
+			LDAPAsynConnection.cpp \
+			LDAPAttribute.cpp \
+			LDAPAttributeList.cpp \
+			LDAPAttrType.cpp \
+			LDAPBindRequest.cpp \
+			LDAPCompareRequest.cpp \
+			LDAPConnection.cpp \
+			LDAPConstraints.cpp \
+			LDAPControl.cpp \
+			LDAPControlSet.cpp \
+			LDAPDeleteRequest.cpp \
+			LDAPEntry.cpp \
+			LDAPEntryList.cpp \
+			LDAPException.cpp \
+			LDAPExtRequest.cpp \
+			LDAPExtResult.cpp \
+			LDAPMessage.cpp \
+			LDAPMessageQueue.cpp \
+			LDAPModDNRequest.cpp \
+			LDAPModification.cpp \
+			LDAPModifyRequest.cpp \
+			LDAPModList.cpp \
+			LDAPObjClass.cpp \
+			LDAPRebind.cpp \
+			LDAPRebindAuth.cpp \
+			LDAPReferenceList.cpp \
+			LDAPRequest.cpp \
+			LDAPResult.cpp \
+			LDAPSaslBindResult.cpp \
+			LDAPSchema.cpp \
+			LDAPSearchReference.cpp \
+			LDAPSearchRequest.cpp \
+			LDAPSearchResult.cpp \
+			LDAPSearchResults.cpp \
+			LDAPUrl.cpp \
+			LDAPUrlList.cpp \
+			LdifReader.cpp \
+			LdifWriter.cpp \
+			SaslInteraction.cpp \
+			SaslInteractionHandler.cpp \
+			StringList.cpp \
+			TlsOptions.cpp
+
+include_HEADERS = LDAPAsynConnection.h \
+			LDAPAttribute.h \
+			LDAPAttributeList.h \
+			LDAPAttrType.h \
+			LDAPConnection.h \
+			LDAPConstraints.h \
+			LDAPControl.h \
+			LDAPControlSet.h \
+			LDAPEntry.h \
+			LDAPEntryList.h \
+			LDAPException.h \
+			LDAPExtResult.h \
+			LDAPMessage.h \
+			LDAPMessageQueue.h \
+			LDAPModification.h \
+			LDAPModList.h \
+			LDAPObjClass.h \
+			LDAPRebind.h \
+			LDAPRebindAuth.h \
+			LDAPReferenceList.h \
+			LDAPResult.h \
+			LDAPSaslBindResult.h \
+			LDAPSchema.h \
+			LDAPSearchReference.h \
+			LDAPSearchResult.h \
+			LDAPSearchResults.h \
+			LDAPUrl.h \
+			LDAPUrlList.h \
+			LdifReader.h \
+			LdifWriter.h \
+			SaslInteraction.h \
+			SaslInteractionHandler.h \
+			StringList.h \
+			TlsOptions.h
+
+noinst_HEADERS = ac/time.h \
+		debug.h \
+		LDAPAddRequest.h \
+		LDAPBindRequest.h \
+		LDAPCompareRequest.h \
+		LDAPDeleteRequest.h \
+		LDAPExtRequest.h \
+		LDAPModDNRequest.h \
+		LDAPModifyRequest.h \
+		LDAPRequest.h \
+		LDAPSearchRequest.h
+
+libldapcpp_la_LIBADD = -lldap -llber
+libldapcpp_la_LDFLAGS = -version-info @OPENLDAP_CPP_API_VERSION@
+
diff --git a/contrib/ldapc++/src/Makefile.in b/contrib/ldapc++/src/Makefile.in
new file mode 100644
index 0000000..aaa3cf0
--- /dev/null
+++ b/contrib/ldapc++/src/Makefile.in
@@ -0,0 +1,717 @@
+# Makefile.in generated by automake 1.11 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# $OpenLDAP$
+
+###
+# Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src
+DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) \
+	$(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+	$(srcdir)/config.h.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+libldapcpp_la_DEPENDENCIES =
+am_libldapcpp_la_OBJECTS = LDAPAddRequest.lo LDAPAsynConnection.lo \
+	LDAPAttribute.lo LDAPAttributeList.lo LDAPAttrType.lo \
+	LDAPBindRequest.lo LDAPCompareRequest.lo LDAPConnection.lo \
+	LDAPConstraints.lo LDAPControl.lo LDAPControlSet.lo \
+	LDAPDeleteRequest.lo LDAPEntry.lo LDAPEntryList.lo \
+	LDAPException.lo LDAPExtRequest.lo LDAPExtResult.lo \
+	LDAPMessage.lo LDAPMessageQueue.lo LDAPModDNRequest.lo \
+	LDAPModification.lo LDAPModifyRequest.lo LDAPModList.lo \
+	LDAPObjClass.lo LDAPRebind.lo LDAPRebindAuth.lo \
+	LDAPReferenceList.lo LDAPRequest.lo LDAPResult.lo \
+	LDAPSaslBindResult.lo LDAPSchema.lo LDAPSearchReference.lo \
+	LDAPSearchRequest.lo LDAPSearchResult.lo LDAPSearchResults.lo \
+	LDAPUrl.lo LDAPUrlList.lo LdifReader.lo LdifWriter.lo \
+	SaslInteraction.lo SaslInteractionHandler.lo StringList.lo \
+	TlsOptions.lo
+libldapcpp_la_OBJECTS = $(am_libldapcpp_la_OBJECTS)
+libldapcpp_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(libldapcpp_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libldapcpp_la_SOURCES)
+DIST_SOURCES = $(libldapcpp_la_SOURCES)
+HEADERS = $(include_HEADERS) $(noinst_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENLDAP_CPP_API_VERSION = @OPENLDAP_CPP_API_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+lib_LTLIBRARIES = libldapcpp.la
+libldapcpp_la_SOURCES = LDAPAddRequest.cpp \
+			LDAPAsynConnection.cpp \
+			LDAPAttribute.cpp \
+			LDAPAttributeList.cpp \
+			LDAPAttrType.cpp \
+			LDAPBindRequest.cpp \
+			LDAPCompareRequest.cpp \
+			LDAPConnection.cpp \
+			LDAPConstraints.cpp \
+			LDAPControl.cpp \
+			LDAPControlSet.cpp \
+			LDAPDeleteRequest.cpp \
+			LDAPEntry.cpp \
+			LDAPEntryList.cpp \
+			LDAPException.cpp \
+			LDAPExtRequest.cpp \
+			LDAPExtResult.cpp \
+			LDAPMessage.cpp \
+			LDAPMessageQueue.cpp \
+			LDAPModDNRequest.cpp \
+			LDAPModification.cpp \
+			LDAPModifyRequest.cpp \
+			LDAPModList.cpp \
+			LDAPObjClass.cpp \
+			LDAPRebind.cpp \
+			LDAPRebindAuth.cpp \
+			LDAPReferenceList.cpp \
+			LDAPRequest.cpp \
+			LDAPResult.cpp \
+			LDAPSaslBindResult.cpp \
+			LDAPSchema.cpp \
+			LDAPSearchReference.cpp \
+			LDAPSearchRequest.cpp \
+			LDAPSearchResult.cpp \
+			LDAPSearchResults.cpp \
+			LDAPUrl.cpp \
+			LDAPUrlList.cpp \
+			LdifReader.cpp \
+			LdifWriter.cpp \
+			SaslInteraction.cpp \
+			SaslInteractionHandler.cpp \
+			StringList.cpp \
+			TlsOptions.cpp
+
+include_HEADERS = LDAPAsynConnection.h \
+			LDAPAttribute.h \
+			LDAPAttributeList.h \
+			LDAPAttrType.h \
+			LDAPConnection.h \
+			LDAPConstraints.h \
+			LDAPControl.h \
+			LDAPControlSet.h \
+			LDAPEntry.h \
+			LDAPEntryList.h \
+			LDAPException.h \
+			LDAPExtResult.h \
+			LDAPMessage.h \
+			LDAPMessageQueue.h \
+			LDAPModification.h \
+			LDAPModList.h \
+			LDAPObjClass.h \
+			LDAPRebind.h \
+			LDAPRebindAuth.h \
+			LDAPReferenceList.h \
+			LDAPResult.h \
+			LDAPSaslBindResult.h \
+			LDAPSchema.h \
+			LDAPSearchReference.h \
+			LDAPSearchResult.h \
+			LDAPSearchResults.h \
+			LDAPUrl.h \
+			LDAPUrlList.h \
+			LdifReader.h \
+			LdifWriter.h \
+			SaslInteraction.h \
+			SaslInteractionHandler.h \
+			StringList.h \
+			TlsOptions.h
+
+noinst_HEADERS = ac/time.h \
+		debug.h \
+		LDAPAddRequest.h \
+		LDAPBindRequest.h \
+		LDAPCompareRequest.h \
+		LDAPDeleteRequest.h \
+		LDAPExtRequest.h \
+		LDAPModDNRequest.h \
+		LDAPModifyRequest.h \
+		LDAPRequest.h \
+		LDAPSearchRequest.h
+
+libldapcpp_la_LIBADD = -lldap -llber
+libldapcpp_la_LDFLAGS = -version-info @OPENLDAP_CPP_API_VERSION@
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .cpp .lo .o .obj
+$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign src/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure:  $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status src/config.h
+$(srcdir)/config.h.in:  $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+	}
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+libldapcpp.la: $(libldapcpp_la_OBJECTS) $(libldapcpp_la_DEPENDENCIES) 
+	$(libldapcpp_la_LINK) -rpath $(libdir) $(libldapcpp_la_OBJECTS) $(libldapcpp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPAddRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPAsynConnection.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPAttrType.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPAttribute.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPAttributeList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPBindRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPCompareRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPConnection.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPConstraints.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPControl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPControlSet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPDeleteRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPEntryList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPException.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPExtRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPExtResult.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPMessage.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPMessageQueue.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPModDNRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPModList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPModification.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPModifyRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPObjClass.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPRebind.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPRebindAuth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPReferenceList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPResult.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSaslBindResult.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSchema.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSearchReference.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSearchRequest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSearchResult.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPSearchResults.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPUrl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LDAPUrlList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LdifReader.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/LdifWriter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/SaslInteraction.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/SaslInteractionHandler.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/StringList.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/TlsOptions.Plo@am__quote@
+
+.cpp.o:
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+@am__fastdepCXX_TRUE@	$(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@	$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LTCXXCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-includeHEADERS: $(include_HEADERS)
+	@$(NORMAL_INSTALL)
+	test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+	@list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \
+	  $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \
+	done
+
+uninstall-includeHEADERS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(includedir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(HEADERS) config.h
+installdirs:
+	for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-hdr distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-includeHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES
+
+.MAKE: all install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libLTLIBRARIES clean-libtool ctags distclean \
+	distclean-compile distclean-generic distclean-hdr \
+	distclean-libtool distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-dvi install-dvi-am install-exec \
+	install-exec-am install-html install-html-am \
+	install-includeHEADERS install-info install-info-am \
+	install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-am uninstall-includeHEADERS \
+	uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/contrib/ldapc++/src/SaslInteraction.cpp b/contrib/ldapc++/src/SaslInteraction.cpp
new file mode 100644
index 0000000..a4ad187
--- /dev/null
+++ b/contrib/ldapc++/src/SaslInteraction.cpp
@@ -0,0 +1,44 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <SaslInteraction.h>
+#include <iostream>
+#include "debug.h"
+
+SaslInteraction::SaslInteraction( sasl_interact_t *interact ) :
+        m_interact(interact) {}
+
+SaslInteraction::~SaslInteraction()
+{
+    DEBUG(LDAP_DEBUG_TRACE, "SaslInteraction::~SaslInteraction()" << std::endl);
+}
+
+unsigned long SaslInteraction::getId() const
+{
+    return m_interact->id;
+}
+
+const std::string SaslInteraction::getPrompt() const
+{
+    return std::string(m_interact->prompt);
+}
+
+const std::string SaslInteraction::getChallenge() const
+{
+    return std::string(m_interact->challenge);
+}
+
+const std::string SaslInteraction::getDefaultResult() const
+{
+    return std::string(m_interact->defresult);
+}
+
+void SaslInteraction::setResult(const std::string &res)
+{
+    m_result = res;
+    m_interact->result = m_result.data();
+    m_interact->len = m_result.size();
+}
diff --git a/contrib/ldapc++/src/SaslInteraction.h b/contrib/ldapc++/src/SaslInteraction.h
new file mode 100644
index 0000000..2033a41
--- /dev/null
+++ b/contrib/ldapc++/src/SaslInteraction.h
@@ -0,0 +1,29 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef SASL_INTERACTION_H
+#define SASL_INTERACTION_H
+
+#include <string>
+#include <sasl/sasl.h>
+
+class SaslInteraction {
+    public:
+        SaslInteraction( sasl_interact_t *interact );
+        ~SaslInteraction();
+        unsigned long getId() const;
+        const std::string getPrompt() const;
+        const std::string getChallenge() const;
+        const std::string getDefaultResult() const;
+
+        void setResult(const std::string &res);
+
+    private:
+        sasl_interact_t *m_interact;
+        std::string m_result;
+
+};
+#endif /* SASL_INTERACTION_H */
diff --git a/contrib/ldapc++/src/SaslInteractionHandler.cpp b/contrib/ldapc++/src/SaslInteractionHandler.cpp
new file mode 100644
index 0000000..cb5d37d
--- /dev/null
+++ b/contrib/ldapc++/src/SaslInteractionHandler.cpp
@@ -0,0 +1,101 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <iostream>
+#include <iomanip>
+#include <limits>
+#include "config.h"
+
+#ifdef HAVE_TERMIOS_H
+#include <termios.h>
+#include <unistd.h>
+#include <cstdio>
+#endif
+
+#include <string.h>
+#include "SaslInteractionHandler.h"
+#include "SaslInteraction.h"
+#include "debug.h"
+
+void DefaultSaslInteractionHandler::handleInteractions( 
+        const std::list<SaslInteraction*> &cb ) 
+{
+    DEBUG(LDAP_DEBUG_TRACE, "DefaultSaslInteractionHandler::handleCallbacks()" 
+            << std::endl );
+    std::list<SaslInteraction*>::const_iterator i;
+
+    for (i = cb.begin(); i != cb.end(); i++ ) {
+        bool noecho;
+
+        cleanupList.push_back(*i);
+
+        std::cout << (*i)->getPrompt();
+        if (! (*i)->getDefaultResult().empty() ) {
+            std::cout << "(" << (*i)->getDefaultResult() << ")" ;
+        }
+        std:: cout << ": ";
+
+        switch ( (*i)->getId() ) {
+            case SASL_CB_PASS:
+            case SASL_CB_ECHOPROMPT:
+                noecho = true;
+                noecho = true;
+            break;
+            default:
+                noecho = false;
+            break;
+        }
+#ifdef HAVE_TERMIOS_H
+        /* turn off terminal echo if needed */
+        struct termios old_attr;
+        if ( noecho ) {
+            struct termios attr;
+            if (tcgetattr(STDIN_FILENO, &attr) < 0) {
+                perror("tcgetattr");
+            }
+
+            /* save terminal attributes */
+            memcpy(&old_attr, &attr, sizeof(attr));
+
+            /* disable echo */
+            attr.c_lflag &= ~(ECHO);
+
+            /* write attributes to terminal */
+            if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) < 0) {
+                perror("tcsetattr");
+            }
+        }
+#endif /* HAVE_TERMIOS_H */
+        std::string input;
+        std::cin >> std::noskipws >> input;
+        std::cin >> std::skipws;
+        (*i)->setResult(input);
+        if( std::cin.fail() ) {
+            std::cin.clear();
+        }
+        /* ignore the rest of the input line */
+        std::cin.ignore(std::numeric_limits<std::streamsize>::max(), '\n');
+
+#ifdef HAVE_TERMIOS_H
+        /* restore terminal settings */
+        if ( noecho ) {
+            tcsetattr(STDIN_FILENO, TCSANOW, &old_attr);
+            std::cout << std::endl;
+        }
+#endif /* HAVE_TERMIOS_H */
+    }
+}
+
+DefaultSaslInteractionHandler::~DefaultSaslInteractionHandler()
+{
+    DEBUG(LDAP_DEBUG_TRACE, "DefaultSaslInteractionHandler::~DefaultSaslInteractionHandler()"
+            << std::endl );
+
+    std::list<SaslInteraction*>::const_iterator i;
+    for (i = cleanupList.begin(); i != cleanupList.end(); i++ ) {
+        delete(*i);
+    }
+}
diff --git a/contrib/ldapc++/src/SaslInteractionHandler.h b/contrib/ldapc++/src/SaslInteractionHandler.h
new file mode 100644
index 0000000..d356983
--- /dev/null
+++ b/contrib/ldapc++/src/SaslInteractionHandler.h
@@ -0,0 +1,27 @@
+// $OpenLDAP$
+/*
+ * Copyright 2007-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef SASL_INTERACTION_HANDLER_H
+#define SASL_INTERACTION_HANDLER_H
+#include <list>
+
+class SaslInteraction;
+
+class SaslInteractionHandler {
+    public:
+        virtual void handleInteractions( const std::list<SaslInteraction*> &cb )=0;
+        virtual ~SaslInteractionHandler() {}
+};
+
+class DefaultSaslInteractionHandler {
+    public:
+        virtual void handleInteractions( const std::list<SaslInteraction*> &cb );
+        virtual ~DefaultSaslInteractionHandler();
+
+    private:
+        std::list<SaslInteraction*> cleanupList;
+};
+#endif /* SASL_INTERACTION_HANDLER_H */
diff --git a/contrib/ldapc++/src/StringList.cpp b/contrib/ldapc++/src/StringList.cpp
new file mode 100644
index 0000000..c53f6a4
--- /dev/null
+++ b/contrib/ldapc++/src/StringList.cpp
@@ -0,0 +1,77 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include "StringList.h"
+#include "debug.h"
+
+#include <cstdlib>
+
+using namespace std;
+
+StringList::StringList(){
+}
+
+StringList::StringList(const StringList& sl){
+    m_data= StringList::ListType(sl.m_data);
+}
+
+StringList::StringList(char** values){
+    if(values == 0){
+        m_data=StringList::ListType();
+    }else{
+        char** i;
+        for(i=values; *i != 0; i++){
+            m_data.push_back(string(*i));
+        }
+    }
+}
+
+StringList::~StringList(){
+    DEBUG(LDAP_DEBUG_TRACE,"StringList::~StringList()" << endl);
+}
+
+char** StringList::toCharArray() const{
+    if(!empty()){
+        char** ret = (char**) malloc(sizeof(char*) * (size()+1));
+        StringList::const_iterator i;
+        int j=0;
+        for(i=begin(); i != end(); i++,j++){
+            ret[j]=(char*) malloc(sizeof(char) * (i->size()+1));
+            i->copy(ret[j],string::npos);
+            ret[j][i->size()]=0;
+        }
+        ret[size()]=0;
+        return ret;
+    }else{
+        return 0;
+    }
+}
+
+void StringList::add(const string& value){
+    m_data.push_back(value);
+}
+
+size_t StringList::size() const{
+    return m_data.size();
+}
+
+bool StringList::empty() const{
+    return m_data.empty();
+}
+
+StringList::const_iterator StringList::begin() const{
+    return m_data.begin();
+}
+
+StringList::const_iterator StringList::end() const{
+    return m_data.end();
+}
+
+    
+void StringList::clear(){
+    m_data.clear();
+}
+
diff --git a/contrib/ldapc++/src/StringList.h b/contrib/ldapc++/src/StringList.h
new file mode 100644
index 0000000..95c8c8c
--- /dev/null
+++ b/contrib/ldapc++/src/StringList.h
@@ -0,0 +1,88 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef STRING_LIST_H
+#define STRING_LIST_H
+
+#include <string>
+#include <list>
+/**
+ * Container class to store multiple string-objects
+ */
+class StringList{
+    typedef std::list<std::string> ListType;
+
+    private:
+        ListType m_data;
+
+    public:
+	typedef ListType::const_iterator const_iterator;
+   
+        /**
+         * Constructs an empty list.
+         */   
+        StringList();
+
+        /**
+         * Copy-constructor
+         */
+        StringList(const StringList& sl);
+
+        /**
+         * For internal use only
+         *
+         * This constructor is used by the library internally to create a
+         * list of string from a array for c-Strings (char*)thar was
+         * returned by the C-API
+         */
+        StringList(char** values);
+
+        /**
+         * Destructor
+         */
+        ~StringList();
+    
+        /**
+         * The methods converts the list to a 0-terminated array of
+         * c-Strings.
+         */
+        char** toCharArray() const;
+  
+        /**
+         * Adds one element to the end of the list.
+         * @param attr The attribute to add to the list.
+         */
+        void add(const std::string& value);
+
+        /**
+         * @return The number of strings that are currently
+         * stored in this list.
+         */
+        size_t size() const;
+
+        /**
+         * @return true if there are zero strings currently
+         * stored in this list.
+         */
+        bool empty() const;
+
+        /**
+         * @return A iterator that points to the first element of the list.
+         */
+        const_iterator begin() const;
+
+        /**
+         * @return A iterator that points to the element after the last
+         * element of the list.
+         */
+        const_iterator end() const;
+
+        /**
+         * removes all elements from the list
+         */
+        void clear(); 
+};
+#endif //STRING_LIST_H
diff --git a/contrib/ldapc++/src/TlsOptions.cpp b/contrib/ldapc++/src/TlsOptions.cpp
new file mode 100644
index 0000000..609f127
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.cpp
@@ -0,0 +1,163 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#include <fstream>
+#include <sstream>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <unistd.h>
+#include <cstring>
+#include "TlsOptions.h"
+#include "LDAPException.h"
+
+enum opttype {
+    INT=0,
+    STRING,
+    OTHER
+};
+
+typedef struct tls_optmap {
+    int optval;
+    opttype type;
+} tls_optmap_t;
+
+static tls_optmap_t optmap[] = {
+    { LDAP_OPT_X_TLS_CACERTFILE, STRING },
+    { LDAP_OPT_X_TLS_CACERTDIR, STRING },
+    { LDAP_OPT_X_TLS_CERTFILE, STRING },
+    { LDAP_OPT_X_TLS_KEYFILE, STRING },
+    { LDAP_OPT_X_TLS_REQUIRE_CERT, INT },
+    { LDAP_OPT_X_TLS_PROTOCOL_MIN, INT },
+    { LDAP_OPT_X_TLS_CIPHER_SUITE, STRING },
+    { LDAP_OPT_X_TLS_RANDOM_FILE, STRING },
+    { LDAP_OPT_X_TLS_CRLCHECK, INT },
+    { LDAP_OPT_X_TLS_DHFILE, STRING },
+    { LDAP_OPT_X_TLS_NEWCTX, INT }
+};
+#if 0 /* not implemented currently */
+        static const int TLS_CRLFILE /* GNUtls only */
+        static const int TLS_SSL_CTX  /* OpenSSL SSL* */
+        static const int TLS_CONNECT_CB
+        static const int TLS_CONNECT_ARG
+#endif 
+
+static void checkOpt( TlsOptions::tls_option opt, opttype type ) {
+    if ( opt < TlsOptions::CACERTFILE || opt >= TlsOptions::LASTOPT ){
+        throw( LDAPException( LDAP_PARAM_ERROR, "unknown Option" ) );
+    }
+
+    if ( optmap[opt].type != type ){
+        throw( LDAPException( LDAP_PARAM_ERROR, "not a string option" ) );
+    }
+}
+
+TlsOptions::TlsOptions() : m_ld(NULL) {}
+
+TlsOptions::TlsOptions( LDAP* ld ): m_ld(ld) { }
+
+void TlsOptions::setOption( tls_option opt, const std::string& value ) const {
+    checkOpt(opt, STRING);
+    switch(opt) {
+        case TlsOptions::CACERTFILE :
+        case TlsOptions::CERTFILE :
+        case TlsOptions::KEYFILE :
+        {
+            // check if the supplied file is actually readable
+            std::ifstream ifile(value.c_str());
+            if ( !ifile ) {
+                throw( LDAPException( LDAP_LOCAL_ERROR, "Unable to open the supplied file for reading" ) );
+            }
+        }
+        break;
+        case TlsOptions::CACERTDIR :
+        {
+            struct stat st;
+            std::ostringstream msg;
+            bool fail=false;
+            int err = stat(value.c_str(),&st);
+            if ( err ) {
+                msg << strerror(errno);
+                fail = true;
+            } else {
+                if ( !S_ISDIR(st.st_mode) ){
+                    msg << "The supplied path is not a directory.";
+                    fail = true;
+                }
+            }
+            if ( fail ) {
+                std::ostringstream errstr;
+                errstr << "Error while setting Certificate Directory (" << value << "): " << msg.str();
+                throw( LDAPException( LDAP_LOCAL_ERROR, errstr.str() ) );
+            }
+        }
+        break;
+    }
+    this->setOption( opt, value.empty() ? NULL : (void*) value.c_str() );
+}
+
+void TlsOptions::setOption( tls_option opt, int value ) const {
+    checkOpt(opt, INT);
+    this->setOption( opt, (void*) &value);
+}
+
+void TlsOptions::setOption( tls_option opt, void *value ) const {
+    int ret = ldap_set_option( m_ld, optmap[opt].optval, value);
+    if ( ret != LDAP_OPT_SUCCESS )
+    {
+        if ( ret != LDAP_OPT_ERROR ){
+            throw( LDAPException( ret ));
+        } else {
+            throw( LDAPException( LDAP_PARAM_ERROR, "error while setting TLS option" ) );
+        }
+    }
+    this->newCtx();
+}
+
+void TlsOptions::getOption( tls_option opt, void* value ) const {
+    int ret = ldap_get_option( m_ld, optmap[opt].optval, value);
+    if ( ret != LDAP_OPT_SUCCESS )
+    {
+        if ( ret != LDAP_OPT_ERROR ){
+            throw( LDAPException( ret ));
+        } else {
+            throw( LDAPException( LDAP_PARAM_ERROR, "error while reading TLS option" ) );
+        }
+    }
+}
+
+int TlsOptions::getIntOption( tls_option opt ) const {
+    int value;
+    checkOpt(opt, INT);
+    ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
+    return value;
+}
+
+std::string TlsOptions::getStringOption( tls_option opt ) const {
+    char *value;
+    checkOpt(opt, STRING);
+    ldap_get_option( m_ld, optmap[opt].optval, (void*) &value);
+    std::string strval;
+    if (value)
+    {
+        strval=std::string(value);
+        ldap_memfree(value);
+    }
+    return strval;
+}
+
+void TlsOptions::newCtx() const {
+    int val = 0;
+    int ret = ldap_set_option( m_ld, LDAP_OPT_X_TLS_NEWCTX, &val);
+    if ( ret != LDAP_OPT_SUCCESS )
+    {
+        if ( ret != LDAP_OPT_ERROR ){
+            throw( LDAPException( ret ));
+        } else {
+            throw( LDAPException( LDAP_LOCAL_ERROR, "error while renewing TLS context" ) );
+        }
+    }
+}
diff --git a/contrib/ldapc++/src/TlsOptions.h b/contrib/ldapc++/src/TlsOptions.h
new file mode 100644
index 0000000..41d6ee3
--- /dev/null
+++ b/contrib/ldapc++/src/TlsOptions.h
@@ -0,0 +1,162 @@
+// $OpenLDAP$
+/*
+ * Copyright 2010-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+#ifndef TLS_OPTIONS_H
+#define TLS_OPTIONS_H
+#include <string>
+#include <ldap.h>
+
+/**
+ * Class to access the global (and connection specific) TLS Settings
+ * To access the global TLS Settings just instantiate a TlsOption object
+ * using the default constructor.
+ *
+ * To access connection specific settings instantiate a TlsOption object
+ * through the getTlsOptions() method from the corresponding
+ * LDAPConnection/LDAPAsynConnection object.
+ *
+ */
+class TlsOptions {
+    public:
+
+        /**
+         * Available TLS Options
+         */
+        enum tls_option {
+            CACERTFILE=0, 
+            CACERTDIR,
+            CERTFILE,
+            KEYFILE,
+            REQUIRE_CERT,
+            PROTOCOL_MIN,
+            CIPHER_SUITE,
+            RANDOM_FILE,
+            CRLCHECK,
+            DHFILE,
+            /// @cond
+            LASTOPT /* dummy */
+            /// @endcond
+        };
+
+        /**
+         * Possible Values for the REQUIRE_CERT option
+         */
+        enum verifyMode {
+            NEVER=0,
+            HARD,
+            DEMAND,
+            ALLOW,
+            TRY
+        };
+
+        /**
+         * Possible Values for the CRLCHECK option
+         */
+        enum crlMode {
+            CRL_NONE=0,
+            CRL_PEER,
+            CRL_ALL
+        };
+
+
+        /**
+         * Default constructor. Gives access to the global TlsSettings
+         */
+        TlsOptions();
+
+        /**
+         * Set string valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::CACERTFILE 
+         *      - TlsOptions::CACERTDIR
+         *      - TlsOptions::CERTFILE
+         *      - TlsOptions::KEYFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *      - TlsOptions::RANDOM_FILE
+         *      - TlsOptions::DHFILE
+         *  @param value The value to apply to that option, 
+         *      - TlsOptions::CACERTFILE:
+         *          The path to the file containing all recognized Certificate
+         *          Authorities
+         *      - TlsOptions::CACERTDIR:
+         *          The path to a directory containing individual files of all
+         *          recognized Certificate Authority certificates
+         *      - TlsOptions::CERTFILE:
+         *          The path to the client certificate
+         *      - TlsOptions::KEYFILE:
+         *          The path to the file containing the private key matching the 
+         *          Certificate that as configured with TlsOptions::CERTFILE
+         *      - TlsOptions::CIPHER_SUITE
+         *          Specifies the cipher suite and preference order
+         *      - TlsOptions::RANDOM_FILE
+         *          Specifies the file to obtain random bits from when 
+         *          /dev/[u]random is not available.
+         *      - TlsOptions::DHFILE
+         *          File containing DH parameters
+         */
+        void setOption(tls_option opt, const std::string& value) const;
+
+        /** 
+         * Set integer valued options.
+         * @param opt The following string valued options are available:
+         *      - TlsOptions::REQUIRE_CERT
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         * @param value The value to apply to that option, 
+         *      - TlsOptions::REQUIRE_CERT:
+         *          Possible Values (For details see the ldap.conf(5) man-page):
+         *              - TlsOptions::NEVER
+         *              - TlsOptions::DEMAND
+         *              - TlsOptions::ALLOW
+         *              - TlsOptions::TRY
+         *      - TlsOptions::PROTOCOL_MIN
+         *      - TlsOptions::CRLCHECK
+         *          Possible Values:
+         *              - TlsOptions::CRL_NONE
+         *              - TlsOptions::CRL_PEER
+         *              - TlsOptions::CRL_ALL
+         */
+        void setOption(tls_option opt, int value) const;
+
+        /**
+         * Generic setOption variant. Generally you should prefer to use one 
+         * of the other variants
+         */
+        void setOption(tls_option opt, void *value) const;
+
+        /**
+         * Read integer valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-integer 
+         *      valued option is requested)
+         */
+        int getIntOption(tls_option opt) const;
+
+        /**
+         * Read string valued options
+         * @return Option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        std::string getStringOption(tls_option opt) const;
+
+        /**
+         * Read options value. Usually you should prefer to use either 
+         * getIntOption() or getStringOption()
+         * @param value points to a buffer containing the option value
+         * @throws LDAPException in case of error (invalid on non-string 
+         *      valued option is requested)
+         */
+        void getOption(tls_option opt, void *value ) const;
+        
+    private:
+        TlsOptions( LDAP* ld );
+        void newCtx() const;
+        LDAP *m_ld;
+
+    friend class LDAPAsynConnection;
+};
+
+#endif /* TLS_OPTIONS_H */
diff --git a/contrib/ldapc++/src/ac/time.h b/contrib/ldapc++/src/ac/time.h
new file mode 100644
index 0000000..cc89f70
--- /dev/null
+++ b/contrib/ldapc++/src/ac/time.h
@@ -0,0 +1,28 @@
+/* Generic time.h */
+/* $OpenLDAP$ */
+/*
+ * Copyright 1998-2022 The OpenLDAP Foundation, Redwood City, California, USA
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted only
+ * as authorized by the OpenLDAP Public License.  A copy of this
+ * license is available at http://www.OpenLDAP.org/license.html or
+ * in file LICENSE in the top-level directory of the distribution.
+ */
+
+#ifndef _AC_TIME_H
+#define _AC_TIME_H
+
+#ifdef TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#elif defined HAVE_SYS_TIME_H
+# include <sys/time.h>
+# ifdef HAVE_SYS_TIMEB_H
+#  include <sys/timeb.h>
+# endif
+#else
+# include <time.h>
+#endif
+
+#endif /* _AC_TIME_H */
diff --git a/contrib/ldapc++/src/config.h.in b/contrib/ldapc++/src/config.h.in
new file mode 100644
index 0000000..3042472
--- /dev/null
+++ b/contrib/ldapc++/src/config.h.in
@@ -0,0 +1,70 @@
+/* src/config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <ldap.h> header file. */
+#undef HAVE_LDAP_H
+
+/* Define to 1 if you have the `resolv' library (-lresolv). */
+#undef HAVE_LIBRESOLV
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <termios.h> header file. */
+#undef HAVE_TERMIOS_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to 1 ot enable debug logging */
+#undef WITH_DEBUG
diff --git a/contrib/ldapc++/src/debug.h b/contrib/ldapc++/src/debug.h
new file mode 100644
index 0000000..e80b760
--- /dev/null
+++ b/contrib/ldapc++/src/debug.h
@@ -0,0 +1,33 @@
+// $OpenLDAP$
+/*
+ * Copyright 2000-2022 The OpenLDAP Foundation, All Rights Reserved.
+ * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+ */
+
+#ifndef DEBUG_H
+#define DEBUG_H
+#include <iostream>
+#include "config.h"
+#define LDAP_DEBUG_NONE         0x0000
+#define LDAP_DEBUG_TRACE        0x0001
+#define LDAP_DEBUG_CONSTRUCT    0x0002
+#define LDAP_DEBUG_DESTROY      0x0004
+#define LDAP_DEBUG_PARAMETER    0x0008
+#define LDAP_DEBUG_ANY          0xffff 
+
+#define DEBUGLEVEL LDAP_DEBUG_ANY
+
+#define PRINT_FILE	\
+	std::cerr << "file: " __FILE__  << " line: " << __LINE__ 
+
+#ifdef WITH_DEBUG
+#define DEBUG(level, arg)       \
+    if((level) & DEBUGLEVEL){     \
+        std::cerr  << arg ;          \
+    } 
+#else
+#undef DEBUG
+#define DEBUG(level,arg)
+#endif //WITH_DEBUG
+
+#endif // DEBUG_H
diff --git a/contrib/ldapc++/src/stamp-h.in b/contrib/ldapc++/src/stamp-h.in
new file mode 100644
index 0000000..9788f70
--- /dev/null
+++ b/contrib/ldapc++/src/stamp-h.in
@@ -0,0 +1 @@
+timestamp
diff --git a/contrib/ldapc++/version.sh b/contrib/ldapc++/version.sh
new file mode 100755
index 0000000..1e52ade
--- /dev/null
+++ b/contrib/ldapc++/version.sh
@@ -0,0 +1,10 @@
+#! /bin/sh
+# $OpenLDAP$
+#
+# Copyright 2008-2022 The OpenLDAP Foundation. All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+DIR=`dirname $0`
+. $DIR/version.var
+
+echo OL_CPP_API_VERSION=$ol_cpp_api_current:$ol_cpp_api_revision:$ol_cpp_api_age
+echo OL_CPP_API_RELEASE=$ol_cpp_api_rel_major.$ol_cpp_api_rel_minor.$ol_cpp_api_rel_patch
diff --git a/contrib/ldapc++/version.var b/contrib/ldapc++/version.var
new file mode 100644
index 0000000..7692c6c
--- /dev/null
+++ b/contrib/ldapc++/version.var
@@ -0,0 +1,13 @@
+#! /bin/sh
+# $OpenLDAP$
+#
+# Copyright 2008-2022 The OpenLDAP Foundation. All Rights Reserved.
+# COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+
+ol_cpp_api_rel_major=0
+ol_cpp_api_rel_minor=0
+ol_cpp_api_rel_patch=0
+
+ol_cpp_api_current=0
+ol_cpp_api_revision=0
+ol_cpp_api_age=0
diff --git a/contrib/ldaptcl/CHANGES b/contrib/ldaptcl/CHANGES
new file mode 100644
index 0000000..7a48c09
--- /dev/null
+++ b/contrib/ldaptcl/CHANGES
@@ -0,0 +1,30 @@
+Package version 2.0:
+- Detects OpenLDAP 2.0 and builds correctly with it.
+- Increment major version to 2, library file to libldaptcl2.0.so.
+- Can now perform add/delete/replace modifications in a single command.
+- Replaced calls to TclX_WrongArgs with core Tcl_WrongNumArgs to reduce
+  dependency on Extended Tcl.
+- Wrap dereference search control with #ifdef LDAP_OPT_DEREF.
+- Deref during search should work.
+- Add protocol_version option to ldap init command.
+- Add LDAPTCL_PROTOCOL_VERSION_DEFAULT to allow specifying the default
+  protocol version used.
+- Add controlArray(timeout) to control timeouts during searches.
+- Add controlArray(cache) to control caching current search results.
+  (Experience has shown this to be not very useful or not working correctly.
+  Caching search results should probably be done in Ldaptcl rather than
+  letting the LDAP API do it.)
+- Add "compare" subcommand
+- Add experimental trap subcommand (undocumented -- use at your own risk).
+
+Package version 1.2:
+
+- Filter no longer a required controlArray member, defaults to objectclass=*.
+- Sets errorCode with LDAP macro string value (better to test than the more
+  human readable values).
+- Shorten minimum required characters for search scope definitions: now allows
+  "base", "one", and "sub".  For the latter two, additional characters are
+  ignored.
+- Now compiles successfully with -devel branch.
+- Client cache management code enabled for OpenLDAP versions <= 1.2.4.  (This
+  code is relatively untested and feedback is welcome.)
diff --git a/contrib/ldaptcl/COPYRIGHT b/contrib/ldaptcl/COPYRIGHT
new file mode 100644
index 0000000..74651ee
--- /dev/null
+++ b/contrib/ldaptcl/COPYRIGHT
@@ -0,0 +1,31 @@
+Copyright 1998-2022 The OpenLDAP Foundation.  All rights reserved.
+
+COPYING RESTRICTIONS APPLY.
+
+See COPYRIGHT and LICENSE files in the top-level directory of this
+distribution (i.e., ../../COPYRIGHT and ../../LICENSE, respectively).
+
+---
+NeoSoft Tcl client extensions to Lightweight Directory Access Protocol.
+
+Copyright (c) 1998-1999 NeoSoft, Inc.  
+All Rights Reserved.
+
+This software may be used, modified, copied, distributed, and sold,
+in both source and binary form provided that these copyrights are
+retained and their terms are followed.
+
+Under no circumstances are the authors or NeoSoft Inc. responsible
+for the proper functioning of this software, nor do the authors
+assume any liability for damages incurred with its use.
+
+Redistribution and use in source and binary forms are permitted
+provided that this notice is preserved and that due credit is given
+to NeoSoft, Inc.
+
+NeoSoft, Inc. may not be used to endorse or promote products derived
+from this software without specific prior written permission. This
+software is provided ``as is'' without express or implied warranty.
+
+Requests for permission may be sent to NeoSoft Inc, 1770 St. James Place,
+Suite 500, Houston, TX, 77056.
diff --git a/contrib/ldaptcl/Makefile.in b/contrib/ldaptcl/Makefile.in
new file mode 100644
index 0000000..8f2323c
--- /dev/null
+++ b/contrib/ldaptcl/Makefile.in
@@ -0,0 +1,196 @@
+#
+# This file is a Makefile for Neo, the NeoSoft extensions to Tcl.
+# If it has the name "Makefile.in" then it is a template for a
+# Makefile;  to generate the actual Makefile, run "./configure",
+# which is a configuration script generated by the "autoconf" program
+# (constructs like "@foo@" will get replaced in the actual Makefile.
+#
+
+VERSION = @NEO_VERSION@
+LIBNAME = @NEO_SHARED_LIB_FILE@
+
+# Default top-level directories in which to install architecture-
+# specific files (exec_prefix) and machine-independent files such
+# as scripts (prefix).  The values specified here may be overridden
+# at configure-time with the --exec-prefix and --prefix options
+# to the "configure" script.
+
+prefix =        @prefix@
+exec_prefix =       @exec_prefix@
+
+# The following definition can be set to non-null for special systems
+# like AFS with replication.  It allows the pathnames used for installation
+# to be different than those used for actually reference files at
+# run-time.  DESTDIR is prepended to $prefix and $exec_prefix
+# when installing files.
+DESTDIR =
+
+# Directory in which to search for tcl libraries
+NEO_LIBRARY	= $(exec_prefix)/lib/ldaptcl$(VERSION)
+
+# Directory in which to install the ldaptcl binary:
+BIN_INSTALL_DIR = $(DESTDIR)$(exec_prefix)/bin
+
+# Directory in which to install the .a or .so binary for the Neo library:
+LIB_INSTALL_DIR = $(DESTDIR)$(exec_prefix)/lib
+
+# Path to use at runtime to refer to LIB_INSTALL_DIR:
+LIB_RUNTIME_DIR =	$(exec_prefix)/lib
+
+# Top-level directory for man entries:
+MANN_INSTALL_DIR =	$(DESTDIR)$(prefix)/man/mann
+
+
+# The symbols below provide support for dynamic loading and shared
+# libraries.  The values of the symbols are normally set by the
+# configure script.  You shouldn't normally need to modify any of
+# these definitions by hand.
+
+SHLIB_CFLAGS = @NEO_SHLIB_CFLAGS@
+
+NEO_LIB_FILE = @NEO_LIB_FILE@
+
+NEO_SHARED_LIB_FILE = @NEO_SHARED_LIB_FILE@
+
+# The directory containing the Tcl sources and headers appropriate
+# for this version of Neo ("srcdir" will be replaced or has already
+# been replaced by the configure script):
+TCL_GENERIC_DIR =   @TCL_SRC_DIR@/generic
+
+# The top of the TclX directory tree
+TCLX_TOP_DIR	=	@TCLX_TOP_DIR@
+
+# The directory where tclExtend.h will be:
+TCLX_TCL_GEN_DIR =	${TCLX_TOP_DIR}/tcl/generic
+
+# The directory where tclXunixPort.h will be:
+TCLX_TCL_UNIX_DIR =	${TCLX_TOP_DIR}/tcl/unix
+
+# The path to tclX the runtcl script:
+TCLX_RUNTCL	=	${TCLX_TOP_DIR}/unix/runtcl
+
+# The directory containing the Tcl library archive file appropriate
+# for this version of Neo:
+TCL_BIN_DIR =       @TCL_BIN_DIR@
+
+
+# The symbol below provides support for dynamic loading and shared
+# libraries.  See configure.ac for a description of what it means.
+# The values of the symbolis normally set by the configure script.
+
+SHLIB_LD = @SHLIB_LD@
+
+# Set to the options to include libldap.a and liblber.a 
+# (eg. -L../tools/blah -lldap -llber)
+
+LDAP_LIBFLAGS	= @ldaplibflags@
+LDAP_CFLAGS	= @ldapinclude@
+LDAP_INCDIR	= @ldapincdir@
+LDAP_BUILD	= @ldapbuild@
+LDAP_DIR	= @ldapdir@
+
+
+#----------------------------------------------------------------
+# The information below is modified by the configure script when
+# Makefile is generated from Makefile.in.  You shouldn't normally
+# modify any of this stuff by hand.
+#----------------------------------------------------------------
+
+AC_FLAGS =      @DEFS@
+INSTALL=	@INSTALL@
+INSTALL_PROGRAM =   @INSTALL_PROGRAM@
+INSTALL_DATA =      @INSTALL_DATA@
+RANLIB =        @RANLIB@
+SRC_DIR =       @srcdir@/..
+TOP_DIR =       @srcdir@/..
+GENERIC_DIR =       $(TOP_DIR)/generic
+
+#----------------------------------------------------------------
+# The information below should be usable as is.  The configure
+# script won't modify it and you shouldn't need to modify it
+# either.
+#----------------------------------------------------------------
+
+
+OBJS= neoXldap.o
+
+LIBDIR=$(exec_prefix)/lib
+INCDIR=$(prefix)/include
+
+LIBS= @LIBS@ @TCLX_LIB_SPEC@ @TCL_LIB_SPEC@ @TCL_LIBS@ $(LDAP_LIBFLAGS) -lc
+TK_LIBS=@TKX_LIB_SPEC@ @TK_LIB_SPEC@ @TK_LIBS@
+TK_VERSION=@TK_VERSION@
+
+CC =        @CC@
+CC_SWITCHES =   ${CFLAGS} @NEO_SHLIB_CFLAGS@ -I. \
+-I@prefix@/include ${AC_FLAGS} ${PROTO_FLAGS} \
+${SECURITY_FLAGS} ${MEM_DEBUG_FLAGS} ${KEYSYM_FLAGS} \
+-DNEO_LIBRARY=\"${NEO_LIBRARY}\" -DVERSION=\"${VERSION}\" 
+
+TK_SWITCHES = ${CC_SWITCHES} @TK_XINCLUDES@
+
+.c.o:
+	$(CC) -c $(CC_SWITCHES) $<
+
+all:	@NEO_LIB_FILE@ ldaptclsh @LDAPWISH@
+
+@NEO_LIB_FILE@:	$(OBJS)
+	rm -f @NEO_LIB_FILE@
+	@MAKE_LIB@
+	$(RANLIB) @NEO_LIB_FILE@
+
+neoXldap.o: neoXldap.c ldaptclerr.h
+	$(CC) -c $(LDAP_CFLAGS) $(CC_SWITCHES) neoXldap.c
+
+ldaptclerr.h: ldaperr.tcl
+	tcl ldaperr.tcl $(LDAP_INCDIR)/ldap.h > ldaptclerr.h
+
+
+clean:
+	-rm -f ldaptclsh ldapwish
+	-rm -f *.o *.a *.so*
+
+distclean: clean
+	rm -f Makefile pkgIndex.tcl config.cache config.log config.status \
+		ldaptclerr.h
+
+install: install-binaries install-man
+
+install-binaries: @NEO_LIB_FILE@ ldaptclsh @LDAPWISH@
+	@-mkdir -p $(BIN_INSTALL_DIR)
+	$(INSTALL_PROGRAM) ldaptclsh $(BIN_INSTALL_DIR)/ldaptclsh
+	@if [ -n "@LDAPWISH@" ] ; then \
+	    echo $(INSTALL_PROGRAM) ldapwish $(BIN_INSTALL_DIR)/ldapwish; \
+	    $(INSTALL_PROGRAM) ldapwish $(BIN_INSTALL_DIR)/ldapwish; \
+	fi
+	$(INSTALL_DATA) @NEO_LIB_FILE@ $(LIB_INSTALL_DIR)
+	@if [ "$(NEO_LIB_FILE)" = "$(NEO_SHARED_LIB_FILE)" ] ; then \
+		echo Installing pkgIndex.tcl in $(NEO_LIBRARY); \
+		mkdir -p $(NEO_LIBRARY); \
+		$(INSTALL_DATA) pkgIndex.tcl $(NEO_LIBRARY); \
+	fi
+
+
+install-man:
+	@for i in ldap.n; \
+	    do \
+	    echo "Installing $$i"; \
+	    rm -f $(MANN_INSTALL_DIR)/$$i; \
+	    sed -e '/man\.macros/r man.macros' -e '/man\.macros/d' \
+		    $$i > $(MANN_INSTALL_DIR)/$$i; \
+	    chmod 444 $(MANN_INSTALL_DIR)/$$i; \
+	done;
+
+
+TCLOFILES= tclAppInit.o
+
+ldaptclsh:$(TCLOFILES) @NEO_LIB_FILE@
+	$(CC) @LD_FLAGS@ $(TCLOFILES) @NEO_BUILD_LIB_SPEC@ $(LIBS) \
+	@TCL_LD_SEARCH_FLAGS@ -o ldaptclsh
+
+tkAppInit.o: tkAppInit.c
+	$(CC) -c ${TK_SWITCHES} tkAppInit.c
+
+ldapwish:tkAppInit.o @NEO_LIB_FILE@
+	$(CC) @LD_FLAGS@ tkAppInit.o @NEO_BUILD_LIB_SPEC@ $(TK_LIBS) $(LIBS) \
+	@TCL_LD_SEARCH_FLAGS@ -o ldapwish
diff --git a/contrib/ldaptcl/README b/contrib/ldaptcl/README
new file mode 100644
index 0000000..1b70f59
--- /dev/null
+++ b/contrib/ldaptcl/README
@@ -0,0 +1,67 @@
+Copyright (c) 1998-1999 NeoSoft, Inc.
+
+For licensing information, see the file neoXldap.c and/or the COPYRIGHT
+file contained in the directory you found this file.
+
+This directory contains an extension to Tcl to interface with an
+LDAP server.  While this software is being released to the OpenLDAP
+community, it is the authors' intention that support continue (and
+be added) for other client libraries as well.  As time goes on, it
+is expected that code will converge rather than diverge.
+
+Support is provided for University of Michigan LDAP version 3.3,
+OpenLDAP, and Netscape.  The default configuration supports
+OpenLDAP 1.2.4 and above.
+
+OpenLDAP 2.x is supported, but there is not yet any support for
+using SASL or TLS.  There may be interface changes in the LDAP API
+which the author is unaware of (a leak was recently fixed for the
+return values of ldap_first/next_attribute() calls).
+
+It uses GNU autoconf.  It builds and installs without requiring
+parallel directories, but it does require that Tcl and Extended Tcl
+are installed in the directory pointed to by --prefix (/usr/local
+by default).
+
+For further info, try "./configure --help".
+
+For example, I run:
+
+    ./configure  --prefix=/opt/neotcl --enable-shared \
+	--with-ldap=/usr/local/ldap
+
+Remember that --prefix must be the same prefix used when building
+and installint Tcl.
+
+Netscape configuration has not been well tested, and you may have to
+play with the resulting Makefile to get it to work.  In particular,
+you will probably need to modify the LDAP_LIBFLAGS.  However, the
+C code itself is reasonably well tested with Netscape.
+
+This module will install a regular shell (ldaptclsh) a windowing
+shell (ldapwish) a library, a pkgIndex.tcl, and a manpage (ldap.n).
+
+If your Tcl installation has been configured with --enable-shared,
+then you must also use --enable-shared here.
+
+Shared libraries and Tcl packages.
+
+If Tcl is built with --enable-shared, AND OpenLDAP (or another version
+for that matter) has been build to create -llber and -lldap as shared
+libraries, AND you build ldaptcl with --enable-shared, it should be
+possible to run a plain Tcl interpreter (eg. tclsh8.0) and do
+
+		package require Ldaptcl
+
+which will install the "ldap" command into the interpreter.
+
+You may need to set the LD_LIBRARY_PATH environment variable appropriately,
+or use -R or -W,-rpath ld command options to resolve the search for ldap
+and lber libraries.
+
+This package was test built on a Alpha OSF4.0e with the native C
+compiler.
+
+Please email comments or bug fixes to openldap-devel@OpenLDAP.org,
+or to kunkee@OpenLDAP.org.  I would also like to know if you are
+using this interface, so I invite you to drop me an email if you do.
diff --git a/contrib/ldaptcl/configure b/contrib/ldaptcl/configure
new file mode 100755
index 0000000..8fbe5a9
--- /dev/null
+++ b/contrib/ldaptcl/configure
@@ -0,0 +1,4221 @@
+#! /bin/sh
+# From configure.ac Id: 16b135293616700c63077e9a1a601681d4442fdd .
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.69.
+#
+#
+# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+# Use a proper internal environment variable to ensure we don't fall
+  # into an infinite loop, continuously re-executing ourselves.
+  if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then
+    _as_can_reexec=no; export _as_can_reexec;
+    # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+as_fn_exit 255
+  fi
+  # We don't want this to propagate to other subprocesses.
+          { _as_can_reexec=; unset _as_can_reexec;}
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1
+test -x / || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  export CONFIG_SHELL
+             # We cannot yet assume a decent shell, so we have to provide a
+# neutralization value for shells without unset; and this also
+# works around shells that cannot unset nonexistent variables.
+# Preserve -v and -x to the replacement shell.
+BASH_ENV=/dev/null
+ENV=/dev/null
+(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+case $- in # ((((
+  *v*x* | *x*v* ) as_opts=-vx ;;
+  *v* ) as_opts=-v ;;
+  *x* ) as_opts=-x ;;
+  * ) as_opts= ;;
+esac
+exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"}
+# Admittedly, this is quite paranoid, since all the known shells bail
+# out after a failed `exec'.
+$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2
+exit 255
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # If we had to re-execute with $CONFIG_SHELL, we're ensured to have
+  # already done that, so ensure we don't try to do so again and fall
+  # in an infinite loop.  This has already happened in practice.
+  _as_can_reexec=no; export _as_can_reexec
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME=
+PACKAGE_TARNAME=
+PACKAGE_VERSION=
+PACKAGE_STRING=
+PACKAGE_BUGREPORT=
+PACKAGE_URL=
+
+ac_unique_file="neoXldap.c"
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+NEO_VERSION
+NEO_SHLIB_CFLAGS
+NEO_MINOR_VERSION
+NEO_MAJOR_VERSION
+NEO_LIB_SPEC
+NEO_LIB_FILE
+NEO_UNSHARED_LIB_FILE
+NEO_SHARED_LIB_FILE
+NEO_LD_SEARCH_FLAGS
+NEO_BUILD_LIB_SPEC
+TCL_VERSION
+TCL_LIB_HNAME
+TCL_LD_SEARCH_FLAGS
+TCL_LIB_SPEC
+TCL_BIN_DIR
+TCL_SRC_DIR
+TCL_LIBS
+ITCL_LIB_SPEC
+TCLX_LIB_SPEC
+TCLX_TCL_DIR
+TCLX_TOP_DIR
+SHLIB_VERSION
+SHLIB_SUFFIX
+SHLIB_LD_LIBS
+SHLIB_LD
+SHLIB_CFLAGS
+MAKE_LIB
+MATH_LIBS
+LD_FLAGS
+DL_LIBS
+ldapincdir
+ldapdir
+ldapbuild
+ldapinclude
+ldaplibflags
+LDAPWISH
+TKX_LIB_SPEC
+TK_VERSION
+TK_XINCLUDES
+TK_LIB_SPEC
+TK_LIBS
+RANLIB
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+runstatedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_gcc
+with_tk
+with_x
+enable_shared
+with_ldap
+with_ldap_incdir
+with_ldap_libdir
+with_ldap_libraries
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir runstatedir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures this package to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/PACKAGE]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-gcc            allow use of gcc if available
+  --enable-shared         build libldaptcl as a shared library
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-tk=DIR          use Tk 8.0 binaries from DIR
+  --without-x            do not build/install ldapwish
+  --with-ldap=<dir>           common parent of ldap include and lib dirs
+  --with-ldap-incdir=<dir>    path to ldap.h
+  --with-ldap-libdir=<dir>    path to ldap and lber libs
+  --with-ldap-libflags=<libnames>   -l flags for ldap libraries
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to the package provider.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+configure
+generated by GNU Autoconf 2.69
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by $as_me, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  # We do not want a PATH search for config.site.
+  case $CONFIG_SITE in #((
+    -*)  ac_site_file1=./$CONFIG_SITE;;
+    */*) ac_site_file1=$CONFIG_SITE;;
+    *)   ac_site_file1=./$CONFIG_SITE;;
+  esac
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# $OpenLDAP$
+
+
+
+NEO_VERSION=2.0
+NEO_MAJOR_VERSION=2
+NEO_MINOR_VERSION=0
+VERSION=${NEO_VERSION}
+
+if test "${prefix}" = "NONE"; then
+    prefix=/usr/local
+fi
+if test "${exec_prefix}" = "NONE"; then
+    exec_prefix=$prefix
+fi
+
+# Check whether --enable-gcc was given.
+if test "${enable_gcc+set}" = set; then :
+  enableval=$enable_gcc; neo_ok=$enableval
+else
+  neo_ok=no
+fi
+
+if test "$neo_ok" = "yes"; then
+    ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_CC+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+if test -z "$ac_file"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if ${ac_cv_objext+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if ${ac_cv_c_compiler_gnu+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if ${ac_cv_prog_cc_g+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+else
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if ${ac_cv_prog_cc_c89+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+struct stat;
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+else
+    CC=${CC-cc}
+
+fi
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  if test -f "$ac_dir/install-sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install-sh -c"
+    break
+  elif test -f "$ac_dir/install.sh"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/install.sh -c"
+    break
+  elif test -f "$ac_dir/shtool"; then
+    ac_aux_dir=$ac_dir
+    ac_install_sh="$ac_aux_dir/shtool install -c"
+    break
+  fi
+done
+if test -z "$ac_aux_dir"; then
+  as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if ${ac_cv_path_install+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+  ./ | .// | /[cC]/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+  done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_prog_ac_ct_RANLIB+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+
+if test ! -f $exec_prefix/lib/tclConfig.sh
+then
+    as_fn_error $? "Tcl must be installed first" "$LINENO" 5
+fi
+
+. $exec_prefix/lib/tclConfig.sh
+
+if test ! -f $exec_prefix/lib/tclxConfig.sh
+then
+    as_fn_error $? "Extended Tcl must be installed first" "$LINENO" 5
+fi
+. $exec_prefix/lib/tclxConfig.sh
+
+
+#--------------------------------------------------------------------
+#	See if there was a command-line option for where Tk is;  if
+#	not, assume that its top-level directory is a sibling of ours.
+#--------------------------------------------------------------------
+
+
+# Check whether --with-tk was given.
+if test "${with_tk+set}" = set; then :
+  withval=$with_tk;
+else
+  with_tk=yes
+fi
+
+
+case "$with_tk" in
+    yes)
+	if test -f $exec_prefix/lib/tkConfig.sh &&
+	   test -f $exec_prefix/lib/tkxConfig.sh
+	then
+	    :
+	else
+	    as_fn_error $? "Tk does not appear to be installed at $exec_prefix" "$LINENO" 5
+	fi
+	;;
+    no) ;;
+    *)  as_fn_error $? "Tk cannot be specified and must be in $exec_prefix" "$LINENO" 5
+	;;
+esac
+
+
+# Check whether --with-x was given.
+if test "${with_x+set}" = set; then :
+  withval=$with_x;
+fi
+
+if test "$with_x" = "no"
+then
+    with_tk=no
+fi
+
+if test "$with_tk" != "no"
+then
+    LDAPWISH=ldapwish
+    . $exec_prefix/lib/tkConfig.sh
+    . $exec_prefix/lib/tkxConfig.sh
+fi
+
+
+
+
+
+
+
+#--------------------------------------------------------------------
+#	Read in configuration information generated by Tcl for shared
+#	libraries, and arrange for it to be substituted into our
+#	Makefile.
+#--------------------------------------------------------------------
+
+CC=$TCL_CC
+SHLIB_CFLAGS=$TCL_SHLIB_CFLAGS
+SHLIB_LD=$TCL_SHLIB_LD
+SHLIB_LD_LIBS=$TCL_SHLIB_LD_LIBS
+SHLIB_SUFFIX=$TCL_SHLIB_SUFFIX
+SHLIB_VERSION=$TCL_SHLIB_VERSION
+DL_LIBS=$TCL_DL_LIBS
+LD_FLAGS=$TCL_LD_FLAGS
+NEO_LD_SEARCH_FLAGS=$TCL_LD_SEARCH_FLAGS
+
+eval "NEO_SHARED_LIB_FILE=libldaptcl${TCL_SHARED_LIB_SUFFIX}"
+eval "NEO_UNSHARED_LIB_FILE=libldaptcl${TCL_UNSHARED_LIB_SUFFIX}"
+
+#--------------------------------------------------------------------
+#	The statements below define a collection of symbols related to
+#	building libldap as a shared library instead of a static library.
+#--------------------------------------------------------------------
+
+# Warning: in order to use the following code for libldap and libdb versions,
+# the VERSION shell variable is modified, and then is restored after.
+
+# Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+  enableval=$enable_shared; ok=$enableval
+else
+  ok=no
+fi
+
+if test "$ok" = "yes" && test "${SHLIB_SUFFIX}" != ""; then
+    NEO_SHLIB_CFLAGS="${SHLIB_CFLAGS}"
+    eval "NEO_LIB_FILE=libldaptcl${TCL_SHARED_LIB_SUFFIX}"
+    MAKE_LIB="\${SHLIB_LD} $TCL_LIB_HNAME -o ${NEO_LIB_FILE} \${OBJS} \${LDAP_LIBFLAGS}"
+    RANLIB=":"
+else
+    NEO_SHLIB_CFLAGS=""
+    eval "NEO_LIB_FILE=libldaptcl${TCL_UNSHARED_LIB_SUFFIX}"
+    MAKE_LIB="ar cr ${NEO_LIB_FILE} \${OBJS}"
+fi
+
+
+# Check whether --with-ldap was given.
+if test "${with_ldap+set}" = set; then :
+  withval=$with_ldap; neo_ldap=$withval
+	case $withval in
+	    yes) ldapdir=/usr/local
+		 ;;
+	    no)  ;;
+	    *)	 ldapdir=$withval
+		 neo_ldap=yes
+		 ;;
+	esac
+
+else
+
+	    neo_ldap=yes
+	    ldapdir=/usr/local
+
+fi
+
+
+ldapincdir=$ldapdir/include
+
+# Check whether --with-ldap-incdir was given.
+if test "${with_ldap_incdir+set}" = set; then :
+  withval=$with_ldap_incdir; ldapincdir=$withval
+fi
+
+
+ldaplibdir=$ldapdir/lib
+
+# Check whether --with-ldap-libdir was given.
+if test "${with_ldap_libdir+set}" = set; then :
+  withval=$with_ldap_libdir; ldaplibdir=$withval
+fi
+
+
+
+# Check whether --with-ldap-libraries was given.
+if test "${with_ldap_libraries+set}" = set; then :
+  withval=$with_ldap_libraries; ldaplibflags="-L$ldaplibdir $withval"
+else
+  ldaplibflags="-L$ldaplibdir -lldap -llber"
+fi
+
+
+ldapinclude="-I$ldapincdir"
+
+ldapbuild=yes
+
+
+
+
+
+
+
+
+VERSION=${NEO_VERSION}
+# Note:  in the following variable, it's important to use the absolute
+# path name of the Tcl directory rather than "..":  this is because
+# AIX remembers this path and will attempt to use it at run-time to look
+# up the Tcl library.
+
+if test "${TCL_LIB_VERSIONS_OK}" = "ok"; then
+    NEO_BUILD_LIB_SPEC="-L`pwd` -lldaptcl${VERSION}"
+    NEO_LIB_SPEC="-L${exec_prefix}/lib -lldaptcl${VERSION}"
+else
+    NEO_BUILD_LIB_SPEC="-L`pwd` -lldaptcl`echo ${VERSION} | tr -d .`"
+    NEO_LIB_SPEC="-L${exec_prefix}/lib -lldaptcl`echo ${VERSION} | tr -d .`"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ac_config_files="$ac_config_files Makefile pkgIndex.tcl"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Transform confdefs.h into DEFS.
+# Protect against shell expansion while executing Makefile rules.
+# Protect against Makefile macro expansion.
+#
+# If the first sed substitution is executed (which looks for macros that
+# take arguments), then branch to the quote section.  Otherwise,
+# look for a macro that doesn't take arguments.
+ac_script='
+:mline
+/\\$/{
+ N
+ s,\\\n,,
+ b mline
+}
+t clear
+:clear
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*([^)]*)\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+b any
+:quote
+s/[	 `~#$^&*(){}\\|;'\''"<>?]/\\&/g
+s/\[/\\&/g
+s/\]/\\&/g
+s/\$/$$/g
+H
+:any
+${
+	g
+	s/^\n//
+	s/\n/ /g
+	p
+}
+'
+DEFS=`sed -n "$ac_script" confdefs.h`
+
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -pR'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -pR'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -pR'
+  fi
+else
+  as_ln_s='cp -pR'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+
+# as_fn_executable_p FILE
+# -----------------------
+# Test if FILE is an executable regular file.
+as_fn_executable_p ()
+{
+  test -f "$1" && test -x "$1"
+} # as_fn_executable_p
+as_test_x='test -x'
+as_executable_p=as_fn_executable_p
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by $as_me, which was
+generated by GNU Autoconf 2.69.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+
+Configuration files:
+$config_files
+
+Report bugs to the package provider."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+config.status
+configured by $0, generated by GNU Autoconf 2.69,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2012 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h |  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "pkgIndex.tcl") CONFIG_FILES="$CONFIG_FILES pkgIndex.tcl" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+
+eval set X "  :F $CONFIG_FILES      "
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+
+
+
+  esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/contrib/ldaptcl/configure.ac b/contrib/ldaptcl/configure.ac
new file mode 100644
index 0000000..f62975d
--- /dev/null
+++ b/contrib/ldaptcl/configure.ac
@@ -0,0 +1,218 @@
+dnl	This file is an input file used by the GNU "autoconf" program to
+dnl	generate the file "configure", which is run during Tk installation
+dnl	to configure the system for the local environment.
+AC_INIT(neoXldap.c)
+# $OpenLDAP$
+
+AC_REVISION([$Id: 16b135293616700c63077e9a1a601681d4442fdd $])
+
+NEO_VERSION=2.0
+NEO_MAJOR_VERSION=2
+NEO_MINOR_VERSION=0
+VERSION=${NEO_VERSION}
+
+if test "${prefix}" = "NONE"; then
+    prefix=/usr/local
+fi
+if test "${exec_prefix}" = "NONE"; then
+    exec_prefix=$prefix
+fi
+
+AC_ARG_ENABLE(gcc, [  --enable-gcc            allow use of gcc if available],
+    [neo_ok=$enableval], [neo_ok=no])
+if test "$neo_ok" = "yes"; then
+    AC_PROG_CC
+else
+    CC=${CC-cc}
+AC_SUBST(CC)
+fi
+
+AC_PROG_INSTALL(install-sh)
+AC_PROG_RANLIB
+
+if test ! -f $exec_prefix/lib/tclConfig.sh
+then
+    AC_MSG_ERROR(Tcl must be installed first)
+fi
+
+. $exec_prefix/lib/tclConfig.sh
+
+if test ! -f $exec_prefix/lib/tclxConfig.sh
+then
+    AC_MSG_ERROR(Extended Tcl must be installed first)
+fi
+. $exec_prefix/lib/tclxConfig.sh
+
+
+#--------------------------------------------------------------------
+#	See if there was a command-line option for where Tk is;  if
+#	not, assume that its top-level directory is a sibling of ours.
+#--------------------------------------------------------------------
+
+AC_ARG_WITH(tk, [  --with-tk=DIR          use Tk 8.0 binaries from DIR],
+	, with_tk=yes)
+
+case "$with_tk" in
+    yes)
+	if test -f $exec_prefix/lib/tkConfig.sh &&
+	   test -f $exec_prefix/lib/tkxConfig.sh
+	then
+	    :
+	else
+	    AC_MSG_ERROR(Tk does not appear to be installed at $exec_prefix)
+	fi
+	;;
+    no) ;;
+    *)  AC_MSG_ERROR(Tk cannot be specified and must be in $exec_prefix)
+	;;
+esac
+
+AC_ARG_WITH(x, [  --without-x            do not build/install ldapwish])
+if test "$with_x" = "no"
+then
+    with_tk=no
+fi
+
+if test "$with_tk" != "no"
+then
+    LDAPWISH=ldapwish
+    . $exec_prefix/lib/tkConfig.sh
+    . $exec_prefix/lib/tkxConfig.sh
+fi
+AC_SUBST(TK_LIBS)
+AC_SUBST(TK_LIB_SPEC)
+AC_SUBST(TK_XINCLUDES)
+AC_SUBST(TK_VERSION)
+AC_SUBST(TKX_LIB_SPEC)
+AC_SUBST(LDAPWISH)
+
+#--------------------------------------------------------------------
+#	Read in configuration information generated by Tcl for shared
+#	libraries, and arrange for it to be substituted into our
+#	Makefile.
+#--------------------------------------------------------------------
+
+CC=$TCL_CC
+SHLIB_CFLAGS=$TCL_SHLIB_CFLAGS
+SHLIB_LD=$TCL_SHLIB_LD
+SHLIB_LD_LIBS=$TCL_SHLIB_LD_LIBS
+SHLIB_SUFFIX=$TCL_SHLIB_SUFFIX
+SHLIB_VERSION=$TCL_SHLIB_VERSION
+DL_LIBS=$TCL_DL_LIBS
+LD_FLAGS=$TCL_LD_FLAGS
+NEO_LD_SEARCH_FLAGS=$TCL_LD_SEARCH_FLAGS
+
+eval "NEO_SHARED_LIB_FILE=libldaptcl${TCL_SHARED_LIB_SUFFIX}"
+eval "NEO_UNSHARED_LIB_FILE=libldaptcl${TCL_UNSHARED_LIB_SUFFIX}"
+
+#--------------------------------------------------------------------
+#	The statements below define a collection of symbols related to
+#	building libldap as a shared library instead of a static library.
+#--------------------------------------------------------------------
+
+# Warning: in order to use the following code for libldap and libdb versions,
+# the VERSION shell variable is modified, and then is restored after.
+
+AC_ARG_ENABLE(shared,
+    [  --enable-shared         build libldaptcl as a shared library],
+    [ok=$enableval], [ok=no])
+if test "$ok" = "yes" && test "${SHLIB_SUFFIX}" != ""; then
+    NEO_SHLIB_CFLAGS="${SHLIB_CFLAGS}"
+    eval "NEO_LIB_FILE=libldaptcl${TCL_SHARED_LIB_SUFFIX}"
+    MAKE_LIB="\${SHLIB_LD} $TCL_LIB_HNAME -o ${NEO_LIB_FILE} \${OBJS} \${LDAP_LIBFLAGS}"
+    RANLIB=":"
+else
+    NEO_SHLIB_CFLAGS=""
+    eval "NEO_LIB_FILE=libldaptcl${TCL_UNSHARED_LIB_SUFFIX}"
+    MAKE_LIB="ar cr ${NEO_LIB_FILE} \${OBJS}"
+fi
+
+AC_ARG_WITH(ldap, [  --with-ldap=<dir>           common parent of ldap include and lib dirs],
+	[neo_ldap=$withval
+	case $withval in
+	    yes) ldapdir=/usr/local
+		 ;;
+	    no)  ;;
+	    *)	 ldapdir=$withval
+		 neo_ldap=yes
+		 ;;
+	esac
+	], [
+	    neo_ldap=yes
+	    ldapdir=/usr/local
+	])
+
+ldapincdir=$ldapdir/include
+AC_ARG_WITH(ldap-incdir, [  --with-ldap-incdir=<dir>    path to ldap.h],
+	[ldapincdir=$withval])
+
+ldaplibdir=$ldapdir/lib
+AC_ARG_WITH(ldap-libdir, [  --with-ldap-libdir=<dir>    path to ldap and lber libs],
+	[ldaplibdir=$withval])
+
+AC_ARG_WITH(ldap-libraries, [  --with-ldap-libflags=<libnames>   -l flags for ldap libraries],
+	[ldaplibflags="-L$ldaplibdir $withval"],
+	[ldaplibflags="-L$ldaplibdir -lldap -llber"])
+
+ldapinclude="-I$ldapincdir"
+
+ldapbuild=yes
+
+AC_SUBST(ldaplibflags)
+AC_SUBST(ldapinclude)
+AC_SUBST(ldapbuild)
+AC_SUBST(ldapdir)
+AC_SUBST(ldapincdir)
+
+
+VERSION=${NEO_VERSION}
+# Note:  in the following variable, it's important to use the absolute
+# path name of the Tcl directory rather than "..":  this is because
+# AIX remembers this path and will attempt to use it at run-time to look
+# up the Tcl library.
+
+if test "${TCL_LIB_VERSIONS_OK}" = "ok"; then
+    NEO_BUILD_LIB_SPEC="-L`pwd` -lldaptcl${VERSION}"
+    NEO_LIB_SPEC="-L${exec_prefix}/lib -lldaptcl${VERSION}"
+else
+    NEO_BUILD_LIB_SPEC="-L`pwd` -lldaptcl`echo ${VERSION} | tr -d .`"
+    NEO_LIB_SPEC="-L${exec_prefix}/lib -lldaptcl`echo ${VERSION} | tr -d .`"
+fi
+
+AC_SUBST(CC)
+AC_SUBST(LIBS)
+AC_SUBST(DL_LIBS)
+AC_SUBST(LD_FLAGS)
+AC_SUBST(MATH_LIBS)
+AC_SUBST(MAKE_LIB)
+AC_SUBST(SHLIB_CFLAGS)
+AC_SUBST(SHLIB_LD)
+AC_SUBST(SHLIB_LD_LIBS)
+AC_SUBST(SHLIB_SUFFIX)
+AC_SUBST(SHLIB_VERSION)
+AC_SUBST(TCLX_TOP_DIR)
+AC_SUBST(TCLX_TCL_DIR)
+AC_SUBST(TCLX_LIB_SPEC)
+AC_SUBST(ITCL_LIB_SPEC)
+AC_SUBST(TCL_LIBS)
+AC_SUBST(TCL_SRC_DIR)
+AC_SUBST(TCL_BIN_DIR)
+AC_SUBST(TCL_LIB_SPEC)
+AC_SUBST(TCL_LD_SEARCH_FLAGS)
+AC_SUBST(TCL_LIB_HNAME)
+AC_SUBST(TCL_SRC_DIR)
+AC_SUBST(TCL_VERSION)
+AC_SUBST(NEO_BUILD_LIB_SPEC)
+AC_SUBST(NEO_LD_SEARCH_FLAGS)
+AC_SUBST(NEO_SHARED_LIB_FILE)
+AC_SUBST(NEO_UNSHARED_LIB_FILE)
+AC_SUBST(NEO_LIB_FILE)
+AC_SUBST(NEO_LIB_SPEC)
+AC_SUBST(NEO_MAJOR_VERSION)
+AC_SUBST(NEO_MINOR_VERSION)
+AC_SUBST(NEO_SHLIB_CFLAGS)
+AC_SUBST(NEO_VERSION)
+dnl AC_SUBST(XINCLUDES)
+dnl AC_SUBST(XLIBSW)
+
+AC_OUTPUT(Makefile pkgIndex.tcl)
diff --git a/contrib/ldaptcl/install-sh b/contrib/ldaptcl/install-sh
new file mode 100755
index 0000000..0ff4b6a
--- /dev/null
+++ b/contrib/ldaptcl/install-sh
@@ -0,0 +1,119 @@
+#!/bin/sh
+
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:  no input file specified"
+	exit 1
+fi
+
+if [ x"$dst" = x ]
+then
+	echo "install:  no destination specified"
+	exit 1
+fi
+
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+if [ -d $dst ]
+then
+	dst="$dst"/`basename $src`
+fi
+
+# Make a temp file name in the proper directory.
+
+dstdir=`dirname $dst`
+dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+$doit $instcmd $src $dsttmp
+
+# and set any options; do chmod last to preserve setuid bits
+
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; fi
+
+# Now rename the file to the real destination.
+
+$doit $rmcmd $dst
+$doit $mvcmd $dsttmp $dst
+
+
+exit 0
diff --git a/contrib/ldaptcl/ldap.n b/contrib/ldaptcl/ldap.n
new file mode 100644
index 0000000..ec75e3d
--- /dev/null
+++ b/contrib/ldaptcl/ldap.n
@@ -0,0 +1,395 @@
+'\"
+'\" Copyright (c) 1998 NeoSoft, Inc.
+'\"
+'\" See the file "license.terms" for information on usage and redistribution
+'\" of this file, and for a DISCLAIMER OF ALL WARRANTIES.
+'\" 
+.so man.macros
+.TH ldap n "" Ldap "Ldap Tcl Extension"
+.BS
+'\" Note:  do not modify the .SH NAME line immediately below!
+.SH NAME
+ldap \- connect to and query an LDAP server
+.SH SYNOPSIS
+\fBldap \fBopen \fR \fIcommand\fR \fIhostlist\fR
+.br
+\fBldap \fBinit \fR \fIcommand\fR \fIhostlist\fR ?protocol_version [2|3]?
+.br
+\fBldap \fBexplode ?-nonames|-list?\fR \fIdn\fR
+.br
+\fIcommand \fBsubcommand \fIoptions ...\fR
+.BE
+
+.SH OVERVIEW
+.PP
+A new command by the name of \fIcommand\fR will be created to access
+the LDAP database at \fIhostlist\fR.  \fIhostlist\fR may contain elements
+of the format \fBhost:port\fR if a port other than the default LDAP port
+of 389 is required.  The LDAP library will attempt to connect to each
+host in turn until it succeeds or exhausts the list.
+.PP
+The \fBexplode\fR form provides a means (via ldap_explode(3)) to explode a DN
+into its component parts.  \fB-nonames\fR strips off the attribute names,
+and -list returns a list suitable for \fBarray set\fR.
+.PP
+Finally, the last form, described in more detail below, refers generically
+to how the command created by the first two examples is used.
+.SH DESCRIPTION
+
+The Lightweight Directory Access Protocol provides TCP/IP access to
+X.500 directory services and/or to a stand-alone LDAP server.
+
+This code provides a Tcl interface to the
+Lightweight Directory Access Protocol package using the Netscape
+Software Development Kit.  It can also be used with the freely
+redistributable University of 
+Michigan (http://www.umich.edu/~rsug/ldap) version by defining the
+UMICH_LDAP macro during compilation.
+
+.SH CONNECTING TO AN LDAP SERVER
+
+To create an ldap interface entity, we use the "ldap" command.
+
+    ldap open foo foo.bar.com
+
+This opens a connection to a LDAP server on foo.bar.com, and makes
+a new Tcl command, foo, through which we will manipulate the interface
+and make queries to the remote LDAP server.
+
+    ldap init foo foo.bar.com
+
+Same as above, foo is created, but for "init", opening the connection is 
+deferred until we actually try to do something.
+
+The init command also allows some optional values to be set for the connection.
+Currently, the only useful option is \fBprotocol_version\fR which take a
+single argument to specify to use LDAP protocol 2 or 3.  This may be required
+when connecting to older LDAP server.
+
+For the purposes of this example, we're going to assume that "foo" is the
+command created by opening a connection using "ldap open".
+
+.SH BINDING
+
+After a connection is made to an LDAP server, an LDAP bind operation must
+be performed before other operations can be attempted over the connection.
+
+Both simple authentication and kerberos authentication are available.
+LDAP version 3 supports many new "SSL"-style authentication and encryption
+systems, which are not currently supported by the OpenLDAP v1.2 server, and
+hence by this interface package.
+
+Currently simple and kerberos-based authentication, are supported.
+
+To use LDAP and still have reasonable security in a networked, 
+Internet/Intranet environment, secure shell can be used to setup
+secure, encrypted connections between client machines and the LDAP
+server, and between all LDAP nodes that might be used.
+
+To perform the LDAP "bind" operation:
+
+    foo bind simple dn password
+
+    foo bind kerberos_ldap
+    foo bind kerberos_dsa
+    foo bind kerberos_both
+
+It either returns nothing (success), or a Tcl error with appropriate error
+text.
+
+For example,
+
+    foo bind simple "cn=Manager,o=NeoSoft Inc,c=us" "secret"
+
+If you attempt to bind with one of the kerberos authentication types
+described above and your LDAP library was not built with KERBEROS
+defined, you will get an unknown auth type error.
+
+To unbind an LDAP connection previously bound with "bind":
+
+    foo unbind
+
+Note that unbinding also deletes the command (\fBfoo\fR in this case).
+Deleting the command has the same affect.
+
+The ability of the library to callback to the client, enabling re-binding
+while following referrals, is not currently supported.
+
+.SH DELETING OBJECTS
+
+To delete an object in the LDAP database, use
+
+    foo delete dn
+
+To rename an object to another relative distinguished name, use
+
+    foo rename_rdn dn rdn
+
+To rename an object to another relative distinguished name, leaving
+the old entry as some kind of attribute (FIX: not sure if this is
+right or how it works)
+
+    foo modify_rdn dn rdn
+
+
+.SH ADDING NEW OBJECTS
+
+    foo add dn attributePairList
+
+This creates a new distinguished name and defines zero or more attributes.
+
+"attributePairList" is a list of key-value pairs, the same as would
+be returned by "array get" if an array had been set up containing the
+key-value pairs.
+
+    foo add "cn=karl, ou=People, o=NeoSoft Inc, c=US" {cn karl ...}
+
+Some directory servers and/or their client SDKs will automatically
+add the leaf attribute value for you.
+
+Here is a more precise description of how an attributePairList looks:
+
+    {cn {karl {Karl Lehenbauer}} telephone 713-968-5800}
+
+Note here that two cn values, "karl" and "Karl Lehenbauer", are added.
+Is it an error to write:
+
+    {cn {Karl Lehenbauer}}
+
+Which adds two cn values, "Karl" and "Lehenbauer", when the intention
+was to give a single cn value of "Karl Lehenbauer".  In real life, one
+finds oneself making prodigous use of the \fBlist\fR command rather than
+typing hard-coded lists.
+
+We have noticed that the Netscape server will automatically add the
+left-most rdn portion of the DN (ie. cn=karl), whereas the University
+of Michigan and OpenLDAP 1.2 versions do not.
+
+.SH ADDING, DELETING, AND REPLACING OBJECT ATTRIBUTES
+
+You can have multiple values for a given attribute in an LDAP object.
+These are represented in search results, through the Tcl interface,
+as a list.
+
+    foo add_attributes dn attributePairList
+
+This adds key-value pairs to an existing DN.  If an attribute being
+added already exists, the new value will be appended to the list.
+If a particular value being added to an attribute already exists in
+the object a Tcl error is raised.
+
+    foo replace_attributes dn attributePairList
+
+This replaces the specified attributes in an existing DN, leaving
+unnamed ones untouched.  Any previous values for the supplied attributes
+(if any) are discarded.
+
+    foo delete_attributes dn attributePairList
+
+This deletes attributes in the list.  If an attribute "foo" has the
+value list {bar snap}, and you delete using the attributePairList "foo bar",
+"foo" will still have "snap".
+
+If you provide an empty string ("") for the value list,
+the entire attribute will be deleted.
+
+In Ldaptcl version 2.0, multiple operations may be combined into a single
+transaction, ie. as in:
+
+    foo add_attributes dn attributePairList replace attributePairList \
+	delete attributePairList
+
+.SH SEARCHING
+
+The Tcl interface to searching takes a control array, which contains
+a couple of mandatory key-value pairs, and can contain a number of
+optional key-value pairs as well, for controlling the search, a
+destination array, into which the specified attributes (or all attributes
+of matching DNs if none are specified) and values are stored.
+
+The "code" part is executed repeatedly, once for each DN matching the
+search criteria.
+
+.nf
+    foo search controlArray destArray code
+
+	Using data in the control array, a search is performed of the
+	LDAP server opened when foo was created.  Possible elements
+	of the control array are enumerated blow.
+
+	controlArray(base) is the DN being searched from. (required)
+
+	controlArray(filter) contains the search criteria. (required)
+
+	controlArray(scope) must be "base", "one_level", or "subtree".
+	    If not specified, scope defaults to "subtree".
+
+	controlArray(deref) must be "never", "search", "find", or "always"
+	    If not specified, deref defaults to "never"
+
+	controlArray(attributes) is a list of attributes to be fetched.
+	    If not specified, all attributes are fetched.
+
+	controlArray(timeout) a timeout value in seconds (may contain
+	    fractional values -- extremely very small values are useful
+	    for forcing timeout conditions to test timeouts).
+.fi
+
+For each matching record, destArray is populated with none,
+some or all attribute-value pairs as determined by the request and
+access control lists on the server.
+
+Note:  There are some additional parameters that can be set, such as
+how long the synchronous version of the routines should wait before
+timing out, the interfaces for which are not available in the current
+version.
+
+.SH COMPARE
+
+    foo compare dn attribute value
+
+Interface to the ldap_compare_s() command.
+Compares the value of \fIattribute\fR in the object at \fIdn\fR to the
+\fIvalue\fR given in the command line.  Returns an error if \fIdn\fR
+does not exist.  Otherwise, a 
+
+.SH CACHING (Note: Netscape clients do not have caching interfaces).
+
+The UMich and OpenLDAP client libraries offers the client application fairly
+fine-grained control of caching of results retrieved from searches, 
+offering significant performance improvement and reduced
+network traffic.
+
+By default, the cache is disabled.
+
+To enable caching of data received from an LDAP connection,
+
+    foo cache enable timeout maxmem
+
+	...where timeout is specified in seconds, and maxmem is the
+	maximum memory to be used for caching, in bytes.
+
+	If maxmem is 0, the cache size is restricted only by the timeout.
+
+    foo cache disable
+
+	...temporarily inhibits use of the cache (while disabled, new requests
+	are not cached and the cache is not checked when returning results).
+
+	Disabling the cache does not delete its contents.
+
+    foo cache destroy
+
+	...turns off caching and completely removes the cache from memory.
+
+    foo cache flush
+
+	...deletes the entire cache contents, but does not affect
+	whether or not the cache is being used.
+
+    foo cache uncache dn
+
+	...removes from the cache all request results that make reference 
+	to the specified DN.
+
+	This should be used, for example, after doing an add_attributes,
+	delete_attributes, or replace_attributes (ldap_modify(3)) 
+	involving the requested DN.  Generally this should not be needed,
+	as the Tcl interface automatically performs this operation on
+	any dn that is modified (add,replace,delete) while caching is
+	enabled.
+
+    foo cache no_errors
+
+	...suppresses caching of any requests that result in an error.
+
+    foo cache size_errors
+
+	...suppresses caching of any requests that result in an error,
+	except for requests resulting in "sizelimit exceeded", which 
+	are cached.  This is the default.
+
+    foo cache all_errors
+
+        ...enables caching of all requests, including those that result
+	in errors.
+
+.SH IMPLEMENTATION DECISIONS
+
+Because we used the new "Tcl object" C interfaces, this package only works
+with Tcl 8.0 or above.
+
+This package interfaces with the University of Michigan LDAP protocol
+package, version 3.3, and OpenLDAP version 1.2, both of which are
+implementations of version 2 of the LDAP protocol.
+
+Although an LDAP client (or server) could be written in native Tcl 8.0,
+as Tcl 8.0 and above can do binary I/O, and Tcl 8 and above have strings 
+that are fully eight-bit clean, for a first implementation, to minimize 
+compatibility problems, we created a C interface to the UMich LDAP library.
+
+A native Tcl implementation would be cool because we could bring the receiving
+of messages into the normal Tcl event loop and run the LDAP interface fully
+asynchronous.
+
+This implementation is blocking, and blocking only.  That is to say that
+the Tcl event loop is frozen while the ldap routines are waiting on data.
+
+This could be fixed either by recoding all of the I/O in the LDAP library
+to use Tcl's I/O system instead, or by simply coding the LDAP interface in
+native Tcl, as mentioned above.
+
+Another advantage of coding in high-level Tcl, of course, is that the
+client would immediately be cross-platform to Windows and the Mac, as
+well as Unix.
+
+Binary data is not currently supported.  It will probably be trivial to 
+add, we just haven't dug into it yet.
+
+
+.SH FOR MORE INFORMATION
+
+This document principally describes how to use our Tcl interface to the 
+LDAP library works.
+
+For more information on LDAP and the University of Michigan LDAP package,
+please visit the website mentioned above.  The package includes substantial
+documentation in the form of UNIX manual pages, a SLAPD/SLURPD guide
+in Adobe Portable Document Format (pdf), and a number of Internet RFCs
+related to LDAP services.
+
+.SH AUTHORS
+It was written by Karl Lehenbauer, of NeoSoft, Inc., in August and
+September of 1997.  Ldap explode, and numerous bug fixes and extensions
+by Randy Kunkee, also of NeoSoft, Inc., in 1998-1999.
+
+.SH KEYWORDS
+element, join, list, separator
+.SH BUGS
+The \fBldap init\fR syntax fails to return anything useful.  Use
+\fBldap open\fR instead.
+
+\fBPackage require Ldaptcl\fR won't work unless the ldap and lber libraries
+are also shared, and ldaptcl.so is itself created with the correct flags
+(eg. -R for Solaris).  In short there's a lot of details to make this part
+work, but it should work out of the box for Solaris.  Other systems may
+require that LD_LIBRARY_PATH or other appropriate environment variables
+be set at build and/or runtime.
+
+An asynchronous interface should be provided with callbacks.
+
+We have never tested Kerberos authentication.
+
+It does not tolerate some illegal operations very well.
+
+It is possible to create empty attributes, ie. attributes which are present
+but have no value.  This is done by deleting the attribute values rather
+than, eg. "foo delete_attributes dn {telephone {}}" which would delete
+the telephone attribute altogether.  A search for presence of the attribute
+may return an object, and yet it may have no value.  This interface presents
+such an object as not having the attribute at all (ie. you cannot tell).
+The Netscape SDK does this for you, so this makes the behavior consistent
+when using UMICH_LDAP.
+
+\--enable-netscape configuration support has not been tested and probably
+has bugs.
diff --git a/contrib/ldaptcl/ldaperr.tcl b/contrib/ldaptcl/ldaperr.tcl
new file mode 100644
index 0000000..e9f8568
--- /dev/null
+++ b/contrib/ldaptcl/ldaperr.tcl
@@ -0,0 +1,54 @@
+#
+# ldaperr.tcl: scan ldap.h for error return codes for initializing
+# errorCode table.
+#
+
+proc genstrings {path} {
+    set fp [open $path]
+    while {[gets $fp line] != -1 &&
+	![string match "#define LDAP_SUCCESS*" $line]} { }
+    puts "/* This file automatically generated, hand edit at your own risk! */"
+    puts -nonewline "char *ldaptclerrorcode\[\] = {
+	NULL"
+    while {[gets $fp line] != -1} {
+	if {[clength $line] == 0 || [ctype space $line]} continue
+	if {[string match *typedef* $line]} break
+	if {![string match #define* $line]} continue
+	if {![string match "#define LDAP_*" $line]} continue
+	if {[string match "*LDAP_RANGE*" $line]} continue
+	if {[string match "*LDAP_API_RESULT*" $line]} continue
+	if {[string match {*\\} $line]} {
+	    append line [gets $fp]
+	}
+	lassign $line define macro value
+	set ldap_errcode($macro) $value
+    }
+    #parray ldap_errcode
+    foreach i [array names ldap_errcode] {
+	set value $ldap_errcode($i)
+	#puts stderr "checking $value"
+	if [regexp {^[A-Z_]} $value] {
+	    if [info exists ldap_errcode($value)] {
+		set value $ldap_errcode($value)
+		set ldap_errcode($i) $value
+	    }
+	}
+	set ldap_errname($value) $i
+    }
+    set lasterr 0
+    foreach value [lsort -integer [array names ldap_errname]] {
+	incr lasterr
+	while {$lasterr < $value} {
+	    puts -nonewline ",\n\tNULL"
+	    incr lasterr
+	}
+	puts -nonewline ",\n\t\"$ldap_errname($value)\""
+    }
+    puts "\n};"
+    puts "#define LDAPTCL_MAXERR\t$value"
+}
+
+#cmdtrace on
+if !$tcl_interactive {
+    genstrings [lindex $argv 0]
+}
diff --git a/contrib/ldaptcl/man.macros b/contrib/ldaptcl/man.macros
new file mode 100644
index 0000000..3af2da9
--- /dev/null
+++ b/contrib/ldaptcl/man.macros
@@ -0,0 +1,236 @@
+'\" The definitions below are for supplemental macros used in Tcl/Tk
+'\" manual entries.
+'\"
+'\" .AP type name in/out ?indent?
+'\"	Start paragraph describing an argument to a library procedure.
+'\"	type is type of argument (int, etc.), in/out is either "in", "out",
+'\"	or "in/out" to describe whether procedure reads or modifies arg,
+'\"	and indent is equivalent to second arg of .IP (shouldn't ever be
+'\"	needed;  use .AS below instead)
+'\"
+'\" .AS ?type? ?name?
+'\"	Give maximum sizes of arguments for setting tab stops.  Type and
+'\"	name are examples of largest possible arguments that will be passed
+'\"	to .AP later.  If args are omitted, default tab stops are used.
+'\"
+'\" .BS
+'\"	Start box enclosure.  From here until next .BE, everything will be
+'\"	enclosed in one large box.
+'\"
+'\" .BE
+'\"	End of box enclosure.
+'\"
+'\" .CS
+'\"	Begin code excerpt.
+'\"
+'\" .CE
+'\"	End code excerpt.
+'\"
+'\" .VS ?version? ?br?
+'\"	Begin vertical sidebar, for use in marking newly-changed parts
+'\"	of man pages.  The first argument is ignored and used for recording
+'\"	the version when the .VS was added, so that the sidebars can be
+'\"	found and removed when they reach a certain age.  If another argument
+'\"	is present, then a line break is forced before starting the sidebar.
+'\"
+'\" .VE
+'\"	End of vertical sidebar.
+'\"
+'\" .DS
+'\"	Begin an indented unfilled display.
+'\"
+'\" .DE
+'\"	End of indented unfilled display.
+'\"
+'\" .SO
+'\"	Start of list of standard options for a Tk widget.  The
+'\"	options follow on successive lines, in four columns separated
+'\"	by tabs.
+'\"
+'\" .SE
+'\"	End of list of standard options for a Tk widget.
+'\"
+'\" .OP cmdName dbName dbClass
+'\"	Start of description of a specific option.  cmdName gives the
+'\"	option's name as specified in the class command, dbName gives
+'\"	the option's name in the option database, and dbClass gives
+'\"	the option's class in the option database.
+'\"
+'\" .UL arg1 arg2
+'\"	Print arg1 underlined, then print arg2 normally.
+'\"
+'\" SCCS: @(#) man.macros 1.9 97/08/22 18:50:59
+'\"
+'\"	# Set up traps and other miscellaneous stuff for Tcl/Tk man pages.
+.if t .wh -1.3i ^B
+.nr ^l \n(.l
+.ad b
+'\"	# Start an argument description
+.de AP
+.ie !"\\$4"" .TP \\$4
+.el \{\
+.   ie !"\\$2"" .TP \\n()Cu
+.   el          .TP 15
+.\}
+.ie !"\\$3"" \{\
+.ta \\n()Au \\n()Bu
+\&\\$1	\\fI\\$2\\fP	(\\$3)
+.\".b
+.\}
+.el \{\
+.br
+.ie !"\\$2"" \{\
+\&\\$1	\\fI\\$2\\fP
+.\}
+.el \{\
+\&\\fI\\$1\\fP
+.\}
+.\}
+..
+'\"	# define tabbing values for .AP
+.de AS
+.nr )A 10n
+.if !"\\$1"" .nr )A \\w'\\$1'u+3n
+.nr )B \\n()Au+15n
+.\"
+.if !"\\$2"" .nr )B \\w'\\$2'u+\\n()Au+3n
+.nr )C \\n()Bu+\\w'(in/out)'u+2n
+..
+.AS Tcl_Interp Tcl_CreateInterp in/out
+'\"	# BS - start boxed text
+'\"	# ^y = starting y location
+'\"	# ^b = 1
+.de BS
+.br
+.mk ^y
+.nr ^b 1u
+.if n .nf
+.if n .ti 0
+.if n \l'\\n(.lu\(ul'
+.if n .fi
+..
+'\"	# BE - end boxed text (draw box now)
+.de BE
+.nf
+.ti 0
+.mk ^t
+.ie n \l'\\n(^lu\(ul'
+.el \{\
+.\"	Draw four-sided box normally, but don't draw top of
+.\"	box if the box started on an earlier page.
+.ie !\\n(^b-1 \{\
+\h'-1.5n'\L'|\\n(^yu-1v'\l'\\n(^lu+3n\(ul'\L'\\n(^tu+1v-\\n(^yu'\l'|0u-1.5n\(ul'
+.\}
+.el \}\
+\h'-1.5n'\L'|\\n(^yu-1v'\h'\\n(^lu+3n'\L'\\n(^tu+1v-\\n(^yu'\l'|0u-1.5n\(ul'
+.\}
+.\}
+.fi
+.br
+.nr ^b 0
+..
+'\"	# VS - start vertical sidebar
+'\"	# ^Y = starting y location
+'\"	# ^v = 1 (for troff;  for nroff this doesn't matter)
+.de VS
+.if !"\\$2"" .br
+.mk ^Y
+.ie n 'mc \s12\(br\s0
+.el .nr ^v 1u
+..
+'\"	# VE - end of vertical sidebar
+.de VE
+.ie n 'mc
+.el \{\
+.ev 2
+.nf
+.ti 0
+.mk ^t
+\h'|\\n(^lu+3n'\L'|\\n(^Yu-1v\(bv'\v'\\n(^tu+1v-\\n(^Yu'\h'-|\\n(^lu+3n'
+.sp -1
+.fi
+.ev
+.\}
+.nr ^v 0
+..
+'\"	# Special macro to handle page bottom:  finish off current
+'\"	# box/sidebar if in box/sidebar mode, then invoked standard
+'\"	# page bottom macro.
+.de ^B
+.ev 2
+'ti 0
+'nf
+.mk ^t
+.if \\n(^b \{\
+.\"	Draw three-sided box if this is the box's first page,
+.\"	draw two sides but no top otherwise.
+.ie !\\n(^b-1 \h'-1.5n'\L'|\\n(^yu-1v'\l'\\n(^lu+3n\(ul'\L'\\n(^tu+1v-\\n(^yu'\h'|0u'\c
+.el \h'-1.5n'\L'|\\n(^yu-1v'\h'\\n(^lu+3n'\L'\\n(^tu+1v-\\n(^yu'\h'|0u'\c
+.\}
+.if \\n(^v \{\
+.nr ^x \\n(^tu+1v-\\n(^Yu
+\kx\h'-\\nxu'\h'|\\n(^lu+3n'\ky\L'-\\n(^xu'\v'\\n(^xu'\h'|0u'\c
+.\}
+.bp
+'fi
+.ev
+.if \\n(^b \{\
+.mk ^y
+.nr ^b 2
+.\}
+.if \\n(^v \{\
+.mk ^Y
+.\}
+..
+'\"	# DS - begin display
+.de DS
+.RS
+.nf
+.sp
+..
+'\"	# DE - end display
+.de DE
+.fi
+.RE
+.sp
+..
+'\"	# SO - start of list of standard options
+.de SO
+.SH "STANDARD OPTIONS"
+.LP
+.nf
+.ta 4c 8c 12c
+.ft B
+..
+'\"	# SE - end of list of standard options
+.de SE
+.fi
+.ft R
+.LP
+See the \\fBoptions\\fR manual entry for details on the standard options.
+..
+'\"	# OP - start of full description for a single option
+.de OP
+.LP
+.nf
+.ta 4c
+Command-Line Name:	\\fB\\$1\\fR
+Database Name:	\\fB\\$2\\fR
+Database Class:	\\fB\\$3\\fR
+.fi
+.IP
+..
+'\"	# CS - begin code excerpt
+.de CS
+.RS
+.nf
+.ta .25i .5i .75i 1i
+..
+'\"	# CE - end code excerpt
+.de CE
+.fi
+.RE
+..
+.de UL
+\\$1\l'|0\(ul'\\$2
+..
diff --git a/contrib/ldaptcl/neoXldap.c b/contrib/ldaptcl/neoXldap.c
new file mode 100644
index 0000000..1adf22d
--- /dev/null
+++ b/contrib/ldaptcl/neoXldap.c
@@ -0,0 +1,1470 @@
+/*
+ * NeoSoft Tcl client extensions to Lightweight Directory Access Protocol.
+ * 
+ * Copyright (c) 1998-1999 NeoSoft, Inc.  
+ * All Rights Reserved.
+ * 
+ * This software may be used, modified, copied, distributed, and sold,
+ * in both source and binary form provided that these copyrights are
+ * retained and their terms are followed.
+ * 
+ * Under no circumstances are the authors or NeoSoft Inc. responsible
+ * for the proper functioning of this software, nor do the authors
+ * assume any liability for damages incurred with its use.
+ * 
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to NeoSoft, Inc.
+ * 
+ * NeoSoft, Inc. may not be used to endorse or promote products derived
+ * from this software without specific prior written permission. This
+ * software is provided ``as is'' without express or implied warranty.
+ * 
+ * Requests for permission may be sent to NeoSoft Inc, 1770 St. James Place,
+ * Suite 500, Houston, TX, 77056.
+ *
+ * $OpenLDAP$
+ *
+ */
+
+/*
+ * This code was originally developed by Karl Lehenbauer to work with
+ * Umich-3.3 LDAP.  It was debugged against the Netscape LDAP server
+ * and their much more reliable SDK, and again backported to the
+ * Umich-3.3 client code.  The UMICH_LDAP define is used to include
+ * code that will work with the Umich-3.3 LDAP, but not with Netscape's
+ * SDK.  OpenLDAP may support some of these, but they have not been tested.
+ * Currently supported by Randy Kunkee (kunkee@OpenLDAP.org).
+ */
+
+/*
+ * Add timeout to controlArray to set timeout for ldap_result.
+ * 4/14/99 - Randy
+ */
+
+#include "tclExtend.h"
+
+#include <lber.h>
+#include <ldap.h>
+#include <string.h>
+#include <sys/time.h>
+#include <math.h>
+
+/*
+ * Macros to do string compares.  They pre-check the first character before
+ * checking of the strings are equal.
+ */
+
+#define STREQU(str1, str2) \
+	(((str1) [0] == (str2) [0]) && (strcmp (str1, str2) == 0))
+#define STRNEQU(str1, str2, n) \
+	(((str1) [0] == (str2) [0]) && (strncmp (str1, str2, n) == 0))
+
+/*
+ * The following section defines some common macros used by the rest
+ * of the code.  It's ugly, and can use some work.  This code was
+ * originally developed to work with Umich-3.3 LDAP.  It was debugged
+ * against the Netscape LDAP server and the much more reliable SDK,
+ * and then again backported to the Umich-3.3 client code.
+ */
+#define OPEN_LDAP 1
+#if defined(OPEN_LDAP)
+       /* LDAP_API_VERSION must be defined per the current draft spec
+       ** it's value will be assigned RFC number.  However, as
+       ** no RFC is defined, it's value is currently implementation
+       ** specific (though I would hope it's value is greater than 1823).
+       ** In OpenLDAP 2.x-devel, its 2000 + the draft number, ie 2002.
+       ** This section is for OPENLDAP.
+       */
+#ifndef LDAP_API_FEATURE_X_OPENLDAP
+#define ldap_memfree(p) free(p)
+#endif
+#ifdef LDAP_OPT_ERROR_NUMBER
+#define ldap_get_lderrno(ld)	(ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &lderrno), lderrno)
+#else
+#define ldap_get_lderrno(ld) (ld->ld_errno)
+#endif
+#define LDAP_ERR_STRING(ld)  \
+	ldap_err2string(ldap_get_lderrno(ld))
+#elif defined( LDAP_OPT_SIZELIMIT )
+       /*
+       ** Netscape SDK w/ ldap_set_option, ldap_get_option
+       */
+#define LDAP_ERR_STRING(ld)  \
+	ldap_err2string(ldap_get_lderrno(ldap))
+#else
+       /* U-Mich/OpenLDAP 1.x API */
+       /* RFC-1823 w/ changes */
+#define UMICH_LDAP 1
+#define ldap_memfree(p) free(p)
+#define ldap_ber_free(p, n) ber_free(p, n)
+#define ldap_value_free_len(bvals) ber_bvecfree(bvals)
+#define ldap_get_lderrno(ld) (ld->ld_errno)
+#define LDAP_ERR_STRING(ld)  \
+	ldap_err2string(ld->ld_errno)
+#endif
+
+typedef struct ldaptclobj {
+    LDAP	*ldap;
+    int		caching;	/* flag 1/0 if caching is enabled */
+    long	timeout;	/* timeout from last cache enable */
+    long	maxmem;		/* maxmem from last cache enable */
+    Tcl_Obj	*trapCmdObj;	/* error handler */
+    int		*traplist;	/* list of errorCodes to trap */
+    int		flags;
+} LDAPTCL;
+
+
+#define LDAPTCL_INTERRCODES	0x001
+
+#include "ldaptclerr.h"
+
+static
+LDAP_SetErrorCode(LDAPTCL *ldaptcl, int code, Tcl_Interp *interp)
+{
+    char shortbuf[16];
+    char *errp;
+    int   lderrno;
+
+    if (code == -1)
+	code = ldap_get_lderrno(ldaptcl->ldap);
+    if ((ldaptcl->flags & LDAPTCL_INTERRCODES) || code > LDAPTCL_MAXERR ||
+      ldaptclerrorcode[code] == NULL) {
+	sprintf(shortbuf, "0x%03x", code);
+	errp = shortbuf;
+    } else
+	errp = ldaptclerrorcode[code];
+
+    Tcl_SetErrorCode(interp, errp, NULL);
+    if (ldaptcl->trapCmdObj) {
+	int *i;
+	Tcl_Obj *cmdObj;
+	if (ldaptcl->traplist != NULL) {
+	    for (i = ldaptcl->traplist; *i && *i != code; i++)
+		;
+	    if (*i == 0) return;
+	}
+	(void) Tcl_EvalObj(interp, ldaptcl->trapCmdObj);
+    }
+}
+
+static
+LDAP_ErrorStringToCode(Tcl_Interp *interp, char *s)
+{
+    int offset;
+    int code;
+
+    offset = (strncasecmp(s, "LDAP_", 5) == 0) ? 0 : 5;
+    for (code = 0; code < LDAPTCL_MAXERR; code++) {
+	if (!ldaptclerrorcode[code]) continue;
+	if (strcasecmp(s, ldaptclerrorcode[code]+offset) == 0)
+	    return code;
+    }
+    Tcl_ResetResult(interp);
+    Tcl_AppendResult(interp, s, " is an invalid code", (char *) NULL);
+    return -1;
+}
+
+/*-----------------------------------------------------------------------------
+ * LDAP_ProcessOneSearchResult --
+ * 
+ *   Process one result return from an LDAP search.
+ *
+ * Parameters:
+ *   o interp -            Tcl interpreter; Errors are returned in result.
+ *   o ldap -              LDAP structure pointer.
+ *   o entry -             LDAP message pointer.
+ *   o destArrayNameObj -  Name of Tcl array in which to store attributes.
+ *   o evalCodeObj -       Tcl_Obj pointer to code to eval against this result.
+ * Returns:
+ *   o TCL_OK if processing succeeded..
+ *   o TCL_ERROR if an error occurred, with error message in interp.
+ *-----------------------------------------------------------------------------
+ */
+int
+LDAP_ProcessOneSearchResult (interp, ldap, entry, destArrayNameObj, evalCodeObj)
+    Tcl_Interp     *interp;
+    LDAP           *ldap;
+    LDAPMessage    *entry;
+    Tcl_Obj        *destArrayNameObj;
+    Tcl_Obj        *evalCodeObj;
+{
+    char           *attributeName;
+    Tcl_Obj        *attributeNameObj;
+    Tcl_Obj        *attributeDataObj;
+    int             i; 
+    BerElement     *ber; 
+    struct berval **bvals;
+    char	   *dn;
+    int		    lderrno;
+
+    Tcl_UnsetVar (interp, Tcl_GetStringFromObj (destArrayNameObj, NULL), 0);
+
+    dn = ldap_get_dn(ldap, entry);
+    if (dn != NULL) {
+	if (Tcl_SetVar2(interp,		/* set dn */
+		       Tcl_GetStringFromObj(destArrayNameObj, NULL),
+		       "dn",
+		       dn,
+		       TCL_LEAVE_ERR_MSG) == NULL)
+	    return TCL_ERROR;
+	ldap_memfree(dn);
+    }
+    attributeNameObj = Tcl_NewObj();
+    Tcl_IncrRefCount (attributeNameObj);
+
+    /* Note that attributeName below is allocated for OL2+ libldap, so it
+       must be freed with ldap_memfree().  Test below is admittedly a hack.
+    */
+
+    for (attributeName = ldap_first_attribute (ldap, entry, &ber); 
+      attributeName != NULL;
+      attributeName = ldap_next_attribute(ldap, entry, ber)) {
+
+	bvals = ldap_get_values_len(ldap, entry, attributeName);
+
+	if (bvals != NULL) {
+	    /* Note here that the U.of.M. ldap will return a null bvals
+	       when the last attribute value has been deleted, but still
+	       retains the attributeName.  Even though this is documented
+	       as an error, we ignore it to present a consistent interface
+	       with Netscape's server
+	    */
+	    attributeDataObj = Tcl_NewObj();
+	    Tcl_SetStringObj(attributeNameObj, attributeName, -1);
+#if LDAP_API_VERSION >= 2004
+	    ldap_memfree(attributeName);	/* free if newer API */
+#endif
+	    for (i = 0; bvals[i] != NULL; i++) {
+		Tcl_Obj *singleAttributeValueObj;
+
+		singleAttributeValueObj = Tcl_NewStringObj(bvals[i]->bv_val, bvals[i]->bv_len);
+		if (Tcl_ListObjAppendElement (interp, 
+					      attributeDataObj, 
+					      singleAttributeValueObj) 
+		  == TCL_ERROR) {
+		    ber_free(ber, 0);
+		    return TCL_ERROR;
+		}
+	    }
+
+	    ldap_value_free_len(bvals);
+
+	    if (Tcl_ObjSetVar2 (interp, 
+				destArrayNameObj,
+				attributeNameObj,
+				attributeDataObj,
+				TCL_LEAVE_ERR_MSG) == NULL) {
+		return TCL_ERROR;
+	    }
+	}
+    }
+    Tcl_DecrRefCount (attributeNameObj);
+    return Tcl_EvalObj (interp, evalCodeObj);
+}
+
+/*-----------------------------------------------------------------------------
+ * LDAP_PerformSearch --
+ * 
+ *   Perform an LDAP search.
+ *
+ * Parameters:
+ *   o interp -            Tcl interpreter; Errors are returned in result.
+ *   o ldap -              LDAP structure pointer.
+ *   o base -              Base DN from which to perform search.
+ *   o scope -             LDAP search scope, must be one of LDAP_SCOPE_BASE,
+ *                         LDAP_SCOPE_ONELEVEL, or LDAP_SCOPE_SUBTREE.
+ *   o attrs -             Pointer to array of char * pointers of desired
+ *                         attribute names, or NULL for all attributes.
+ *   o filtpatt            LDAP filter pattern.
+ *   o value               Value to get sprintf'ed into filter pattern.
+ *   o destArrayNameObj -  Name of Tcl array in which to store attributes.
+ *   o evalCodeObj -       Tcl_Obj pointer to code to eval against this result.
+ * Returns:
+ *   o TCL_OK if processing succeeded..
+ *   o TCL_ERROR if an error occurred, with error message in interp.
+ *-----------------------------------------------------------------------------
+ */
+int 
+LDAP_PerformSearch (interp, ldaptcl, base, scope, attrs, filtpatt, value,
+	destArrayNameObj, evalCodeObj, timeout_p, all, sortattr)
+    Tcl_Interp     *interp;
+    LDAPTCL        *ldaptcl;
+    char           *base;
+    int             scope;
+    char          **attrs;
+    char           *filtpatt;
+    char           *value;
+    Tcl_Obj        *destArrayNameObj;
+    Tcl_Obj        *evalCodeObj;
+    struct timeval *timeout_p;
+    int		    all;
+    char	   *sortattr;
+{
+    LDAP	 *ldap = ldaptcl->ldap;
+    char          filter[BUFSIZ];
+    int           resultCode;
+    int           errorCode;
+    int		  abandon;
+    int		  tclResult = TCL_OK;
+    int		  msgid;
+    LDAPMessage  *resultMessage = 0;
+    LDAPMessage  *entryMessage = 0;
+    char	  *sortKey;
+
+    int		  lderrno;
+
+    sprintf(filter, filtpatt, value);
+
+    fflush(stderr);
+    if ((msgid = ldap_search (ldap, base, scope, filter, attrs, 0)) == -1) {
+	Tcl_AppendResult (interp,
+			        "LDAP start search error: ",
+					LDAP_ERR_STRING(ldap),
+			        (char *)NULL);
+	LDAP_SetErrorCode(ldaptcl, -1, interp);
+	return TCL_ERROR;
+    }
+
+    abandon = 0;
+    if (sortattr)
+	all = 1;
+    tclResult = TCL_OK;
+    while (!abandon) {
+	resultCode = ldap_result (ldap, msgid, all, timeout_p, &resultMessage);
+	if (resultCode != LDAP_RES_SEARCH_RESULT &&
+	    resultCode != LDAP_RES_SEARCH_ENTRY)
+		break;
+
+	if (sortattr) {
+	    sortKey = (strcasecmp(sortattr, "dn") == 0) ? NULL : sortattr;
+	    ldap_sort_entries(ldap, &resultMessage, sortKey, strcasecmp);
+	}
+	entryMessage = ldap_first_entry(ldap, resultMessage);
+
+	while (entryMessage) {
+	    tclResult = LDAP_ProcessOneSearchResult  (interp, 
+				    ldap, 
+				    entryMessage,
+				    destArrayNameObj,
+				    evalCodeObj);
+	    if (tclResult != TCL_OK) {
+		if (tclResult == TCL_CONTINUE) {
+		    tclResult = TCL_OK;
+		} else if (tclResult == TCL_BREAK) {
+		    tclResult = TCL_OK;
+		    abandon = 1;
+		    break;
+		} else if (tclResult == TCL_ERROR) {
+		    char msg[100];
+		    sprintf(msg, "\n    (\"search\" body line %d)",
+			    interp->errorLine);
+		    Tcl_AddObjErrorInfo(interp, msg, -1);
+		    abandon = 1;
+		    break;
+		} else {
+		    abandon = 1;
+		    break;
+		}
+	    }
+	    entryMessage = ldap_next_entry(ldap, entryMessage);
+	}
+	if (resultCode == LDAP_RES_SEARCH_RESULT || all)
+	    break;
+	if (resultMessage)
+ 	ldap_msgfree(resultMessage);
+	resultMessage = NULL;
+    }
+    if (abandon) {
+	if (resultMessage)
+	    ldap_msgfree(resultMessage);
+	if (resultCode == LDAP_RES_SEARCH_ENTRY)
+	    ldap_abandon(ldap, msgid);
+	return tclResult;
+    }
+    if (resultCode == -1) {
+	Tcl_ResetResult (interp);
+	Tcl_AppendResult (interp,
+				"LDAP result search error: ",
+				LDAP_ERR_STRING(ldap),
+				(char *)NULL);
+	LDAP_SetErrorCode(ldaptcl, -1, interp);
+	return TCL_ERROR;
+    }
+
+    if ((errorCode = ldap_result2error (ldap, resultMessage, 0))
+      != LDAP_SUCCESS) {
+      Tcl_ResetResult (interp);
+      Tcl_AppendResult (interp,
+			      "LDAP search error: ",
+			      ldap_err2string(errorCode),
+			      (char *)NULL);
+      if (resultMessage)
+	  ldap_msgfree(resultMessage);
+      LDAP_SetErrorCode(ldaptcl, errorCode, interp);
+      return TCL_ERROR;
+    }
+    if (resultMessage)
+	ldap_msgfree(resultMessage);
+    return tclResult;
+}
+
+/*-----------------------------------------------------------------------------
+ * NeoX_LdapTargetObjCmd --
+ *  
+ * Implements the body of commands created by Neo_LdapObjCmd.
+ *  
+ * Results:
+ *      A standard Tcl result.
+ *      
+ * Side effects:
+ *      See the user documentation.
+ *-----------------------------------------------------------------------------
+ */     
+int
+NeoX_LdapTargetObjCmd (clientData, interp, objc, objv)
+    ClientData    clientData;
+    Tcl_Interp   *interp;
+    int           objc;
+    Tcl_Obj      *CONST objv[];
+{
+    char         *command;
+    char         *subCommand;
+    LDAPTCL      *ldaptcl = (LDAPTCL *)clientData;
+    LDAP         *ldap = ldaptcl->ldap;
+    char         *dn;
+    int           is_add = 0;
+    int           is_add_or_modify = 0;
+    int           mod_op = 0;
+    char	 *m, *s, *errmsg;
+    int		 errcode;
+    int		 tclResult;
+    int		 lderrno;	/* might be used by LDAP_ERR_STRING macro */
+
+    Tcl_Obj      *resultObj = Tcl_GetObjResult (interp);
+
+    if (objc < 2) {
+	Tcl_WrongNumArgs (interp, 1, objv, "subcommand [args...]");
+	return TCL_ERROR;
+    }
+
+    command = Tcl_GetStringFromObj (objv[0], NULL);
+    subCommand = Tcl_GetStringFromObj (objv[1], NULL);
+
+    /* object bind authtype name password */
+    if (STREQU (subCommand, "bind")) {
+	char     *binddn;
+	char     *passwd;
+	int       stringLength;
+	char     *ldap_authString;
+	int       ldap_authInt;
+
+	if (objc != 5) {
+	    Tcl_WrongNumArgs (interp, 2, objv, "authtype dn passwd");
+	    return TCL_ERROR;
+	}
+
+	ldap_authString = Tcl_GetStringFromObj (objv[2], NULL);
+
+	if (STREQU (ldap_authString, "simple")) {
+	    ldap_authInt = LDAP_AUTH_SIMPLE;
+	}
+#ifdef UMICH_LDAP
+	else if (STREQU (ldap_authString, "kerberos_ldap")) {
+	    ldap_authInt = LDAP_AUTH_KRBV41;
+	} else if (STREQU (ldap_authString, "kerberos_dsa")) {
+	    ldap_authInt = LDAP_AUTH_KRBV42;
+	} else if (STREQU (ldap_authString, "kerberos_both")) {
+	    ldap_authInt = LDAP_AUTH_KRBV4;
+	}
+#endif
+	else {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "\"",
+				    command,
+				    " ",
+				    subCommand, 
+#ifdef UMICH_LDAP
+				    "\" authtype must be one of \"simple\", ",
+				    "\"kerberos_ldap\", \"kerberos_dsa\" ",
+				    "or \"kerberos_both\"",
+#else
+				    "\" authtype must be \"simple\", ",
+#endif
+				    (char *)NULL);
+	    return TCL_ERROR;
+	}
+
+	binddn = Tcl_GetStringFromObj (objv[3], &stringLength);
+	if (stringLength == 0)
+	    binddn = NULL;
+
+	passwd = Tcl_GetStringFromObj (objv[4], &stringLength);
+	if (stringLength == 0)
+	    passwd = NULL;
+
+/*  ldap_bind_s(ldap, dn, pw, method) */
+
+#ifdef UMICH_LDAP
+#define LDAP_BIND(ldap, dn, pw, method) \
+  ldap_bind_s(ldap, dn, pw, method)
+#else
+#define LDAP_BIND(ldap, dn, pw, method) \
+  ldap_simple_bind_s(ldap, dn, pw)
+#endif
+	if ((errcode = LDAP_BIND (ldap, 
+			 binddn, 
+			 passwd, 
+			 ldap_authInt)) != LDAP_SUCCESS) {
+
+	    Tcl_AppendStringsToObj (resultObj,
+			            "LDAP bind error: ",
+				    ldap_err2string(errcode),
+				    (char *)NULL);
+	    LDAP_SetErrorCode(ldaptcl, errcode, interp);
+	    return TCL_ERROR;
+	}
+	return TCL_OK;
+    }
+
+    if (STREQU (subCommand, "unbind")) {
+	if (objc != 2) {
+	    Tcl_WrongNumArgs (interp, 2, objv, "");
+	    return TCL_ERROR;
+	}
+
+       return Tcl_DeleteCommand(interp, Tcl_GetStringFromObj(objv[0], NULL));
+    }
+
+    /* object delete dn */
+    if (STREQU (subCommand, "delete")) {
+	if (objc != 3) {
+	    Tcl_WrongNumArgs (interp, 2, objv, "dn");
+	    return TCL_ERROR;
+	}
+
+       dn = Tcl_GetStringFromObj (objv [2], NULL);
+       if ((errcode = ldap_delete_s(ldap, dn)) != LDAP_SUCCESS) {
+	   Tcl_AppendStringsToObj (resultObj,
+			           "LDAP delete error: ",
+				   ldap_err2string(errcode),
+				   (char *)NULL);
+	   LDAP_SetErrorCode(ldaptcl, errcode, interp);
+	   return TCL_ERROR;
+       }
+       return TCL_OK;
+    }
+
+    /* object rename_rdn dn rdn */
+    /* object modify_rdn dn rdn */
+    if (STREQU (subCommand, "rename_rdn") || STREQU (subCommand, "modify_rdn")) {
+	char    *rdn;
+	int      deleteOldRdn;
+
+	if (objc != 4) {
+	    Tcl_WrongNumArgs (interp, 2, objv, "dn rdn");
+	    return TCL_ERROR;
+	}
+
+	dn = Tcl_GetStringFromObj (objv [2], NULL);
+	rdn = Tcl_GetStringFromObj (objv [3], NULL);
+
+	deleteOldRdn = (*subCommand == 'r');
+
+	if ((errcode = ldap_modrdn2_s (ldap, dn, rdn, deleteOldRdn)) != LDAP_SUCCESS) {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "LDAP ",
+				    subCommand,
+				    " error: ",
+				    ldap_err2string(errcode),
+				    (char *)NULL);
+	    LDAP_SetErrorCode(ldaptcl, errcode, interp);
+	    return TCL_ERROR;
+	}
+	return TCL_OK;
+    }
+
+    /* object add dn attributePairList */
+    /* object add_attributes dn attributePairList */
+    /* object replace_attributes dn attributePairList */
+    /* object delete_attributes dn attributePairList */
+
+    if (STREQU (subCommand, "add")) {
+	is_add = 1;
+	is_add_or_modify = 1;
+    } else {
+	is_add = 0;
+	if (STREQU (subCommand, "add_attributes")) {
+	    is_add_or_modify = 1;
+	    mod_op = LDAP_MOD_ADD;
+	} else if (STREQU (subCommand, "replace_attributes")) {
+	    is_add_or_modify = 1;
+	    mod_op = LDAP_MOD_REPLACE;
+	} else if (STREQU (subCommand, "delete_attributes")) {
+	    is_add_or_modify = 1;
+	    mod_op = LDAP_MOD_DELETE;
+	}
+    }
+
+    if (is_add_or_modify) {
+	int          result;
+	LDAPMod    **modArray;
+	LDAPMod     *mod;
+	char       **valPtrs = NULL;
+	int          attribObjc;
+	Tcl_Obj    **attribObjv;
+	int          valuesObjc;
+	Tcl_Obj    **valuesObjv;
+	int          nPairs, allPairs;
+	int          i;
+	int          j;
+	int	     pairIndex;
+	int	     modIndex;
+
+	Tcl_Obj      *resultObj = Tcl_GetObjResult (interp);
+
+	if (objc < 4 || objc > 4 && is_add || is_add == 0 && objc&1) {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "wrong # args: ",
+				    Tcl_GetStringFromObj (objv [0], NULL),
+				    " ",
+				    subCommand,
+				    " dn attributePairList",
+				    (char *)NULL);
+	    if (!is_add)
+		Tcl_AppendStringsToObj (resultObj,
+		    " ?[add|delete|replace] attributePairList ...?", (char *)NULL);
+	    return TCL_ERROR;
+	}
+
+	dn = Tcl_GetStringFromObj (objv [2], NULL);
+
+	allPairs = 0;
+	for (i = 3; i < objc; i += 2) {
+	    if (Tcl_ListObjLength (interp, objv[i], &j) == TCL_ERROR)
+		return TCL_ERROR;
+	    if (j & 1) {
+		Tcl_AppendStringsToObj (resultObj,
+					"attribute list does not contain an ",
+					"even number of key-value elements",
+					(char *)NULL);
+		return TCL_ERROR;
+	    }
+	    allPairs += j / 2;
+	}
+
+	modArray = (LDAPMod **)malloc (sizeof(LDAPMod *) * (allPairs + 1));
+
+	pairIndex = 3;
+	modIndex = 0;
+
+	do {
+
+	if (Tcl_ListObjGetElements (interp, objv [pairIndex], &attribObjc, &attribObjv)
+	  == TCL_ERROR) {
+	   mod_op = -1;
+	   goto badop;
+	}
+
+	nPairs = attribObjc / 2;
+
+	for (i = 0; i < nPairs; i++) {
+	    mod = modArray[modIndex++] = (LDAPMod *) malloc (sizeof(LDAPMod));
+	    mod->mod_op = mod_op;
+	    mod->mod_type = Tcl_GetStringFromObj (attribObjv [i * 2], NULL);
+
+	    if (Tcl_ListObjGetElements (interp, attribObjv [i * 2 + 1], &valuesObjc, &valuesObjv) == TCL_ERROR) {
+		/* FIX: cleanup memory here */
+		mod_op = -1;
+		goto badop;
+	    }
+
+	    valPtrs = mod->mod_vals.modv_strvals = \
+	        (char **)malloc (sizeof (char *) * (valuesObjc + 1));
+	    valPtrs[valuesObjc] = (char *)NULL;
+
+	    for (j = 0; j < valuesObjc; j++) {
+		valPtrs [j] = Tcl_GetStringFromObj (valuesObjv[j], NULL);
+
+		/* If it's "delete" and value is an empty string, make
+		 * value be NULL to indicate entire attribute is to be 
+		 * deleted */
+		if ((*valPtrs [j] == '\0') 
+		    && (mod->mod_op == LDAP_MOD_DELETE || mod->mod_op == LDAP_MOD_REPLACE)) {
+			valPtrs [j] = NULL;
+		}
+	    }
+	}
+
+	pairIndex += 2;
+	if (mod_op != -1 && pairIndex < objc) {
+	    subCommand = Tcl_GetStringFromObj (objv[pairIndex - 1], NULL);
+	    mod_op = -1;
+	    if (STREQU (subCommand, "add")) {
+		mod_op = LDAP_MOD_ADD;
+	    } else if (STREQU (subCommand, "replace")) {
+		mod_op = LDAP_MOD_REPLACE;
+	    } else if (STREQU (subCommand, "delete")) {
+		mod_op = LDAP_MOD_DELETE;
+	    }
+	    if (mod_op == -1) {
+		Tcl_SetStringObj (resultObj,
+			"Additional operators must be one of"
+			" add, replace, or delete", -1);
+		mod_op = -1;
+		goto badop;
+	    }
+	}
+
+	} while (mod_op != -1 && pairIndex < objc);
+	modArray[modIndex] = (LDAPMod *) NULL;
+
+	if (is_add) {
+	    result = ldap_add_s (ldap, dn, modArray);
+	} else {
+	    result = ldap_modify_s (ldap, dn, modArray);
+	    if (ldaptcl->caching)
+		ldap_uncache_entry (ldap, dn);
+	}
+
+        /* free the modArray elements, then the modArray itself. */
+badop:
+	for (i = 0; i < modIndex; i++) {
+	    free ((char *) modArray[i]->mod_vals.modv_strvals);
+	    free ((char *) modArray[i]);
+	}
+	free ((char *) modArray);
+
+	/* after modArray is allocated, mod_op = -1 upon error for cleanup */
+	if (mod_op == -1)
+	    return TCL_ERROR;
+
+	/* FIX: memory cleanup required all over the place here */
+        if (result != LDAP_SUCCESS) {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "LDAP ",
+				    subCommand,
+				    " error: ",
+				    ldap_err2string(result),
+				    (char *)NULL);
+	    LDAP_SetErrorCode(ldaptcl, result, interp);
+	    return TCL_ERROR;
+	}
+	return TCL_OK;
+    }
+
+    /* object search controlArray dn pattern */
+    if (STREQU (subCommand, "search")) {
+	char        *controlArrayName;
+	Tcl_Obj     *controlArrayNameObj;
+
+	char        *scopeString;
+	int          scope;
+
+	char        *derefString;
+	int          deref;
+
+	char        *baseString;
+
+	char       **attributesArray;
+	char        *attributesString;
+	int          attributesArgc;
+
+	char        *filterPatternString;
+
+	char	    *timeoutString;
+	double 	     timeoutTime;
+	struct timeval timeout, *timeout_p;
+
+	char	    *paramString;
+	int	     cacheThis = -1;
+	int	     all = 0;
+
+	char	    *sortattr;
+
+	Tcl_Obj     *destArrayNameObj;
+	Tcl_Obj     *evalCodeObj;
+
+	if (objc != 5) {
+	    Tcl_WrongNumArgs (interp, 2, objv,
+				   "controlArray destArray code");
+	    return TCL_ERROR;
+	}
+
+        controlArrayNameObj = objv [2];
+	controlArrayName = Tcl_GetStringFromObj (controlArrayNameObj, NULL);
+
+	destArrayNameObj = objv [3];
+
+	evalCodeObj = objv [4];
+
+	baseString = Tcl_GetVar2 (interp, 
+				  controlArrayName, 
+				  "base",
+				  0);
+
+	if (baseString == (char *)NULL) {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "required element \"base\" ",
+				    "is missing from ldap control array \"",
+				    controlArrayName,
+				    "\"",
+				    (char *)NULL);
+	    return TCL_ERROR;
+	}
+
+	filterPatternString = Tcl_GetVar2 (interp,
+				           controlArrayName,
+				           "filter",
+				           0);
+	if (filterPatternString == (char *)NULL) {
+	    filterPatternString = "(objectclass=*)";
+	}
+
+	/* Fetch scope setting from control array.
+	 * If it doesn't exist, default to subtree scoping.
+	 */
+	scopeString = Tcl_GetVar2 (interp, controlArrayName, "scope", 0);
+	if (scopeString == NULL) {
+	    scope = LDAP_SCOPE_SUBTREE;
+	} else {
+	    if (STREQU(scopeString, "base")) 
+		scope = LDAP_SCOPE_BASE;
+	    else if (STRNEQU(scopeString, "one", 3))
+		scope = LDAP_SCOPE_ONELEVEL;
+	    else if (STRNEQU(scopeString, "sub", 3))
+		scope = LDAP_SCOPE_SUBTREE;
+	    else {
+		Tcl_AppendStringsToObj (resultObj,
+				        "\"scope\" element of \"",
+				        controlArrayName,
+				        "\" array is not one of ",
+				        "\"base\", \"onelevel\", ",
+					"or \"subtree\"",
+				      (char *) NULL);
+		return TCL_ERROR;
+	    }
+	}
+
+#ifdef LDAP_OPT_DEREF				      
+	/* Fetch dereference control setting from control array.
+	 * If it doesn't exist, default to never dereference. */
+	derefString = Tcl_GetVar2 (interp,
+				   controlArrayName,
+				   "deref",
+				   0);
+	if (derefString == (char *)NULL) {
+	    deref = LDAP_DEREF_NEVER;
+	} else {
+	    if (STREQU(derefString, "never"))
+		deref = LDAP_DEREF_NEVER;
+	    else if (STREQU(derefString, "search"))
+		deref = LDAP_DEREF_SEARCHING;
+	    else if (STREQU(derefString, "find"))
+		deref = LDAP_DEREF_FINDING;
+	    else if (STREQU(derefString, "always"))
+		deref = LDAP_DEREF_ALWAYS;
+	    else {
+		Tcl_AppendStringsToObj (resultObj,
+				        "\"deref\" element of \"",
+				        controlArrayName,
+				        "\" array is not one of ",
+				        "\"never\", \"search\", \"find\", ",
+				        "or \"always\"",
+				        (char *) NULL);
+		return TCL_ERROR;
+	    }
+	}
+#endif
+
+	/* Fetch list of attribute names from control array.
+	 * If entry doesn't exist, default to NULL (all).
+	 */
+	attributesString = Tcl_GetVar2 (interp,
+				        controlArrayName,
+				        "attributes", 
+				        0);
+	if (attributesString == (char *)NULL) {
+	    attributesArray = NULL;
+	} else {
+	    if ((Tcl_SplitList (interp, 
+				attributesString,
+				&attributesArgc, 
+				&attributesArray)) != TCL_OK) {
+		return TCL_ERROR;
+	    }
+	}
+
+	/* Fetch timeout value if there is one
+	 */
+	timeoutString = Tcl_GetVar2 (interp,
+				        controlArrayName,
+				        "timeout", 
+				        0);
+	timeout.tv_usec = 0;
+	if (timeoutString == (char *)NULL) {
+	    timeout_p = NULL;
+	    timeout.tv_sec = 0;
+	} else {
+	    if (Tcl_GetDouble(interp, timeoutString, &timeoutTime) != TCL_OK)
+		return TCL_ERROR;
+	    timeout.tv_sec = floor(timeoutTime);
+	    timeout.tv_usec = (timeoutTime-timeout.tv_sec) * 1000000;
+	    timeout_p = &timeout;
+	}
+
+	paramString = Tcl_GetVar2 (interp, controlArrayName, "cache", 0);
+	if (paramString) {
+	    if (Tcl_GetInt(interp, paramString, &cacheThis) == TCL_ERROR)
+		return TCL_ERROR;
+	}
+
+	paramString = Tcl_GetVar2 (interp, controlArrayName, "all", 0);
+	if (paramString) {
+	    if (Tcl_GetInt(interp, paramString, &all) == TCL_ERROR)
+		return TCL_ERROR;
+	}
+
+	sortattr = Tcl_GetVar2 (interp, controlArrayName, "sort", 0);
+
+#ifdef UMICH_LDAP
+	ldap->ld_deref = deref; 
+	ldap->ld_timelimit = 0;
+	ldap->ld_sizelimit = 0; 
+	ldap->ld_options = 0;
+#endif
+
+	/* Caching control within the search: if the "cache" control array */
+	/* value is set, disable/enable caching accordingly */
+
+#if 0
+	if (cacheThis >= 0 && ldaptcl->caching != cacheThis) {
+	    if (cacheThis) {
+		if (ldaptcl->timeout == 0) {
+		    Tcl_SetStringObj(resultObj, "Caching never before enabled, I have no timeout value to use", -1);
+		    return TCL_ERROR;
+		}
+		ldap_enable_cache(ldap, ldaptcl->timeout, ldaptcl->maxmem);
+	    }
+	    else
+		ldap_disable_cache(ldap);
+	}
+#endif
+
+#ifdef LDAP_OPT_DEREF
+	ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
+#endif
+
+	tclResult = LDAP_PerformSearch (interp, 
+			            ldaptcl, 
+			            baseString, 
+			            scope, 
+			            attributesArray, 
+			            filterPatternString, 
+			            "",
+			            destArrayNameObj,
+			            evalCodeObj,
+				    timeout_p,
+				    all,
+				    sortattr);
+	/* Following the search, if we changed the caching behavior, change */
+	/* it back. */
+#if 0
+	if (cacheThis >= 0 && ldaptcl->caching != cacheThis) {
+	    if (cacheThis)
+		ldap_disable_cache(ldap);
+	    else
+		ldap_enable_cache(ldap, ldaptcl->timeout, ldaptcl->maxmem);
+	}
+#ifdef LDAP_OPT_DEREF
+	deref = LDAP_DEREF_NEVER;
+	ldap_set_option(ldap, LDAP_OPT_DEREF, &deref);
+#endif
+#endif
+	return tclResult;
+    }
+
+    /* object compare dn attr value */
+    if (STREQU (subCommand, "compare")) {
+	char        *dn;
+	char	    *attr;
+	char	    *value;
+	int	     result;
+	int	     lderrno;
+
+	if (objc != 5) {
+	    Tcl_WrongNumArgs (interp, 
+				   2, objv,
+				   "dn attribute value");
+	    return TCL_ERROR;
+	}
+
+	dn = Tcl_GetStringFromObj (objv[2], NULL);
+	attr = Tcl_GetStringFromObj (objv[3], NULL);
+	value = Tcl_GetStringFromObj (objv[4], NULL);
+	
+	result = ldap_compare_s (ldap, dn, attr, value);
+	if (result == LDAP_COMPARE_TRUE || result == LDAP_COMPARE_FALSE) {
+	    Tcl_SetBooleanObj(resultObj, result == LDAP_COMPARE_TRUE);
+	    return TCL_OK;
+	}
+	LDAP_SetErrorCode(ldaptcl, result, interp);
+	Tcl_AppendStringsToObj (resultObj,
+				"LDAP compare error: ",
+				LDAP_ERR_STRING(ldap),
+				(char *)NULL);
+	return TCL_ERROR;
+    }
+
+    if (STREQU (subCommand, "cache")) {
+#if defined(UMICH_LDAP) || (defined(OPEN_LDAP) && !defined(LDAP_API_VERSION))
+	char *cacheCommand;
+
+	if (objc < 3) {
+	  badargs:
+	    Tcl_WrongNumArgs (interp, 2, objv [0], "command [args...]");
+	    return TCL_ERROR;
+	}
+
+	cacheCommand = Tcl_GetStringFromObj (objv [2], NULL);
+
+	if (STREQU (cacheCommand, "uncache")) {
+	    char *dn;
+
+	    if (objc != 4) {
+		Tcl_WrongNumArgs (interp, 
+				       3, objv,
+				       "dn");
+		return TCL_ERROR;
+	    }
+
+            dn = Tcl_GetStringFromObj (objv [3], NULL);
+	    ldap_uncache_entry (ldap, dn);
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "enable")) {
+	    long   timeout = ldaptcl->timeout;
+	    long   maxmem = ldaptcl->maxmem;
+
+	    if (objc > 5) {
+		Tcl_WrongNumArgs (interp, 3, objv, "?timeout? ?maxmem?");
+		return TCL_ERROR;
+	    }
+
+	    if (objc > 3) {
+		if (Tcl_GetLongFromObj (interp, objv [3], &timeout) == TCL_ERROR)
+		    return TCL_ERROR;
+	    }
+	    if (timeout == 0) {
+		Tcl_SetStringObj(resultObj,
+		    objc > 3 ? "timeouts must be greater than 0" : 
+		    "no previous timeout to reference", -1);
+		return TCL_ERROR;
+	    }
+
+	    if (objc > 4)
+		if (Tcl_GetLongFromObj (interp, objv [4], &maxmem) == TCL_ERROR)
+		    return TCL_ERROR;
+
+	    if (ldap_enable_cache (ldap, timeout, maxmem) == -1) {
+		Tcl_AppendStringsToObj (resultObj,
+					"LDAP cache enable error: ",
+					LDAP_ERR_STRING(ldap),
+					(char *)NULL);
+		LDAP_SetErrorCode(ldaptcl, -1, interp);
+		return TCL_ERROR;
+	    }
+	    ldaptcl->caching = 1;
+	    ldaptcl->timeout = timeout;
+	    ldaptcl->maxmem = maxmem;
+	    return TCL_OK;
+	}
+
+	if (objc != 3) goto badargs;
+
+	if (STREQU (cacheCommand, "disable")) {
+	    ldap_disable_cache (ldap);
+	    ldaptcl->caching = 0;
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "destroy")) {
+	    ldap_destroy_cache (ldap);
+	    ldaptcl->caching = 0;
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "flush")) {
+	    ldap_flush_cache (ldap);
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "no_errors")) {
+	    ldap_set_cache_options (ldap, LDAP_CACHE_OPT_CACHENOERRS);
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "all_errors")) {
+	    ldap_set_cache_options (ldap, LDAP_CACHE_OPT_CACHEALLERRS);
+	    return TCL_OK;
+	}
+
+	if (STREQU (cacheCommand, "size_errors")) {
+	    ldap_set_cache_options (ldap, 0);
+	    return TCL_OK;
+	}
+	Tcl_AppendStringsToObj (resultObj,
+				"\"",
+				command,
+				" ",
+				subCommand, 
+				"\" subcommand", 
+				" must be one of \"enable\", ",
+				"\"disable\", ",
+				"\"destroy\", \"flush\", \"uncache\", ",
+				"\"no_errors\", \"size_errors\",",
+				" or \"all_errors\"",
+				(char *)NULL);
+	return TCL_ERROR;
+#else
+	return TCL_OK;
+#endif
+    }
+    if (STREQU (subCommand, "trap")) {
+	Tcl_Obj *listObj, *resultObj;
+	int *p, l, i, code;
+
+	if (objc > 4) {
+	    Tcl_WrongNumArgs (interp, 2, objv,
+				   "command ?errorCode-list?");
+	    return TCL_ERROR;
+	}
+	if (objc == 2) {
+	    if (!ldaptcl->trapCmdObj)
+		return TCL_OK;
+	    resultObj = Tcl_NewListObj(0, NULL);
+	    Tcl_ListObjAppendElement(interp, resultObj, ldaptcl->trapCmdObj);
+	    if (ldaptcl->traplist) {
+		listObj = Tcl_NewObj();
+		for (p = ldaptcl->traplist; *p; p++) {
+		    Tcl_ListObjAppendElement(interp, listObj, 
+			Tcl_NewStringObj(ldaptclerrorcode[*p], -1));
+		}
+		Tcl_ListObjAppendElement(interp, resultObj, listObj);
+	    }
+	    Tcl_SetObjResult(interp, resultObj);
+	    return TCL_OK;
+	}
+	if (ldaptcl->trapCmdObj) {
+	    Tcl_DecrRefCount (ldaptcl->trapCmdObj);
+	    ldaptcl->trapCmdObj = NULL;
+	}
+	if (ldaptcl->traplist) {
+	    free(ldaptcl->traplist);
+	    ldaptcl->traplist = NULL;
+	}
+	Tcl_GetStringFromObj(objv[2], &l);
+	if (l == 0)
+	    return TCL_OK;		/* just turn off trap */
+	ldaptcl->trapCmdObj = objv[2];
+	Tcl_IncrRefCount (ldaptcl->trapCmdObj);
+	if (objc < 4)
+	    return TCL_OK;		/* no code list */
+	if (Tcl_ListObjLength(interp, objv[3], &l) != TCL_OK)
+	    return TCL_ERROR;
+	if (l == 0)
+	    return TCL_OK;		/* empty code list */
+	ldaptcl->traplist = (int*)malloc(sizeof(int) * (l + 1));
+	ldaptcl->traplist[l] = 0;
+	for (i = 0; i < l; i++) {
+	    Tcl_ListObjIndex(interp, objv[3], i, &resultObj);
+	    code = LDAP_ErrorStringToCode(interp, Tcl_GetStringFromObj(resultObj, NULL));
+	    if (code == -1) {
+		free(ldaptcl->traplist);
+		ldaptcl->traplist = NULL;
+		return TCL_ERROR;
+	    }
+	    ldaptcl->traplist[i] = code;
+	}
+	return TCL_OK;
+    }
+    if (STREQU (subCommand, "trapcodes")) {
+	int code;
+	Tcl_Obj *resultObj;
+	Tcl_Obj *stringObj;
+	resultObj = Tcl_GetObjResult(interp);
+
+	for (code = 0; code < LDAPTCL_MAXERR; code++) {
+	    if (!ldaptclerrorcode[code]) continue;
+	    Tcl_ListObjAppendElement(interp, resultObj,
+			Tcl_NewStringObj(ldaptclerrorcode[code], -1));
+	}
+	return TCL_OK;
+    }
+#ifdef LDAP_DEBUG
+    if (STREQU (subCommand, "debug")) {
+	if (objc != 3) {
+	    Tcl_AppendStringsToObj(resultObj, "Wrong # of arguments",
+		(char*)NULL);
+	    return TCL_ERROR;
+	}
+	return Tcl_GetIntFromObj(interp, objv[2], &ldap_debug);
+    }
+#endif
+
+    /* FIX: this needs to enumerate all the possibilities */
+    Tcl_AppendStringsToObj (resultObj,
+	                    "subcommand \"", 
+			    subCommand, 
+			    "\" must be one of \"add\", ",
+			    "\"add_attributes\", ",
+			    "\"bind\", \"cache\", \"delete\", ",
+			    "\"delete_attributes\", \"modify\", ",
+			    "\"modify_rdn\", \"rename_rdn\", ",
+			    "\"replace_attributes\", ",
+			    "\"search\" or \"unbind\".",
+	                    (char *)NULL);
+    return TCL_ERROR;
+}
+
+/* 
+ * Delete and LDAP command object
+ *
+ */
+static void
+NeoX_LdapObjDeleteCmd(clientData)
+    ClientData    clientData;
+{
+    LDAPTCL      *ldaptcl = (LDAPTCL *)clientData;
+    LDAP         *ldap = ldaptcl->ldap;
+
+    if (ldaptcl->trapCmdObj)
+	Tcl_DecrRefCount (ldaptcl->trapCmdObj);
+    if (ldaptcl->traplist)
+	free(ldaptcl->traplist);
+    ldap_unbind(ldap);
+    free((char*) ldaptcl);
+}
+
+/*-----------------------------------------------------------------------------
+ * NeoX_LdapObjCmd --
+ *  
+ * Implements the `ldap' command:
+ *    ldap open newObjName host [port]
+ *    ldap init newObjName host [port]
+ *  
+ * Results:
+ *      A standard Tcl result.
+ *      
+ * Side effects:
+ *      See the user documentation.
+ *-----------------------------------------------------------------------------
+ */     
+static int
+NeoX_LdapObjCmd (clientData, interp, objc, objv)
+    ClientData    clientData;
+    Tcl_Interp   *interp;
+    int           objc;
+    Tcl_Obj      *CONST objv[];
+{
+    extern int    errno;
+    char         *subCommand;
+    char         *newCommand;
+    char         *ldapHost;
+    int           ldapPort = LDAP_PORT;
+    LDAP         *ldap;
+    LDAPTCL	 *ldaptcl;
+
+    Tcl_Obj      *resultObj = Tcl_GetObjResult (interp);
+
+    if (objc < 3) {
+	Tcl_WrongNumArgs (interp, 1, objv,
+			       "(open|init) new_command host [port]|explode dn");
+	return TCL_ERROR;
+    }
+
+    subCommand = Tcl_GetStringFromObj (objv[1], NULL);
+
+    if (STREQU(subCommand, "explode")) {
+	char *param;
+	int nonames = 0;
+	int list = 0;
+	char **exploded, **p;
+
+	param = Tcl_GetStringFromObj (objv[2], NULL);
+	if (param[0] == '-') {
+	    if (STREQU(param, "-nonames")) {
+		nonames = 1;
+	    } else if (STREQU(param, "-list")) {
+		list = 1;
+	    } else {
+		Tcl_WrongNumArgs (interp, 1, objv, "explode ?-nonames|-list? dn");
+		return TCL_ERROR;
+	    }
+	}
+	if (nonames || list)
+	    param = Tcl_GetStringFromObj (objv[3], NULL);
+	exploded = ldap_explode_dn(param, nonames);
+	for (p = exploded; *p; p++) {
+	    if (list) {
+		char *q = strchr(*p, '=');
+		if (!q) {
+		    Tcl_SetObjLength(resultObj, 0);
+		    Tcl_AppendStringsToObj(resultObj, "rdn ", *p,
+			" missing '='", NULL);
+		    ldap_value_free(exploded);
+		    return TCL_ERROR;
+		}
+		*q = '\0';
+		if (Tcl_ListObjAppendElement(interp, resultObj,
+			Tcl_NewStringObj(*p, -1)) != TCL_OK ||
+			Tcl_ListObjAppendElement(interp, resultObj,
+			Tcl_NewStringObj(q+1, -1)) != TCL_OK) {
+		    ldap_value_free(exploded);
+		    return TCL_ERROR;
+		}
+	    } else {
+		if (Tcl_ListObjAppendElement(interp, resultObj,
+			Tcl_NewStringObj(*p, -1))) {
+		    ldap_value_free(exploded);
+		    return TCL_ERROR;
+		}
+	    }
+	}
+	ldap_value_free(exploded);
+	return TCL_OK;
+    }
+
+#ifdef UMICH_LDAP
+    if (STREQU(subCommand, "friendly")) {
+	char *friendly = ldap_dn2ufn(Tcl_GetStringFromObj(objv[2], NULL));
+	Tcl_SetStringObj(resultObj, friendly, -1);
+	free(friendly);
+	return TCL_OK;
+    }
+#endif
+
+    newCommand = Tcl_GetStringFromObj (objv[2], NULL);
+    ldapHost = Tcl_GetStringFromObj (objv[3], NULL);
+
+    if (objc == 5) {
+	if (Tcl_GetIntFromObj (interp, objv [4], &ldapPort) == TCL_ERROR) {
+	    Tcl_AppendStringsToObj (resultObj,
+				    "LDAP port number is non-numeric",
+				    (char *)NULL);
+            return TCL_ERROR;
+	}
+    }
+
+    if (STREQU (subCommand, "open")) {
+	ldap = ldap_open (ldapHost, ldapPort);
+    } else if (STREQU (subCommand, "init")) {
+	int version = -1;
+	int i;
+	int value;
+	char *subOption;
+	char *subValue;
+
+#if LDAPTCL_PROTOCOL_VERSION_DEFAULT
+	version = LDAPTCL_PROTOCOL_VERSION_DEFAULT;
+#endif
+
+	for (i = 6; i < objc; i += 2)  {
+	    subOption =  Tcl_GetStringFromObj(objv[i-1], NULL);
+	    if (STREQU (subOption, "protocol_version")) {
+#ifdef LDAP_OPT_PROTOCOL_VERSION
+		subValue = Tcl_GetStringFromObj(objv[i], NULL);
+		if (STREQU (subValue, "2")) {
+		    version = LDAP_VERSION2;
+		}
+		else if (STREQU (subValue, "3")) {
+#ifdef LDAP_VERSION3
+		    version = LDAP_VERSION3;
+#else
+		    Tcl_SetStringObj (resultObj, "protocol_version 3 not supported", -1);
+		    return TCL_ERROR;
+#endif
+		}
+		else {
+		    Tcl_SetStringObj (resultObj, "protocol_version must be '2' or '3'", -1);
+		    return TCL_ERROR;
+		}
+#else
+		Tcl_SetStringObj (resultObj, "protocol_version not supported", -1);
+		return TCL_ERROR;
+#endif
+	    } else if (STREQU (subOption, "port")) {
+		if (Tcl_GetIntFromObj (interp, objv [i], &ldapPort) == TCL_ERROR) {
+		    Tcl_AppendStringsToObj (resultObj,
+					    "LDAP port number is non-numeric",
+					    (char *)NULL);
+		    return TCL_ERROR;
+		}
+	    } else {
+		Tcl_SetStringObj (resultObj, "valid options: protocol_version, port", -1);
+		return TCL_ERROR;
+	    }
+	}
+	ldap = ldap_init (ldapHost, ldapPort);
+
+#ifdef LDAP_OPT_PROTOCOL_VERSION
+	if (version != -1)
+	    ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+#endif
+    } else {
+	Tcl_AppendStringsToObj (resultObj, 
+				"option was not \"open\" or \"init\"");
+	return TCL_ERROR;
+    }
+
+    if (ldap == (LDAP *)NULL) {
+	Tcl_SetErrno(errno);
+	Tcl_AppendStringsToObj (resultObj, 
+				Tcl_PosixError (interp), 
+				(char *)NULL);
+	return TCL_ERROR;
+    }
+
+#ifdef UMICH_LDAP
+    ldap->ld_deref = LDAP_DEREF_NEVER;  /* Turn off alias dereferencing */
+#endif
+
+    ldaptcl = (LDAPTCL *) malloc(sizeof(LDAPTCL));
+    ldaptcl->ldap = ldap;
+    ldaptcl->caching = 0;
+    ldaptcl->timeout = 0;
+    ldaptcl->maxmem = 0;
+    ldaptcl->trapCmdObj = NULL;
+    ldaptcl->traplist = NULL;
+    ldaptcl->flags = 0;
+
+    Tcl_CreateObjCommand (interp,
+			  newCommand,
+                          NeoX_LdapTargetObjCmd,
+                          (ClientData) ldaptcl,
+                          NeoX_LdapObjDeleteCmd);
+    return TCL_OK;
+}
+
+/*-----------------------------------------------------------------------------
+ * Neo_initLDAP --
+ *     Initialize the LDAP interface.
+ *-----------------------------------------------------------------------------
+ */     
+int
+Ldaptcl_Init (interp)
+Tcl_Interp   *interp;
+{
+    Tcl_CreateObjCommand (interp,
+			  "ldap",
+                          NeoX_LdapObjCmd,
+                          (ClientData) NULL,
+                          (Tcl_CmdDeleteProc*) NULL);
+    /*
+    if (Neo_initLDAPX(interp) != TCL_OK)
+	return TCL_ERROR;
+    */
+    Tcl_PkgProvide(interp, "Ldaptcl", VERSION);
+    return TCL_OK;
+}
diff --git a/contrib/ldaptcl/pkgIndex.tcl.in b/contrib/ldaptcl/pkgIndex.tcl.in
new file mode 100644
index 0000000..f257556
--- /dev/null
+++ b/contrib/ldaptcl/pkgIndex.tcl.in
@@ -0,0 +1 @@
+package ifneeded Ldaptcl @NEO_VERSION@ "package require Tclx 8.0; load [file join $dir .. @NEO_SHARED_LIB_FILE@] Ldaptcl"
diff --git a/contrib/ldaptcl/tclAppInit.c b/contrib/ldaptcl/tclAppInit.c
new file mode 100644
index 0000000..f84e182
--- /dev/null
+++ b/contrib/ldaptcl/tclAppInit.c
@@ -0,0 +1,140 @@
+/* 
+ * tclAppInit.c --
+ *
+ *	Provides a default version of the main program and Tcl_AppInit
+ *	procedure for Tcl applications (without Tk).
+ *
+ * Copyright (c) 1993 The Regents of the University of California.
+ * Copyright (c) 1994-1995 Sun Microsystems, Inc.
+ *
+ * See the file "license.terms" for information on usage and redistribution
+ * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
+ *
+ * SCCS: @(#) tclAppInit.c 1.17 96/03/26 12:45:29
+ */
+
+#include "tcl.h"
+
+/*
+ * The following variable is a special hack that is needed in order for
+ * Sun shared libraries to be used for Tcl.
+ */
+
+extern int matherr();
+int *tclDummyMathPtr = (int *) matherr;
+
+#ifdef TCL_TEST
+EXTERN int		Tcltest_Init _ANSI_ARGS_((Tcl_Interp *interp));
+#endif /* TCL_TEST */
+
+/*
+ *----------------------------------------------------------------------
+ *
+ * main --
+ *
+ *	This is the main program for the application.
+ *
+ * Results:
+ *	None: Tcl_Main never returns here, so this procedure never
+ *	returns either.
+ *
+ * Side effects:
+ *	Whatever the application does.
+ *
+ *----------------------------------------------------------------------
+ */
+
+int
+main(argc, argv)
+    int argc;			/* Number of command-line arguments. */
+    char **argv;		/* Values of command-line arguments. */
+{
+#ifdef USE_TCLX
+    TclX_Main(argc, argv, Tcl_AppInit);
+#else
+    Tcl_Main(argc, argv, Tcl_AppInit);
+#endif
+    return 0;			/* Needed only to prevent compiler warning. */
+}
+
+/*
+ *----------------------------------------------------------------------
+ *
+ * Tcl_AppInit --
+ *
+ *	This procedure performs application-specific initialization.
+ *	Most applications, especially those that incorporate additional
+ *	packages, will have their own version of this procedure.
+ *
+ * Results:
+ *	Returns a standard Tcl completion code, and leaves an error
+ *	message in interp->result if an error occurs.
+ *
+ * Side effects:
+ *	Depends on the startup script.
+ *
+ *----------------------------------------------------------------------
+ */
+
+int
+Tcl_AppInit(interp)
+    Tcl_Interp *interp;		/* Interpreter for application. */
+{
+    if (Tcl_Init(interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }
+
+#ifdef USE_ITCL
+    if (Itcl_Init(interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }
+    Tcl_StaticPackage (interp, "Itcl", Itcl_Init, NULL);
+#endif
+
+#ifdef TCL_TEST
+    if (Tcltest_Init(interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Tcltest", Tcltest_Init,
+            (Tcl_PackageInitProc *) NULL);
+#endif /* TCL_TEST */
+
+#ifdef USE_TCLX
+    if (Tclx_Init (interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }   
+    Tcl_StaticPackage (interp, "Tclx", Tclx_Init, NULL);
+#endif
+
+    if (Ldaptcl_Init(interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Ldaptcl", Ldaptcl_Init,
+            (Tcl_PackageInitProc *) NULL);
+
+    /*
+     * Call the init procedures for included packages.  Each call should
+     * look like this:
+     *
+     * if (Mod_Init(interp) == TCL_ERROR) {
+     *     return TCL_ERROR;
+     * }
+     *
+     * where "Mod" is the name of the module.
+     */
+
+    /*
+     * Call Tcl_CreateCommand for application-specific commands, if
+     * they weren't already created by the init procedures called above.
+     */
+
+    /*
+     * Specify a user-specific startup file to invoke if the application
+     * is run interactively.  Typically the startup file is "~/.apprc"
+     * where "app" is the name of the application.  If this line is deleted
+     * then no user-specific startup file will be run under any conditions.
+     */
+
+    Tcl_SetVar(interp, "tcl_rcFileName", "~/.tclshrc", TCL_GLOBAL_ONLY);
+    return TCL_OK;
+}
diff --git a/contrib/ldaptcl/tkAppInit.c b/contrib/ldaptcl/tkAppInit.c
new file mode 100644
index 0000000..68fd956
--- /dev/null
+++ b/contrib/ldaptcl/tkAppInit.c
@@ -0,0 +1,119 @@
+/* 
+ * tkXAppInit.c --
+ *
+ * Provides a default version of the Tcl_AppInit procedure for use with
+ * applications built with Extended Tcl and Tk on Unix systems.  This is based
+ * on the the UCB Tk file tkAppInit.c
+ *-----------------------------------------------------------------------------
+ * Copyright 1991-1996 Karl Lehenbauer and Mark Diekhans.
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies.  Karl Lehenbauer and
+ * Mark Diekhans make no representations about the suitability of this
+ * software for any purpose.  It is provided "as is" without express or
+ * implied warranty.
+ *-----------------------------------------------------------------------------
+ * $OpenLDAP$
+ *-----------------------------------------------------------------------------
+ */
+
+#include "tclExtend.h"
+#include "tk.h"
+
+/*
+ * The following variable is a special hack that insures the tcl
+ * version of matherr() is used when linking against shared libraries
+ * Even if matherr is not used on this system, there is a dummy version
+ * in libtcl.
+ */
+EXTERN int matherr ();
+int (*tclDummyMathPtr)() = matherr;
+
+
+/*-----------------------------------------------------------------------------
+ * main --
+ *
+ * This is the main program for the application.
+ *-----------------------------------------------------------------------------
+ */
+#ifdef __cplusplus
+int
+main (int    argc,
+      char **argv)
+#else
+int
+main (argc, argv)
+    int    argc;
+    char **argv;
+#endif
+{
+#ifdef USE_TCLX
+    TkX_Main(argc, argv, Tcl_AppInit);
+#else
+    Tk_Main(argc, argv, Tcl_AppInit);
+#endif
+    return 0;                   /* Needed only to prevent compiler warning. */
+}
+
+/*-----------------------------------------------------------------------------
+ * Tcl_AppInit --
+ *
+ * This procedure performs application-specific initialization. Most
+ * applications, especially those that incorporate additional packages, will
+ * have their own version of this procedure.
+ *
+ * Results:
+ *    Returns a standard Tcl completion code, and leaves an error message in
+ * interp->result if an error occurs.
+ *-----------------------------------------------------------------------------
+ */
+#ifdef __cplusplus
+int
+Tcl_AppInit (Tcl_Interp *interp)
+#else
+int
+Tcl_AppInit (interp)
+    Tcl_Interp *interp;
+#endif
+{
+    if (Tcl_Init (interp) == TCL_ERROR) {
+        return TCL_ERROR;
+    }
+#ifdef USE_TCLX
+    if (Tclx_Init(interp) == TCL_ERROR) {
+        return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Tclx", Tclx_Init, Tclx_SafeInit);
+#endif
+    if (Tk_Init(interp) == TCL_ERROR) {
+        return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Tk", Tk_Init, (Tcl_PackageInitProc *) NULL);
+#ifdef USE_TCLX
+    if (Tkx_Init(interp) == TCL_ERROR) {
+        return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Tkx", Tkx_Init, (Tcl_PackageInitProc *) NULL);
+#endif
+
+    if (Ldaptcl_Init(interp) == TCL_ERROR) {
+	return TCL_ERROR;
+    }
+    Tcl_StaticPackage(interp, "Ldaptcl", Ldaptcl_Init,
+            (Tcl_PackageInitProc *) NULL);
+
+    /*
+     * Call Tcl_CreateCommand for application-specific commands, if
+     * they weren't already created by the init procedures called above.
+     */
+
+    /*
+     * Specify a user-specific startup file to invoke if the application
+     * is run interactively.  Typically the startup file is "~/.apprc"
+     * where "app" is the name of the application.  If this line is deleted
+     * then no user-specific startup file will be run under any conditions.
+     */
+    Tcl_SetVar(interp, "tcl_rcFileName", "~/.wishxrc", TCL_GLOBAL_ONLY);
+    return TCL_OK;
+}
diff --git a/contrib/slapd-modules/README b/contrib/slapd-modules/README
new file mode 100644
index 0000000..136f720
--- /dev/null
+++ b/contrib/slapd-modules/README
@@ -0,0 +1,64 @@
+Copyright 2008-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains native-API slapd modules (overlays etc):
+
+acl (plugins)
+	Plugins implementing access rules.  Currently one plugin
+	which implements access control based on posixGroup membership.
+
+addpartial (overlay)
+	Treat Add requests as Modify requests if the entry exists.
+
+allop (overlay)
+	Return operational attributes for root DSE even when not
+	requested, since some clients expect this.
+
+autogroup (overlay)
+	Automated updates of group memberships.
+
+cloak (overlay)
+	Hide specific attributes unless explicitly requested
+
+comp_match (plugin)
+	Component Matching rules (RFC 3687).
+
+denyop (overlay)
+	Deny selected operations, returning unwillingToPerform.
+
+dsaschema (plugin)
+	Permit loading DSA-specific schema, including operational attrs.
+
+lastbind (overlay)
+	Record the last successful authentication on an entry.
+
+lastmod (overlay)
+	Track the time of the last write operation to a database.
+
+nops (overlay)
+	Remove null operations, e.g. changing a value to same as before.
+
+nssov (listener overlay)
+	Handle NSS lookup requests through a local Unix Domain socket.
+
+passwd (plugins)
+	Support additional password mechanisms.
+	Currently Kerberos, Netscape MTA-MD5 and RADIUS.
+
+proxyOld (plugin)
+	Proxy Authorization compatibility with obsolete internet-draft.
+
+smbk5pwd (overlay)
+	Make the PasswordModify Extended Operation update Kerberos
+	keys and Samba password hashes as well as userPassword.
+
+trace (overlay)
+	Trace overlay invocation.
+
+usn (overlay)
+	Maintain usnCreated and usnChanged attrs similar to Microsoft AD.
+
+$OpenLDAP$
diff --git a/contrib/slapd-modules/acl/Makefile b/contrib/slapd-modules/acl/Makefile
new file mode 100644
index 0000000..090575d
--- /dev/null
+++ b/contrib/slapd-modules/acl/Makefile
@@ -0,0 +1,50 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = posixgroup.la gssacl.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+posixgroup.la: posixgroup.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+gssacl.la: gssacl.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/acl/README.gssacl b/contrib/slapd-modules/acl/README.gssacl
new file mode 100644
index 0000000..368b178
--- /dev/null
+++ b/contrib/slapd-modules/acl/README.gssacl
@@ -0,0 +1,32 @@
+This directory contains native slapd plugins that implement access rules.
+
+gssacl.c contains a simple example that implements access control
+based on GSS naming extensions attributes.
+
+To use the acl-gssacl plugin, add:
+
+moduleload acl-gssacl.so
+
+to your slapd configuration file.
+It is configured using
+
+access to <what>
+        by dynacl/gss/<attribute>.[.{base,regex,expand}]=<valpat> {<level>|<priv(s)>}
+
+The default is "exact"; in case of "expand", "<valpat>" results from
+the expansion of submatches in the "<what>" portion.  "<level>|<priv(s)>"
+describe the level of privilege this rule can assume.
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
+	-o acl-gssacl.so gssacl.c
+
+
+---
+Copyright 2011 PADL Software Pty Ltd. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
diff --git a/contrib/slapd-modules/acl/README.posixgroup b/contrib/slapd-modules/acl/README.posixgroup
new file mode 100644
index 0000000..5e0460d
--- /dev/null
+++ b/contrib/slapd-modules/acl/README.posixgroup
@@ -0,0 +1,35 @@
+This directory contains native slapd plugins that implement access rules.
+
+posixgroup.c contains a simple example that implements access control
+based on posixGroup membership, loosely inspired by ITS#3849.  It should
+be made clear that this access control policy does not reflect any
+standard track model of handling access control, and should be 
+essentially viewed as an illustration of the use of the dynamic 
+extension of access control within slapd.
+
+To use the acl-posixgroup plugin, add:
+
+moduleload acl-posixgroup.so
+
+to your slapd configuration file; it requires "nis.schema" to be loaded.
+It is configured using
+
+access to <what>
+	by dynacl/posixGroup[.{exact,expand}]=<dnpat> {<level>|<priv(s)}
+
+The default is "exact"; in case of "expand", "<dnpat>" results from
+the expansion of submatches in the "<what>" portion.  "<level>|<priv(s)>"
+describe the level of privilege this rule can assume.
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
+	-o acl-posixgroup.so posixgroup.c
+
+---
+Copyright 2005-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
diff --git a/contrib/slapd-modules/acl/gssacl.c b/contrib/slapd-modules/acl/gssacl.c
new file mode 100644
index 0000000..12d3b9a
--- /dev/null
+++ b/contrib/slapd-modules/acl/gssacl.c
@@ -0,0 +1,316 @@
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2011 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <ac/string.h>
+#include <slap.h>
+#include <lutil.h>
+
+#include <sasl/sasl.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+
+#define ACL_BUF_SIZE 1024
+
+typedef struct gssattr_t {
+	slap_style_t		gssattr_style;
+	struct berval		gssattr_name;		/* asserted name */
+	struct berval		gssattr_value;		/* asserted value */
+} gssattr_t;
+
+static int gssattr_dynacl_destroy( void *priv );
+
+static int
+regex_matches(
+	struct berval	*pat,		/* pattern to expand and match against */
+	char		*str,		/* string to match against pattern */
+	struct berval	*dn_matches,	/* buffer with $N expansion variables from DN */
+	struct berval	*val_matches,	/* buffer with $N expansion variables from val */
+	AclRegexMatches	*matches	/* offsets in buffer for $N expansion variables */
+);
+
+static int
+gssattr_dynacl_parse(
+	const char	*fname,
+	int 		lineno,
+	const char	*opts,
+	slap_style_t	style,
+	const char	*pattern,
+	void		**privp )
+{
+	gssattr_t	*gssattr;
+
+	gssattr = (gssattr_t *)ch_calloc( 1, sizeof( gssattr_t ) );
+
+	if ( opts == NULL || opts[0] == '\0' ) {
+		fprintf( stderr, "%s line %d: GSS ACL: no attribute specified.\n",
+			 fname, lineno );
+		goto cleanup;
+	}
+
+	if ( pattern == NULL || pattern[0] == '\0' ) {
+		fprintf( stderr, "%s line %d: GSS ACL: no attribute value specified.\n",
+			 fname, lineno );
+		goto cleanup;
+	}
+
+	gssattr->gssattr_style = style;
+
+	switch ( gssattr->gssattr_style ) {
+	case ACL_STYLE_BASE:
+	case ACL_STYLE_REGEX:
+	case ACL_STYLE_EXPAND:
+		break;
+	default:
+		fprintf( stderr, "%s line %d: GSS ACL: unsupported style \"%s\".\n",
+			 fname, lineno, style_strings[style] );
+		goto cleanup;
+		break;
+	}
+
+	ber_str2bv( opts,    0, 1, &gssattr->gssattr_name );
+	ber_str2bv( pattern, 0, 1, &gssattr->gssattr_value );
+
+	*privp = (void *)gssattr;
+	return 0;
+
+cleanup:
+	(void)gssattr_dynacl_destroy( (void *)gssattr );
+
+	return 1;
+}
+
+static int
+gssattr_dynacl_unparse(
+	void		*priv,
+	struct berval	*bv )
+{
+	gssattr_t	*gssattr = (gssattr_t *)priv;
+	char		*ptr;
+
+	bv->bv_len = STRLENOF( " dynacl/gss/.expand=" ) +
+		     gssattr->gssattr_name.bv_len +
+		     gssattr->gssattr_value.bv_len;
+	bv->bv_val = ch_malloc( bv->bv_len + 1 );
+
+	ptr = lutil_strcopy( bv->bv_val, " dynacl/gss/" );
+	ptr = lutil_strncopy( ptr, gssattr->gssattr_name.bv_val,
+			      gssattr->gssattr_name.bv_len );
+	switch ( gssattr->gssattr_style ) {
+	case ACL_STYLE_BASE:
+		ptr = lutil_strcopy( ptr, ".exact=" );
+		break;
+	case ACL_STYLE_REGEX:
+		ptr = lutil_strcopy( ptr, ".regex=" );
+		break;
+	case ACL_STYLE_EXPAND:
+		ptr = lutil_strcopy( ptr, ".expand=" );
+		break;
+	default:
+		assert( 0 );
+		break;
+	}
+
+	ptr = lutil_strncopy( ptr, gssattr->gssattr_value.bv_val,
+			      gssattr->gssattr_value.bv_len );
+
+	ptr[ 0 ] = '\0';
+
+	bv->bv_len = ptr - bv->bv_val;
+
+	return 0;
+}
+
+static int
+gssattr_dynacl_mask(
+	void			*priv,
+	Operation		*op,
+	Entry			*target,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	int			nmatch,
+	regmatch_t		*matches,
+	slap_access_t		*grant,
+	slap_access_t		*deny )
+{
+	gssattr_t	*gssattr = (gssattr_t *)priv;
+	sasl_conn_t	*sasl_ctx = op->o_conn->c_sasl_authctx;
+	gss_name_t	gss_name = GSS_C_NO_NAME;
+	OM_uint32	major, minor;
+	int		more = -1;
+	int		authenticated, complete;
+	gss_buffer_desc	attr = GSS_C_EMPTY_BUFFER;
+	int		granted = 0;
+
+	ACL_INVALIDATE( *deny );
+
+	if ( sasl_ctx == NULL ||
+	     sasl_getprop( sasl_ctx, SASL_GSS_PEER_NAME, (const void **)&gss_name) != 0 ||
+	     gss_name == GSS_C_NO_NAME ) {
+		return 0;
+	}
+
+	attr.length = gssattr->gssattr_name.bv_len;
+	attr.value = gssattr->gssattr_name.bv_val;
+
+	while ( more != 0 ) {
+		AclRegexMatches amatches = { 0 };
+		gss_buffer_desc	gss_value = GSS_C_EMPTY_BUFFER;
+		gss_buffer_desc	gss_display_value = GSS_C_EMPTY_BUFFER;
+		struct berval bv_value;
+
+		major = gss_get_name_attribute( &minor, gss_name, &attr,
+						&authenticated, &complete,
+						&gss_value, &gss_display_value, &more );
+		if ( GSS_ERROR( major ) ) {
+			break;
+		} else if ( authenticated == 0 ) {
+			gss_release_buffer( &minor, &gss_value );
+			gss_release_buffer( &minor, &gss_display_value );
+			continue;
+		}
+
+		bv_value.bv_len = gss_value.length;
+		bv_value.bv_val = (char *)gss_value.value;
+
+		if ( !ber_bvccmp( &gssattr->gssattr_value, '*' ) ) {
+			if ( gssattr->gssattr_style != ACL_STYLE_BASE ) {
+				amatches.dn_count = nmatch;
+				AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) );
+			}
+
+			switch ( gssattr->gssattr_style ) {
+			case ACL_STYLE_REGEX:
+				/* XXX assumes value NUL terminated */
+				granted = regex_matches( &gssattr->gssattr_value, bv_value.bv_val,
+							  &target->e_nname, val, &amatches );
+				break;
+			case ACL_STYLE_EXPAND: {
+				struct berval bv;
+				char buf[ACL_BUF_SIZE];
+
+				bv.bv_len = sizeof( buf ) - 1;
+				bv.bv_val = buf;
+
+				granted = ( acl_string_expand( &bv, &gssattr->gssattr_value,
+							       &target->e_nname, val,
+							       &amatches ) == 0 ) &&
+					  ( ber_bvstrcmp( &bv, &bv_value) == 0 );
+				break;
+			}
+			case ACL_STYLE_BASE:
+				granted = ( ber_bvstrcmp( &gssattr->gssattr_value, &bv_value ) == 0 );
+				break;
+			default:
+				assert(0);
+				break;
+			}
+		} else {
+			granted = 1;
+		}
+
+		gss_release_buffer( &minor, &gss_value );
+		gss_release_buffer( &minor, &gss_display_value );
+
+		if ( granted ) {
+			break;
+		}
+	}
+
+	if ( granted ) {
+		ACL_LVL_ASSIGN_WRITE( *grant );
+	}
+
+	return 0;
+}
+
+static int
+gssattr_dynacl_destroy(
+	void		*priv )
+{
+	gssattr_t		*gssattr = (gssattr_t *)priv;
+
+	if ( gssattr != NULL ) {
+		if ( !BER_BVISNULL( &gssattr->gssattr_name ) ) {
+			ber_memfree( gssattr->gssattr_name.bv_val );
+		}
+		if ( !BER_BVISNULL( &gssattr->gssattr_value ) ) {
+			ber_memfree( gssattr->gssattr_value.bv_val );
+		}
+		ch_free( gssattr );
+	}
+
+	return 0;
+}
+
+static struct slap_dynacl_t gssattr_dynacl = {
+	"gss",
+	gssattr_dynacl_parse,
+	gssattr_dynacl_unparse,
+	gssattr_dynacl_mask,
+	gssattr_dynacl_destroy
+};
+
+int
+init_module( int argc, char *argv[] )
+{
+	return slap_dynacl_register( &gssattr_dynacl );
+}
+
+
+static int
+regex_matches(
+	struct berval	*pat,		/* pattern to expand and match against */
+	char		*str,		/* string to match against pattern */
+	struct berval	*dn_matches,	/* buffer with $N expansion variables from DN */
+	struct berval	*val_matches,	/* buffer with $N expansion variables from val */
+	AclRegexMatches	*matches	/* offsets in buffer for $N expansion variables */
+)
+{
+	regex_t re;
+	char newbuf[ACL_BUF_SIZE];
+	struct berval bv;
+	int	rc;
+
+	bv.bv_len = sizeof( newbuf ) - 1;
+	bv.bv_val = newbuf;
+
+	if (str == NULL) {
+		str = "";
+	};
+
+	acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
+	rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
+	if ( rc ) {
+		char error[ACL_BUF_SIZE];
+		regerror( rc, &re, error, sizeof( error ) );
+
+		Debug( LDAP_DEBUG_TRACE,
+		    "compile( \"%s\", \"%s\") failed %s\n",
+			pat->bv_val, str, error );
+		return( 0 );
+	}
+
+	rc = regexec( &re, str, 0, NULL, 0 );
+	regfree( &re );
+
+	Debug( LDAP_DEBUG_TRACE,
+	    "=> regex_matches: string:	 %s\n", str );
+	Debug( LDAP_DEBUG_TRACE,
+	    "=> regex_matches: rc: %d %s\n",
+		rc, !rc ? "matches" : "no matches" );
+	return( !rc );
+}
+
diff --git a/contrib/slapd-modules/acl/posixgroup.c b/contrib/slapd-modules/acl/posixgroup.c
new file mode 100644
index 0000000..9a9a5a8
--- /dev/null
+++ b/contrib/slapd-modules/acl/posixgroup.c
@@ -0,0 +1,329 @@
+/* posixgroup.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <ac/string.h>
+#include <slap.h>
+#include <lutil.h>
+
+/* Need dynacl... */
+
+#ifdef SLAP_DYNACL
+
+typedef struct pg_t {
+	slap_style_t		pg_style;
+	struct berval		pg_pat;
+} pg_t;
+
+static ObjectClass		*pg_posixGroup;
+static AttributeDescription	*pg_memberUid;
+static ObjectClass		*pg_posixAccount;
+static AttributeDescription	*pg_uidNumber;
+
+static int pg_dynacl_destroy( void *priv );
+
+static int
+pg_dynacl_parse(
+	const char	*fname,
+	int 		lineno,
+	const char	*opts,
+	slap_style_t	style,
+	const char	*pattern,
+	void		**privp )
+{
+	pg_t		*pg;
+	int		rc;
+	const char	*text = NULL;
+	struct berval	pat;
+
+	ber_str2bv( pattern, 0, 0, &pat );
+
+	pg = ch_calloc( 1, sizeof( pg_t ) );
+
+	pg->pg_style = style;
+
+	switch ( pg->pg_style ) {
+	case ACL_STYLE_BASE:
+		rc = dnNormalize( 0, NULL, NULL, &pat, &pg->pg_pat, NULL );
+		if ( rc != LDAP_SUCCESS ) {
+			fprintf( stderr, "%s line %d: posixGroup ACL: "
+				"unable to normalize DN \"%s\".\n",
+				fname, lineno, pattern );
+			goto cleanup;
+		}
+		break;
+
+	case ACL_STYLE_EXPAND:
+		ber_dupbv( &pg->pg_pat, &pat );
+		break;
+
+	default:
+		fprintf( stderr, "%s line %d: posixGroup ACL: "
+			"unsupported style \"%s\".\n",
+			fname, lineno, style_strings[ pg->pg_style ] );
+		goto cleanup;
+	}
+
+	/* TODO: use opts to allow the use of different
+	 * group objects and member attributes */
+	if ( pg_posixGroup == NULL ) {
+		pg_posixGroup = oc_find( "posixGroup" );
+		if ( pg_posixGroup == NULL ) {
+			fprintf( stderr, "%s line %d: posixGroup ACL: "
+				"unable to lookup \"posixGroup\" "
+				"objectClass.\n",
+				fname, lineno );
+			goto cleanup;
+		}
+
+		pg_posixAccount = oc_find( "posixAccount" );
+		if ( pg_posixGroup == NULL ) {
+			fprintf( stderr, "%s line %d: posixGroup ACL: "
+				"unable to lookup \"posixAccount\" "
+				"objectClass.\n",
+				fname, lineno );
+			goto cleanup;
+		}
+
+		rc = slap_str2ad( "memberUid", &pg_memberUid, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			fprintf( stderr, "%s line %d: posixGroup ACL: "
+				"unable to lookup \"memberUid\" "
+				"attributeDescription (%d: %s).\n",
+				fname, lineno, rc, text );
+			goto cleanup;
+		}
+
+		rc = slap_str2ad( "uidNumber", &pg_uidNumber, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			fprintf( stderr, "%s line %d: posixGroup ACL: "
+				"unable to lookup \"uidNumber\" "
+				"attributeDescription (%d: %s).\n",
+				fname, lineno, rc, text );
+			goto cleanup;
+		}
+	}
+
+	*privp = (void *)pg;
+	return 0;
+
+cleanup:
+	(void)pg_dynacl_destroy( (void *)pg );
+
+	return 1;
+}
+
+static int
+pg_dynacl_unparse(
+	void		*priv,
+	struct berval	*bv )
+{
+	pg_t		*pg = (pg_t *)priv;
+	char		*ptr;
+
+	bv->bv_len = STRLENOF( " dynacl/posixGroup.expand=" ) + pg->pg_pat.bv_len;
+	bv->bv_val = ch_malloc( bv->bv_len + 1 );
+
+	ptr = lutil_strcopy( bv->bv_val, " dynacl/posixGroup" );
+
+	switch ( pg->pg_style ) {
+	case ACL_STYLE_BASE:
+		ptr = lutil_strcopy( ptr, ".exact=" );
+		break;
+
+	case ACL_STYLE_EXPAND:
+		ptr = lutil_strcopy( ptr, ".expand=" );
+		break;
+
+	default:
+		assert( 0 );
+	}
+
+	ptr = lutil_strncopy( ptr, pg->pg_pat.bv_val, pg->pg_pat.bv_len );
+	ptr[ 0 ] = '\0';
+
+	bv->bv_len = ptr - bv->bv_val;
+
+	return 0;
+}
+
+static int
+pg_dynacl_mask(
+	void			*priv,
+	Operation		*op,
+	Entry			*target,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	int			nmatch,
+	regmatch_t		*matches,
+	slap_access_t		*grant,
+	slap_access_t		*deny )
+{
+	pg_t		*pg = (pg_t *)priv;
+	Entry		*group = NULL,
+			*user = NULL;
+	int		rc;
+	Backend		*be = op->o_bd,
+			*group_be = NULL,
+			*user_be = NULL;
+	struct berval	group_ndn;
+
+	ACL_INVALIDATE( *deny );
+
+	/* get user */
+	if ( target && dn_match( &target->e_nname, &op->o_ndn ) ) {
+		user = target;
+		rc = LDAP_SUCCESS;
+
+	} else {
+		user_be = op->o_bd = select_backend( &op->o_ndn, 0 );
+		if ( op->o_bd == NULL ) {
+			op->o_bd = be;
+			return 0;
+		}
+		rc = be_entry_get_rw( op, &op->o_ndn, pg_posixAccount, pg_uidNumber, 0, &user );
+	}
+
+	if ( rc != LDAP_SUCCESS || user == NULL ) {
+		op->o_bd = be;
+		return 0;
+	}
+
+	/* get target */
+	if ( pg->pg_style == ACL_STYLE_EXPAND ) {
+		char		buf[ 1024 ];
+		struct berval	bv;
+		AclRegexMatches amatches = { 0 };
+
+		amatches.dn_count = nmatch;
+		AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) );
+
+		bv.bv_len = sizeof( buf ) - 1;
+		bv.bv_val = buf;
+
+		if ( acl_string_expand( &bv, &pg->pg_pat,
+				&target->e_nname,
+				NULL, &amatches ) )
+		{
+			goto cleanup;
+		}
+
+		if ( dnNormalize( 0, NULL, NULL, &bv, &group_ndn,
+				op->o_tmpmemctx ) != LDAP_SUCCESS )
+		{
+			/* did not expand to a valid dn */
+			goto cleanup;
+		}
+		
+	} else {
+		group_ndn = pg->pg_pat;
+	}
+
+	if ( target && dn_match( &target->e_nname, &group_ndn ) ) {
+		group = target;
+		rc = LDAP_SUCCESS;
+
+	} else {
+		group_be = op->o_bd = select_backend( &group_ndn, 0 );
+		if ( op->o_bd == NULL ) {
+			goto cleanup;
+		}
+		rc = be_entry_get_rw( op, &group_ndn, pg_posixGroup, pg_memberUid, 0, &group );
+	}
+
+	if ( group_ndn.bv_val != pg->pg_pat.bv_val ) {
+		op->o_tmpfree( group_ndn.bv_val, op->o_tmpmemctx );
+	}
+
+	if ( rc == LDAP_SUCCESS && group != NULL ) {
+		Attribute	*a_uid,
+				*a_member;
+
+		a_uid = attr_find( user->e_attrs, pg_uidNumber );
+		if ( !a_uid || !BER_BVISNULL( &a_uid->a_nvals[ 1 ] ) ) {
+			rc = LDAP_NO_SUCH_ATTRIBUTE;
+
+		} else {
+			a_member = attr_find( group->e_attrs, pg_memberUid );
+			if ( !a_member ) {
+				rc = LDAP_NO_SUCH_ATTRIBUTE;
+
+			} else {
+				rc = value_find_ex( pg_memberUid,
+					SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+					SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+					a_member->a_nvals, &a_uid->a_nvals[ 0 ],
+					op->o_tmpmemctx );
+			}
+		}
+
+	} else {
+		rc = LDAP_NO_SUCH_OBJECT;
+	}
+
+
+	if ( rc == LDAP_SUCCESS ) {
+		ACL_LVL_ASSIGN_WRITE( *grant );
+	}
+
+cleanup:;
+	if ( group != NULL && group != target ) {
+		op->o_bd = group_be;
+		be_entry_release_r( op, group );
+		op->o_bd = be;
+	}
+
+	if ( user != NULL && user != target ) {
+		op->o_bd = user_be;
+		be_entry_release_r( op, user );
+		op->o_bd = be;
+	}
+
+	return 0;
+}
+
+static int
+pg_dynacl_destroy(
+	void		*priv )
+{
+	pg_t		*pg = (pg_t *)priv;
+
+	if ( pg != NULL ) {
+		if ( !BER_BVISNULL( &pg->pg_pat ) ) {
+			ber_memfree( pg->pg_pat.bv_val );
+		}
+		ch_free( pg );
+	}
+
+	return 0;
+}
+
+static struct slap_dynacl_t pg_dynacl = {
+	"posixGroup",
+	pg_dynacl_parse,
+	pg_dynacl_unparse,
+	pg_dynacl_mask,
+	pg_dynacl_destroy
+};
+
+int
+init_module( int argc, char *argv[] )
+{
+	return slap_dynacl_register( &pg_dynacl );
+}
+
+#endif /* SLAP_DYNACL */
diff --git a/contrib/slapd-modules/addpartial/Makefile b/contrib/slapd-modules/addpartial/Makefile
new file mode 100644
index 0000000..ecb7cd0
--- /dev/null
+++ b/contrib/slapd-modules/addpartial/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = addpartial.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+addpartial.la: addpartial-overlay.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/addpartial/README b/contrib/slapd-modules/addpartial/README
new file mode 100644
index 0000000..968cdd8
--- /dev/null
+++ b/contrib/slapd-modules/addpartial/README
@@ -0,0 +1,72 @@
+addpartial Overlay README
+
+DESCRIPTION
+    This package contains an OpenLDAP overlay called "addpartial" that 
+    intercepts add requests, determines if the entry exists, determines what 
+    attributes, if any, have changed, and modifies those attributes.  If the
+    entry does not exist, the add request falls through and proceeds normally.
+    If the entry exists but no changes have been detected, the client receives
+    LDAP_SUCCESS (I suppose it is debatable what to do in this case, but this is
+    the most clean for my use.  The LDAP_SUCCESS lets me know that the entry I
+    sent slapd == the entry already in my slapd DB.  Perhaps this behavior
+    should be configurable in the future).
+
+    When a change is found, the addpartial overlay will replace all values for
+    the attribute (if an attribute does not exist in the new entry but exists
+    in the entry in the slapd DB, a replace will be done with an empty list of
+    values).
+
+    Once a modify takes place, the syncprov overlay will properly process the
+    change, provided that addpartial is the first overlay to run.  Please see
+    the CAVEATS for more specifics about this.
+
+    The addpartial overlay makes it easy to replicate full entries to a slapd 
+    instance without worrying about the differences between entries or even if
+    the entry exists.  Using ldapadd to add entries, the addpartial overlay can
+    compare about 500 records per second.  The intent of the addpartial overlay
+    is to make it easy to replicate records from a source that is not an LDAP
+    instance, such as a database.  The overlay is also useful in places where it
+    is easier to create full entries rather than comparing an entry with an
+    entry that must be retrieved (with ldapsearch or similar) from an existing
+    slapd DB to find changes. 
+
+    The addpartial overlay has been used in production since August 2004 and has
+    processed millions of records without incident.
+
+BUILDING
+    A Makefile is included, please set your LDAP_SRC directory properly.
+
+INSTALLATION
+    After compiling the addpartial overlay, add the following to your 
+    slapd.conf:
+
+    ### slapd.conf
+    ...
+    moduleload addpartial.so
+    ...
+    # after database directive...
+    # this overlay should be the last overlay in the config file to ensure that
+    # it properly intercepts the add request
+    overlay addpartial
+    ...
+    ### end slapd.conf
+
+CAVEATS
+    - In order to ensure that addpartial does what it needs to do, it should be
+      the last overlay configured so it will run before the other overlays.
+      This is especially important if you are using syncrepl, as the modify that
+      addpartial does will muck with the locking that takes place in the
+      syncprov overlay.
+
+---
+Copyright 2004-2022 The OpenLDAP Foundation.
+Portions Copyright (C) Virginia Tech, David Hawes.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+http://www.OpenLDAP.org/license.html.
diff --git a/contrib/slapd-modules/addpartial/addpartial-overlay.c b/contrib/slapd-modules/addpartial/addpartial-overlay.c
new file mode 100644
index 0000000..b1d637b
--- /dev/null
+++ b/contrib/slapd-modules/addpartial/addpartial-overlay.c
@@ -0,0 +1,349 @@
+/* addpartial-overlay.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2022 The OpenLDAP Foundation.
+ * Portions Copyright (C) 2004 Virginia Tech, David Hawes.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * http://www.OpenLDAP.org/license.html.
+ */
+/* ACKNOLEDGEDMENTS:
+ * This work was initially developed by David Hawes of Virginia Tech
+ * for inclusion in OpenLDAP Software.
+ */
+/* addpartial-overlay
+ *
+ * This is an OpenLDAP overlay that intercepts ADD requests, determines if a
+ * change has actually taken place for that record, and then performs a modify
+ * request for those values that have changed (modified, added, deleted).  If
+ * the record has not changed in any way, it is ignored.  If the record does not
+ * exist, the record falls through to the normal add mechanism.  This overlay is
+ * useful for replicating from sources that are not LDAPs where it is easier to
+ * build entire records than to determine the changes (i.e. a database). 
+ */
+
+#include "portable.h" 
+#include "slap.h"
+
+static int collect_error_msg_cb( Operation *op, SlapReply *rs);
+
+static slap_overinst addpartial;
+
+/**
+ *  The meat of the overlay.  Search for the record, determine changes, take
+ *  action or fall through.
+ */
+static int addpartial_add( Operation *op, SlapReply *rs)
+{
+    Operation nop = *op;
+    Entry *toAdd = NULL;
+    Entry *found = NULL;
+    slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+    int rc;
+
+    toAdd = op->oq_add.rs_e;
+
+    Debug(LDAP_DEBUG_TRACE, "%s: toAdd->e_nname.bv_val: %s\n",
+          addpartial.on_bi.bi_type, toAdd->e_nname.bv_val );
+
+    /* if the user doesn't have access, fall through to the normal ADD */
+    if(!access_allowed(op, toAdd, slap_schema.si_ad_entry,
+                       NULL, ACL_WRITE, NULL))
+    {
+        return SLAP_CB_CONTINUE;
+    }
+
+    rc = overlay_entry_get_ov(&nop, &nop.o_req_ndn, NULL, NULL, 0, &found, on);
+
+    if(rc != LDAP_SUCCESS)
+    {
+        Debug(LDAP_DEBUG_TRACE,
+              "%s: no entry found, falling through to normal add\n",
+              addpartial.on_bi.bi_type );
+        return SLAP_CB_CONTINUE;
+    }
+    else
+    { 
+        Debug(LDAP_DEBUG_TRACE, "%s: found the dn\n", addpartial.on_bi.bi_type );
+
+        if(found)
+        {
+            Attribute *attr = NULL;
+            Attribute *at = NULL;
+            int ret;
+            Modifications *mods = NULL;
+            Modifications **modtail = &mods;
+            Modifications *mod = NULL;
+
+            Debug(LDAP_DEBUG_TRACE, "%s: have an entry!\n",
+                  addpartial.on_bi.bi_type );
+
+           /* determine if the changes are in the found entry */ 
+            for(attr = toAdd->e_attrs; attr; attr = attr->a_next)
+            {
+                if(attr->a_desc->ad_type->sat_atype.at_usage != 0) continue;
+
+                at = attr_find(found->e_attrs, attr->a_desc);
+                if(!at)
+                {
+                    Debug(LDAP_DEBUG_TRACE, "%s: Attribute %s not found!\n",
+                          addpartial.on_bi.bi_type,
+                          attr->a_desc->ad_cname.bv_val );
+                    mod = (Modifications *) ch_malloc(sizeof(
+                                                            Modifications));
+                    mod->sml_flags = 0;
+                    mod->sml_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+                    mod->sml_op &= LDAP_MOD_OP;
+                    mod->sml_next = NULL;
+                    mod->sml_desc = attr->a_desc;
+                    mod->sml_type = attr->a_desc->ad_cname;
+                    mod->sml_values = attr->a_vals;
+                    mod->sml_nvalues = attr->a_nvals;
+                    mod->sml_numvals = attr->a_numvals;
+                    *modtail = mod;
+                    modtail = &mod->sml_next;
+                }
+                else
+                {
+                    MatchingRule *mr = attr->a_desc->ad_type->sat_equality;
+                    struct berval *bv;
+                    const char *text;
+                    int acount , bcount;
+                    Debug(LDAP_DEBUG_TRACE, "%s: Attribute %s found\n",
+                          addpartial.on_bi.bi_type,
+                          attr->a_desc->ad_cname.bv_val );
+
+                    for(bv = attr->a_vals, acount = 0; bv->bv_val != NULL; 
+                        bv++, acount++)
+                    {
+                        /* count num values for attr */
+                    }
+                    for(bv = at->a_vals, bcount = 0; bv->bv_val != NULL; 
+                        bv++, bcount++)
+                    {
+                        /* count num values for attr */
+                    }
+                    if(acount != bcount)
+                    {
+                        Debug(LDAP_DEBUG_TRACE, "%s: acount != bcount, %s\n",
+                              addpartial.on_bi.bi_type,
+                              "replace all" );
+                        mod = (Modifications *) ch_malloc(sizeof(
+                                                                Modifications));
+                        mod->sml_flags = 0;
+                        mod->sml_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+                        mod->sml_op &= LDAP_MOD_OP;
+                        mod->sml_next = NULL;
+                        mod->sml_desc = attr->a_desc;
+                        mod->sml_type = attr->a_desc->ad_cname;
+                        mod->sml_values = attr->a_vals;
+                        mod->sml_nvalues = attr->a_nvals;
+                        mod->sml_numvals = attr->a_numvals;
+                        *modtail = mod;
+                        modtail = &mod->sml_next;
+                        continue;
+                    }
+                    
+                    for(bv = attr->a_vals; bv->bv_val != NULL; bv++)
+                    {
+                        struct berval *v;
+                        ret = -1;
+                        
+                        for(v = at->a_vals; v->bv_val != NULL; v++)
+                        {
+                            int r;
+                            if(mr && ((r = value_match(&ret, attr->a_desc, mr,
+                                           SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+                                           bv, v, &text)) == 0))
+                            {
+                                if(ret == 0)
+                                    break;
+                            }
+                            else
+                            {
+                                Debug(LDAP_DEBUG_TRACE,
+                                      "%s: \tvalue DNE, r: %d \n",
+                                      addpartial.on_bi.bi_type,
+                                      r );
+                                ret = strcmp(bv->bv_val, v->bv_val);
+                                if(ret == 0)
+                                    break;
+                            }
+                        }
+
+                        if(ret == 0)
+                        {
+                            Debug(LDAP_DEBUG_TRACE,
+                                  "%s: \tvalue %s exists, ret: %d\n",
+                                  addpartial.on_bi.bi_type, bv->bv_val, ret);
+                        }
+                        else
+                        {
+                            Debug(LDAP_DEBUG_TRACE,
+                                  "%s: \tvalue %s DNE, ret: %d\n",
+                                  addpartial.on_bi.bi_type, bv->bv_val, ret);
+                            mod = (Modifications *) ch_malloc(sizeof(
+                                                                Modifications));
+                            mod->sml_flags = 0;
+                            mod->sml_op = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+                            mod->sml_op &= LDAP_MOD_OP;
+                            mod->sml_next = NULL;
+                            mod->sml_desc = attr->a_desc;
+                            mod->sml_type = attr->a_desc->ad_cname;
+                            mod->sml_values = attr->a_vals;
+                            mod->sml_nvalues = attr->a_nvals;
+                            mod->sml_numvals = attr->a_numvals;
+                            *modtail = mod;
+                            modtail = &mod->sml_next;
+                            break;
+                        }
+                    }
+                }
+            }
+
+            /* determine if any attributes were deleted */
+            for(attr = found->e_attrs; attr; attr = attr->a_next)
+            {
+                if(attr->a_desc->ad_type->sat_atype.at_usage != 0) continue;
+
+                at = NULL;
+                at = attr_find(toAdd->e_attrs, attr->a_desc);
+                if(!at)
+                {
+                    Debug(LDAP_DEBUG_TRACE,
+                          "%s: Attribute %s not found in new entry!!!\n",
+                          addpartial.on_bi.bi_type,
+                          attr->a_desc->ad_cname.bv_val );
+                    mod = (Modifications *) ch_malloc(sizeof(
+                                                        Modifications));
+                    mod->sml_flags = 0;
+                    mod->sml_op = LDAP_MOD_REPLACE;
+                    mod->sml_next = NULL;
+                    mod->sml_desc = attr->a_desc;
+                    mod->sml_type = attr->a_desc->ad_cname;
+                    mod->sml_values = NULL;
+                    mod->sml_nvalues = NULL;
+                    mod->sml_numvals = 0;
+                    *modtail = mod;
+                    modtail = &mod->sml_next;
+                }
+                else
+                {
+                    Debug(LDAP_DEBUG_TRACE,
+                          "%s: Attribute %s found in new entry\n",
+                          addpartial.on_bi.bi_type,
+                          at->a_desc->ad_cname.bv_val );
+                }
+            }
+
+            overlay_entry_release_ov(&nop, found, 0, on);
+
+            if(mods)
+            {
+                Modifications *m = NULL;
+                Modifications *toDel;
+                int modcount;
+                slap_callback nullcb = { NULL, collect_error_msg_cb, 
+                                         NULL, NULL };
+
+                Debug(LDAP_DEBUG_TRACE, "%s: mods to do...\n",
+                      addpartial.on_bi.bi_type );
+
+                nop.o_tag = LDAP_REQ_MODIFY;
+                nop.orm_modlist = mods;
+                nop.orm_no_opattrs = 0;
+                nop.o_callback = &nullcb;
+                nop.o_bd->bd_info = (BackendInfo *) on->on_info;
+
+                for(m = mods, modcount = 0; m; m = m->sml_next, 
+                    modcount++)
+                {
+                    /* count number of mods */
+                }
+
+                Debug(LDAP_DEBUG_TRACE, "%s: number of mods: %d\n",
+                      addpartial.on_bi.bi_type, modcount );
+
+                if(nop.o_bd->be_modify)
+                {
+                    SlapReply nrs = { REP_RESULT };
+                    rc = (nop.o_bd->be_modify)(&nop, &nrs);
+                }
+
+                if(rc == LDAP_SUCCESS)
+                {
+                    Debug(LDAP_DEBUG_TRACE,
+                          "%s: modify successful\n",
+                          addpartial.on_bi.bi_type );
+                }
+                else
+                {
+                    Debug(LDAP_DEBUG_TRACE, "%s: modify unsuccessful: %d\n",
+                          addpartial.on_bi.bi_type, rc );
+                    rs->sr_err = rc;
+                    if(nullcb.sc_private)
+                    {
+                        rs->sr_text = nullcb.sc_private;
+                    }
+                }
+
+                Debug(LDAP_DEBUG_TRACE, "%s: freeing mods...\n",
+                      addpartial.on_bi.bi_type );
+
+                for(toDel = mods; toDel; toDel = mods)
+                {
+                    mods = mods->sml_next;
+                    ch_free(toDel);
+                }
+            }
+            else
+            {
+                Debug(LDAP_DEBUG_TRACE, "%s: no mods to process\n",
+                      addpartial.on_bi.bi_type );
+            }
+        }
+        else
+        {
+            Debug(LDAP_DEBUG_TRACE, "%s: no entry!\n",
+                  addpartial.on_bi.bi_type );
+        }
+
+        op->o_callback = NULL;
+        send_ldap_result( op, rs );
+        ch_free((void *)rs->sr_text);
+        rs->sr_text = NULL;
+
+        return LDAP_SUCCESS;
+    }
+}
+
+static int collect_error_msg_cb( Operation *op, SlapReply *rs)
+{
+    if(rs->sr_text)
+    {
+        op->o_callback->sc_private = (void *) ch_strdup(rs->sr_text);
+    }
+
+    return LDAP_SUCCESS;
+}
+
+int addpartial_init() 
+{
+    addpartial.on_bi.bi_type = "addpartial";
+	addpartial.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+    addpartial.on_bi.bi_op_add = addpartial_add;
+
+    return (overlay_register(&addpartial));
+}
+
+int init_module(int argc, char *argv[]) 
+{
+    return addpartial_init();
+}
diff --git a/contrib/slapd-modules/adremap/Makefile b/contrib/slapd-modules/adremap/Makefile
new file mode 100644
index 0000000..b008eab
--- /dev/null
+++ b/contrib/slapd-modules/adremap/Makefile
@@ -0,0 +1,68 @@
+# $OpenLDAP$
+# Copyright 2015 Howard Chu <hyc@symas.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_ADREMAP=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = adremap.la
+MANPAGES = slapo-adremap.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+adremap.la: adremap.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/adremap/adremap.c b/contrib/slapd-modules/adremap/adremap.c
new file mode 100644
index 0000000..5a7b8f1
--- /dev/null
+++ b/contrib/slapd-modules/adremap/adremap.c
@@ -0,0 +1,652 @@
+/* adremap.c - Case-folding and DN-value remapping for AD proxies */
+/* $OpenLDAP$ */
+/*
+ * Copyright 2015 Howard Chu <hyc@symas.com>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+/*
+ * This file implements an overlay that performs two remapping functions
+ * to allow older POSIX clients to use Microsoft AD:
+ * 1: downcase the values of a configurable list of attributes
+ * 2: dereference some DN-valued attributes and convert to their simple names
+ *	   e.g. generate memberUid based on member
+ */
+
+#ifdef SLAPD_OVER_ADREMAP
+
+#include <ldap.h>
+#include "lutil.h"
+#include "slap.h"
+#include <ac/errno.h>
+#include <ac/time.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include "slap-config.h"
+
+typedef struct adremap_dnv {
+	struct adremap_dnv *ad_next;
+	AttributeDescription *ad_dnattr;	/* DN-valued attr to deref */
+	AttributeDescription *ad_deref;		/* target attr's value to retrieve */
+	AttributeDescription *ad_newattr;	/* New attr to collect new values */
+	ObjectClass *ad_group;		/* group objectclass on target */
+	ObjectClass *ad_mapgrp;		/* group objectclass to map */
+	ObjectClass *ad_refgrp;		/* objectclass of target DN */
+	struct berval ad_refbase;	/* base DN of target entries */
+} adremap_dnv;
+/* example: member uid memberUid */
+
+typedef struct adremap_case {
+	struct adremap_case *ac_next;
+	AttributeDescription *ac_attr;
+} adremap_case;
+
+/* Per-instance configuration information */
+typedef struct adremap_info {
+	adremap_case *ai_case;	/* attrs to downcase */
+	adremap_dnv *ai_dnv;	/* DN attrs to remap */
+} adremap_info;
+
+enum {
+	ADREMAP_CASE = 1,
+	ADREMAP_DNV
+};
+
+static ConfigDriver adremap_cf_case;
+static ConfigDriver adremap_cf_dnv;
+
+/* configuration attribute and objectclass */
+static ConfigTable adremapcfg[] = {
+	{ "adremap-downcase", "attrs", 2, 0, 0,
+	  ARG_MAGIC|ADREMAP_CASE, adremap_cf_case,
+	  "( OLcfgCtAt:6.1 "
+	  "NAME 'olcADremapDowncase' "
+	  "DESC 'List of attributes to casefold to lower case' "
+	  "EQUALITY caseIgnoreMatch "
+	  "SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "adremap-dnmap", "dnattr targetattr newattr remoteOC localOC targetOC baseDN", 8, 8, 0,
+	  ARG_MAGIC|ADREMAP_DNV, adremap_cf_dnv,
+	  "( OLcfgCtAt:6.2 "
+	  "NAME 'olcADremapDNmap' "
+	  "DESC 'DN attr to map, attr from target to use, attr to generate, objectclass of remote"
+	   " group, objectclass mapped group, objectclass of target entry, base DN of target entry' "
+	  "EQUALITY caseIgnoreMatch "
+	  "SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs adremapocs[] = {
+	{ "( OLcfgCtOc:6.1 "
+	  "NAME 'olcADremapConfig' "
+	  "DESC 'AD remap configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcADremapDowncase $ olcADremapDNmap ) )",
+	  Cft_Overlay, adremapcfg, NULL, NULL },
+	{ NULL, 0, NULL }
+};
+
+static int
+adremap_cf_case(ConfigArgs *c)
+{
+	BackendDB *be = (BackendDB *)c->be;
+	slap_overinst *on = (slap_overinst *)c->bi;
+	adremap_info *ai = on->on_bi.bi_private;
+	adremap_case *ac, **a2;
+	int rc = ARG_BAD_CONF;
+
+	switch(c->op) {
+	case SLAP_CONFIG_EMIT:
+		for (ac = ai->ai_case; ac; ac=ac->ac_next) {
+			rc = value_add_one(&c->rvalue_vals, &ac->ac_attr->ad_cname);
+			if (rc) break;
+		}
+		break;
+	case LDAP_MOD_DELETE:
+		if (c->valx < 0) {
+			for (ac = ai->ai_case; ac; ac=ai->ai_case) {
+				ai->ai_case = ac->ac_next;
+				ch_free(ac);
+			}
+		} else {
+			int i;
+			for (i=0, a2 = &ai->ai_case; i<c->valx; i++, a2 = &(*a2)->ac_next);
+			ac = *a2;
+			*a2 = ac->ac_next;
+			ch_free(ac);
+		}
+		rc = 0;
+		break;
+	default: {
+		const char *text;
+		adremap_case ad;
+		ad.ac_attr = NULL;
+		rc = slap_str2ad(c->argv[1], &ad.ac_attr, &text);
+		if (rc) break;
+		for (a2 = &ai->ai_case; *a2; a2 = &(*a2)->ac_next);
+		ac = ch_malloc(sizeof(adremap_case));
+		ac->ac_next = NULL;
+		ac->ac_attr = ad.ac_attr;
+		*a2 = ac;
+		break;
+		}
+	}
+	return rc;
+}
+
+static int
+adremap_cf_dnv(ConfigArgs *c)
+{
+	BackendDB *be = (BackendDB *)c->be;
+	slap_overinst *on = (slap_overinst *)c->bi;
+	adremap_info *ai = on->on_bi.bi_private;
+	adremap_dnv *ad, **a2;
+	int rc = ARG_BAD_CONF;
+
+	switch(c->op) {
+	case SLAP_CONFIG_EMIT:
+		for (ad = ai->ai_dnv; ad; ad=ad->ad_next) {
+			char *ptr;
+			struct berval bv;
+			bv.bv_len = ad->ad_dnattr->ad_cname.bv_len + ad->ad_deref->ad_cname.bv_len + ad->ad_newattr->ad_cname.bv_len + 2;
+			bv.bv_len += ad->ad_group->soc_cname.bv_len + ad->ad_mapgrp->soc_cname.bv_len + ad->ad_refgrp->soc_cname.bv_len + 3;
+			bv.bv_len += ad->ad_refbase.bv_len + 3;
+			bv.bv_val = ch_malloc(bv.bv_len + 1);
+			ptr = lutil_strcopy(bv.bv_val, ad->ad_dnattr->ad_cname.bv_val);
+			*ptr++ = ' ';
+			ptr = lutil_strcopy(ptr, ad->ad_deref->ad_cname.bv_val);
+			*ptr++ = ' ';
+			ptr = lutil_strcopy(ptr, ad->ad_newattr->ad_cname.bv_val);
+			*ptr++ = ' ';
+			ptr = lutil_strcopy(ptr, ad->ad_group->soc_cname.bv_val);
+			*ptr++ = ' ';
+			ptr = lutil_strcopy(ptr, ad->ad_mapgrp->soc_cname.bv_val);
+			*ptr++ = ' ';
+			ptr = lutil_strcopy(ptr, ad->ad_refgrp->soc_cname.bv_val);
+			*ptr++ = ' ';
+			*ptr++ = '"';
+			ptr = lutil_strcopy(ptr, ad->ad_refbase.bv_val);
+			*ptr++ = '"';
+			*ptr = '\0';
+			ber_bvarray_add(&c->rvalue_vals, &bv);
+		}
+		if (ai->ai_dnv) rc = 0;
+		break;
+	case LDAP_MOD_DELETE:
+		if (c->valx < 0) {
+			for (ad = ai->ai_dnv; ad; ad=ai->ai_dnv) {
+				ai->ai_dnv = ad->ad_next;
+				ch_free(ad);
+			}
+		} else {
+			int i;
+			for (i=0, a2 = &ai->ai_dnv; i<c->valx; i++, a2 = &(*a2)->ad_next);
+			ad = *a2;
+			*a2 = ad->ad_next;
+			ch_free(ad);
+		}
+		rc = 0;
+		break;
+	default: {
+		const char *text;
+		adremap_dnv av = {0};
+		struct berval dn;
+		rc = slap_str2ad(c->argv[1], &av.ad_dnattr, &text);
+		if (rc) break;
+		if (av.ad_dnattr->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName) {
+			rc = 1;
+			snprintf(c->cr_msg, sizeof(c->cr_msg), "<%s> not a DN-valued attribute",
+				c->argv[0]);
+			Debug(LDAP_DEBUG_ANY, "%s: %s(%s)\n", c->log, c->cr_msg, c->argv[1]);
+			break;
+		}
+		rc = slap_str2ad(c->argv[2], &av.ad_deref, &text);
+		if (rc) break;
+		rc = slap_str2ad(c->argv[3], &av.ad_newattr, &text);
+		if (rc) break;
+		av.ad_group = oc_find(c->argv[4]);
+		if (!av.ad_group) {
+			rc = 1;
+			break;
+		}
+		av.ad_mapgrp = oc_find(c->argv[5]);
+		if (!av.ad_mapgrp) {
+			rc = 1;
+			break;
+		}
+		av.ad_refgrp = oc_find(c->argv[6]);
+		if (!av.ad_refgrp) {
+			rc = 1;
+			break;
+		}
+		ber_str2bv(c->argv[7], 0, 0, &dn);
+		rc = dnNormalize(0, NULL, NULL, &dn, &av.ad_refbase, NULL);
+		if (rc) break;
+
+		for (a2 = &ai->ai_dnv; *a2; a2 = &(*a2)->ad_next);
+		ad = ch_malloc(sizeof(adremap_dnv));
+		ad->ad_next = NULL;
+		ad->ad_dnattr = av.ad_dnattr;
+		ad->ad_deref = av.ad_deref;
+		ad->ad_newattr = av.ad_newattr;
+		ad->ad_group = av.ad_group;
+		ad->ad_mapgrp = av.ad_mapgrp;
+		ad->ad_refgrp = av.ad_refgrp;
+		ad->ad_refbase = av.ad_refbase;
+		*a2 = ad;
+		break;
+		}
+	}
+	return rc;
+}
+
+typedef struct adremap_ctx {
+	slap_overinst *on;
+	AttributeName an;
+	AttributeDescription *ad;
+	int an_swap;
+} adremap_ctx;
+
+static int
+adremap_search_resp(
+	Operation *op,
+	SlapReply *rs
+)
+{
+	adremap_ctx *ctx = op->o_callback->sc_private;
+	slap_overinst *on = ctx->on;
+	adremap_info *ai = on->on_bi.bi_private;
+	adremap_case *ac;
+	adremap_dnv *ad;
+	Attribute *a;
+	Entry *e;
+
+	if (rs->sr_type != REP_SEARCH)
+		return SLAP_CB_CONTINUE;
+
+	/* we munged the attr list, restore it to original */
+	if (ctx->an_swap) {
+		int i;
+		ctx->an_swap = 0;
+		for (i=0; rs->sr_attrs[i].an_name.bv_val; i++) {
+			if (rs->sr_attrs[i].an_desc == ctx->ad) {
+				rs->sr_attrs[i] = ctx->an;
+				break;
+			}
+		}
+		/* Usually rs->sr_attrs is just op->ors_attrs, but
+		 * overlays like rwm may make a new copy. Fix both
+		 * if needed.
+		 */
+		if (op->ors_attrs != rs->sr_attrs) {
+			for (i=0; op->ors_attrs[i].an_name.bv_val; i++) {
+				if (op->ors_attrs[i].an_desc == ctx->ad) {
+					op->ors_attrs[i] = ctx->an;
+					break;
+				}
+			}
+		}
+	}
+	e = rs->sr_entry;
+	for (ac = ai->ai_case; ac; ac = ac->ac_next) {
+		a = attr_find(e->e_attrs, ac->ac_attr);
+		if (a) {
+			int i, j;
+			if (!(rs->sr_flags & REP_ENTRY_MODIFIABLE)) {
+				e = entry_dup(e);
+				rs_replace_entry(op, rs, on, e);
+				rs->sr_flags |= REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
+				a = attr_find(e->e_attrs, ac->ac_attr);
+			}
+			for (i=0; i<a->a_numvals; i++) {
+				unsigned char *c = a->a_vals[i].bv_val;
+				for (j=0; j<a->a_vals[i].bv_len; j++)
+					if (isupper(c[j]))
+						c[j] = tolower(c[j]);
+			}
+		}
+	}
+	for (ad = ai->ai_dnv; ad; ad = ad->ad_next) {
+		a = attr_find(e->e_attrs, ad->ad_dnattr);
+		if (a) {
+			Entry *n;
+			Attribute *dr;
+			int i, rc;
+			if (!(rs->sr_flags & REP_ENTRY_MODIFIABLE)) {
+				e = entry_dup(e);
+				rs_replace_entry(op, rs, on, e);
+				rs->sr_flags |= REP_ENTRY_MODIFIABLE|REP_ENTRY_MUSTBEFREED;
+				a = attr_find(e->e_attrs, ad->ad_dnattr);
+			}
+			for (i=0; i<a->a_numvals; i++) {
+				struct berval dv;
+				dv = ad->ad_deref->ad_cname;
+					/* If the RDN uses the deref attr, just use it directly */
+				if (a->a_nvals[i].bv_val[dv.bv_len] == '=' &&
+					!memcmp(a->a_nvals[i].bv_val, dv.bv_val, dv.bv_len)) {
+					struct berval bv, nv;
+					char *ptr;
+					bv = a->a_vals[i];
+					nv = a->a_nvals[i];
+					bv.bv_val += dv.bv_len + 1;
+					ptr = strchr(bv.bv_val, ',');
+					if (ptr)
+						bv.bv_len = ptr - bv.bv_val;
+					else
+						bv.bv_len -= dv.bv_len+1;
+					nv.bv_val += dv.bv_len + 1;
+					ptr = strchr(nv.bv_val, ',');
+					if (ptr)
+						nv.bv_len = ptr - nv.bv_val;
+					else
+						nv.bv_len -= dv.bv_len+1;
+					attr_merge_one(e, ad->ad_newattr, &bv, &nv);
+				} else {
+					/* otherwise look up the deref attr */
+					n = NULL;
+					rc = be_entry_get_rw(op, &a->a_nvals[i], NULL, ad->ad_deref, 0, &n);
+					if (!rc && n) {
+						dr = attr_find(n->e_attrs, ad->ad_deref);
+						if (dr)
+							attr_merge_one(e, ad->ad_newattr, dr->a_vals, dr->a_nvals);
+						be_entry_release_r(op, n);
+					}
+				}
+			}
+		}
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static int adremap_refsearch(
+	Operation *op,
+	SlapReply *rs
+)
+{
+	if (rs->sr_type == REP_SEARCH) {
+		slap_callback *sc = op->o_callback;
+		struct berval *dn = sc->sc_private;
+		ber_dupbv_x(dn, &rs->sr_entry->e_nname, op->o_tmpmemctx);
+		return LDAP_SUCCESS;
+	}
+	return rs->sr_err;
+}
+
+static adremap_dnv *adremap_filter(
+	Operation *op,
+	adremap_info *ai
+)
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	Filter *f = op->ors_filter, *fn = NULL;
+	adremap_dnv *ad = NULL;
+	struct berval bv;
+	int fextra = 0;
+
+	/* Do we need to munge the filter? First see if it's of
+	 * the form (objectClass=<mapgrp>)
+	 * or form (&(objectClass=<mapgrp>)...)
+	 * or form (&(&(objectClass=<mapgrp>)...)...)
+	 */
+	if (f->f_choice == LDAP_FILTER_AND && f->f_and) {
+		fextra = 1;
+		f = f->f_and;
+		fn = f->f_next;
+	}
+	if (f->f_choice == LDAP_FILTER_AND && f->f_and) {
+		fextra = 2;
+		f = f->f_and;
+	}
+	if (f->f_choice == LDAP_FILTER_EQUALITY &&
+		f->f_av_desc == slap_schema.si_ad_objectClass) {
+		struct berval bv = f->f_av_value;
+
+		for (ad = ai->ai_dnv; ad; ad = ad->ad_next) {
+			if (!ber_bvstrcasecmp( &bv, &ad->ad_mapgrp->soc_cname )) {
+			/* Now check to see if next element is (<newattr>=foo) */
+				Filter *fnew;
+				if (fn && fn->f_choice == LDAP_FILTER_EQUALITY &&
+					fn->f_av_desc == ad->ad_newattr) {
+					Filter fr[3];
+					AttributeAssertion aa[2] = {0};
+					Operation op2;
+					slap_callback cb = {0};
+					SlapReply rs = {REP_RESULT};
+					struct berval dn = BER_BVNULL;
+
+					/* It's a match, setup a search with filter
+					 * (&(objectclass=<refgrp>)(<deref>=foo))
+					 */
+					fr[0].f_choice = LDAP_FILTER_AND;
+					fr[0].f_and = &fr[1];
+					fr[0].f_next = NULL;
+
+					fr[1].f_choice = LDAP_FILTER_EQUALITY;
+					fr[1].f_ava = &aa[0];
+					fr[1].f_av_desc = slap_schema.si_ad_objectClass;
+					fr[1].f_av_value = ad->ad_refgrp->soc_cname;
+					fr[1].f_next = &fr[2];
+
+					fr[2].f_choice = LDAP_FILTER_EQUALITY;
+					fr[2].f_ava = &aa[1];
+					fr[2].f_av_desc = ad->ad_deref;
+					fr[2].f_av_value = fn->f_av_value;
+					fr[2].f_next = NULL;
+
+					/* Search with this filter to retrieve target DN */
+					op2 = *op;
+					op2.o_callback = &cb;
+					cb.sc_response = adremap_refsearch;
+					cb.sc_private = &dn;
+					op2.o_req_dn = ad->ad_refbase;
+					op2.o_req_ndn = ad->ad_refbase;
+					op2.ors_filter = fr;
+					filter2bv_x(op, fr, &op2.ors_filterstr);
+					op2.ors_deref = LDAP_DEREF_NEVER;
+					op2.ors_slimit = 1;
+					op2.ors_tlimit = SLAP_NO_LIMIT;
+					op2.ors_attrs = slap_anlist_no_attrs;
+					op2.ors_attrsonly = 1;
+					op2.o_no_schema_check = 1;
+					op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+					op2.o_bd->be_search(&op2, &rs);
+					op2.o_bd->bd_info = (BackendInfo *)on;
+					op->o_tmpfree(op2.ors_filterstr.bv_val, op->o_tmpmemctx);
+
+					if (!dn.bv_len) {	/* no match was found */
+						ad = NULL;
+						break;
+					}
+
+					if (rs.sr_err) {	/* sizelimit exceeded, etc.: invalid name */
+						op->o_tmpfree(dn.bv_val, op->o_tmpmemctx);
+						ad = NULL;
+						break;
+					}
+
+					/* Build a new filter of form
+					 * (&(objectclass=<group>)(<dnattr>=foo-DN)...)
+					 */
+					f = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+					f->f_choice = LDAP_FILTER_AND;
+					fnew = f;
+					f->f_next = NULL;
+
+					f->f_and = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+					f = f->f_and;
+					f->f_choice = LDAP_FILTER_EQUALITY;
+					f->f_ava = op->o_tmpcalloc(1, sizeof(AttributeAssertion), op->o_tmpmemctx);
+					f->f_av_desc = slap_schema.si_ad_objectClass;
+					ber_dupbv_x(&f->f_av_value, &ad->ad_group->soc_cname, op->o_tmpmemctx);
+
+					f->f_next = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+					f = f->f_next;
+					f->f_choice = LDAP_FILTER_EQUALITY;
+					f->f_ava = op->o_tmpcalloc(1, sizeof(AttributeAssertion), op->o_tmpmemctx);
+					f->f_av_desc = ad->ad_dnattr;
+					f->f_av_value = dn;
+
+					f->f_next = fn->f_next;
+					fn->f_next = NULL;
+				} else {
+					/* Build a new filter of form
+					 * (objectclass=<group>)
+					 */
+					f->f_next = NULL;	/* disconnect old chain */
+
+					f = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+					f->f_choice = LDAP_FILTER_EQUALITY;
+					f->f_ava = op->o_tmpcalloc(1, sizeof(AttributeAssertion), op->o_tmpmemctx);
+					f->f_av_desc = slap_schema.si_ad_objectClass;
+					ber_dupbv_x(&f->f_av_value, &ad->ad_group->soc_cname, op->o_tmpmemctx);
+
+					/* If there was a wrapping (&), attach it. */
+					if (fextra) {
+						fnew = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+						fnew->f_choice = LDAP_FILTER_AND;
+						fnew->f_and = f;
+						fnew->f_next = NULL;
+						f->f_next = fn;
+					} else {
+						fnew = f;
+						f->f_next = NULL;
+					}
+				}
+				if (fextra > 1) {
+					f = op->o_tmpalloc(sizeof(Filter), op->o_tmpmemctx);
+					f->f_choice = LDAP_FILTER_AND;
+					f->f_and = fnew->f_and;
+					f->f_next = f->f_and->f_next;
+					f->f_and->f_next = op->ors_filter->f_and->f_and->f_next;
+					op->ors_filter->f_and->f_and->f_next = NULL;
+					fnew->f_and = f;
+				}
+				filter_free_x(op, op->ors_filter, 1);
+				op->o_tmpfree(op->ors_filterstr.bv_val, op->o_tmpmemctx);
+				op->ors_filter = fnew;
+				filter2bv_x(op, op->ors_filter, &op->ors_filterstr);
+				break;
+			}
+		}
+	}
+	return ad;
+}
+
+static int
+adremap_search(
+	Operation *op,
+	SlapReply *rs
+)
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	adremap_info *ai = (adremap_info *) on->on_bi.bi_private;
+	adremap_ctx *ctx;
+	adremap_dnv *ad = NULL;
+	slap_callback *cb;
+
+	/* Is this our own internal search? Ignore it */
+	if (op->o_no_schema_check)
+		return SLAP_CB_CONTINUE;
+
+	if (ai->ai_dnv)
+		/* check for filter match, fallthru if none */
+		ad = adremap_filter(op, ai);
+
+	cb = op->o_tmpcalloc(1, sizeof(slap_callback)+sizeof(adremap_ctx), op->o_tmpmemctx);
+	cb->sc_response = adremap_search_resp;
+	cb->sc_private = cb+1;
+	cb->sc_next = op->o_callback;
+	op->o_callback = cb;
+	ctx = cb->sc_private;
+	ctx->on = on;
+	if (ad && op->ors_attrs) {	/* see if we need to remap a search attr */
+		int i;
+		for (i=0; op->ors_attrs[i].an_name.bv_val; i++) {
+			if (op->ors_attrs[i].an_desc == ad->ad_newattr) {
+				ctx->an_swap = 1;
+				ctx->ad = ad->ad_dnattr;
+				ctx->an = op->ors_attrs[i];
+				op->ors_attrs[i].an_desc = ad->ad_dnattr;
+				op->ors_attrs[i].an_name = ad->ad_dnattr->ad_cname;
+				break;
+			}
+		}
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+adremap_db_init(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst *on = (slap_overinst *) be->bd_info;
+
+	/* initialize private structure to store configuration */
+	on->on_bi.bi_private = ch_calloc( 1, sizeof(adremap_info) );
+
+	return 0;
+}
+
+static int
+adremap_db_destroy(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst *on = (slap_overinst *) be->bd_info;
+	adremap_info *ai = (adremap_info *) on->on_bi.bi_private;
+	adremap_case *ac;
+	adremap_dnv *ad;
+
+	/* free config */
+	for (ac = ai->ai_case; ac; ac = ai->ai_case) {
+		ai->ai_case = ac->ac_next;
+		ch_free(ac);
+	}
+	for (ad = ai->ai_dnv; ad; ad = ai->ai_dnv) {
+		ai->ai_dnv = ad->ad_next;
+		ch_free(ad);
+	}
+	free( ai );
+
+	return 0;
+}
+
+static slap_overinst adremap;
+
+int adremap_initialize()
+{
+	int i, code;
+
+	adremap.on_bi.bi_type = "adremap";
+	adremap.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	adremap.on_bi.bi_db_init = adremap_db_init;
+	adremap.on_bi.bi_db_destroy = adremap_db_destroy;
+	adremap.on_bi.bi_op_search = adremap_search;
+
+	/* register configuration directives */
+	adremap.on_bi.bi_cf_ocs = adremapocs;
+	code = config_register_schema( adremapcfg, adremapocs );
+	if ( code ) return code;
+
+	return overlay_register( &adremap );
+}
+
+#if SLAPD_OVER_ADREMAP == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return adremap_initialize();
+}
+#endif
+
+#endif	/* defined(SLAPD_OVER_ADREMAP) */
diff --git a/contrib/slapd-modules/adremap/slapo-adremap.5 b/contrib/slapd-modules/adremap/slapo-adremap.5
new file mode 100644
index 0000000..8b1fa45
--- /dev/null
+++ b/contrib/slapd-modules/adremap/slapo-adremap.5
@@ -0,0 +1,104 @@
+.TH SLAPO-ADREMAP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015 Howard Chu, All Rights Reserved.
+.\" $OpenLDAP$
+.SH NAME
+slapo-adremap \- AD Remap overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B adremap
+overlay to
+.BR slapd (8)
+remaps some attribute values for compatibility between Microsoft AD
+and older POSIX systems' PAM/NSS clients. It can be configured to
+convert values of given attributes to lower case, and it can be
+configured to generate RFC2307-compliant group memberships based
+on RFC2307bis groups. All mapping is only performed on entries
+returned as search responses.
+
+.SH CONFIGURATION
+The config directives that are specific to the
+.B adremap
+overlay must be prefixed by
+.BR adremap\- ,
+to avoid potential conflicts with directives specific to the underlying 
+database or to other stacked overlays.
+
+.TP
+.B overlay adremap
+This directive adds the
+.B adremap
+overlay to the current database, see
+.BR slapd.conf (5)
+for details.
+
+.LP
+These
+.B slapd.conf
+configuration options are defined for the adremap overlay. They must
+appear after the
+.B overlay
+directive. They can each be specified multiple times:
+.TP
+.B adremap-downcase <attr>
+Specify an attributeType whose values will all be mapped to lowercase
+when returned in search responses.
+.TP
+.B adremap-dnmap <dnattr> <targetattr> <newattr> <remoteOC> <localOC> <targetOC> <baseDN>
+Specify a DN-valued attributeType whose values will be dereferenced. The
+.B <targetattr>
+of the target entry will be retrieved and its value will be added to the
+.B <newattr>
+in the entry. In addition, searches using a filter of the form
+.B (&(objectClass=<localOC>)(<newattr>=xxx))
+will be rewritten into the form
+.BR (&(objectClass=<remoteOC>)(<dnattr>=xxx-DN)) .
+This rewrite will accomplished by performing an additional internal search,
+with subtree scope, using the specified baseDN and a filter of the form
+.BR (&(objectClass=<targetOC>)(<targetattr>=xxx)) .
+
+
+.SH EXAMPLE
+This example configures the
+.B adremap
+overlay to map all
+.B uid
+attributes to lowercase, and create
+.B memberUid
+values for group entries. The mapping will turn requests for posixGroup
+entries into requests for groupOfNames entries, and the internal search
+will use inetOrgPerson entries under the ou=People,dc=example,dc=com subtree.
+
+Add the following to
+.BR slapd.conf (5):
+
+.LP
+.nf
+    database <database>
+    # ...
+
+    overlay adremap
+    adremap-downcase uid
+    adremap-dnmap member uid memberUid groupOfNames posixGroup inetOrgPerson ou=people,dc=example,dc=com
+.fi
+.LP
+.B slapd
+must also load
+.B adremap.la,
+if compiled as a run-time module;
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+The
+.BR slapo-adremap (5)
+overlay supports dynamic configuration via
+.BR back-config.
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2015 by Howard Chu.
diff --git a/contrib/slapd-modules/allop/Makefile b/contrib/slapd-modules/allop/Makefile
new file mode 100644
index 0000000..053f377
--- /dev/null
+++ b/contrib/slapd-modules/allop/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = allop.la
+MANPAGES = slapo-allop.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+allop.la: allop.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/allop/README b/contrib/slapd-modules/allop/README
new file mode 100644
index 0000000..3768e6a
--- /dev/null
+++ b/contrib/slapd-modules/allop/README
@@ -0,0 +1,26 @@
+This directory contains a slapd overlay, allop.
+The intended usage is as a global overlay for use with those clients
+that do not make use of the RFC3673 allOp ("+") in the requested 
+attribute list, but expect all operational attributes to be returned.
+Usage: add to slapd.conf(5)
+
+moduleload	path/to/allop.so
+
+overlay		allop
+allop-URI	<ldapURI>
+
+if the allop-URI is not given, the rootDSE, i.e. "ldap:///??base",
+is assumed.
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
+	-o allop.so allop.c
+
+---
+Copyright 2004-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
diff --git a/contrib/slapd-modules/allop/allop.c b/contrib/slapd-modules/allop/allop.c
new file mode 100644
index 0000000..52fab3a
--- /dev/null
+++ b/contrib/slapd-modules/allop/allop.c
@@ -0,0 +1,262 @@
+/* allop.c - returns all operational attributes when appropriate */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * The intended usage is as a global overlay for use with those clients
+ * that do not make use of the RFC3673 allOp ("+") in the requested 
+ * attribute list, but expect all operational attributes to be returned.
+ * Usage: add
+ *
+
+overlay		allop
+allop-URI	<ldapURI>
+
+ *
+ * if the allop-URI is not given, the rootDSE, i.e. "ldap:///??base",
+ * is assumed.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+
+#define	SLAP_OVER_VERSION_REQUIRE(major,minor,patch) \
+	( \
+		( LDAP_VENDOR_VERSION_MAJOR == X || LDAP_VENDOR_VERSION_MAJOR >= (major) ) \
+		&& ( LDAP_VENDOR_VERSION_MINOR == X || LDAP_VENDOR_VERSION_MINOR >= (minor) ) \
+		&& ( LDAP_VENDOR_VERSION_PATCH == X || LDAP_VENDOR_VERSION_PATCH >= (patch) ) \
+	)
+
+#if !SLAP_OVER_VERSION_REQUIRE(2,3,0)
+#error "version mismatch"
+#endif
+
+typedef struct allop_t {
+	struct berval	ao_ndn;
+	int		ao_scope;
+} allop_t;
+
+static int
+allop_db_config(
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	allop_t		*ao = (allop_t *)on->on_bi.bi_private;
+
+	if ( strcasecmp( argv[ 0 ], "allop-uri" ) == 0 ) {
+		LDAPURLDesc	*lud;
+		struct berval	dn,
+				ndn;
+		int		scope,
+				rc = LDAP_SUCCESS;
+
+		if ( argc != 2 ) {
+			fprintf( stderr, "%s line %d: "
+				"need exactly 1 arg "
+				"in \"allop-uri <ldapURI>\" "
+				"directive.\n",
+				fname, lineno );
+			return 1;
+		}
+
+		if ( ldap_url_parse( argv[ 1 ], &lud ) != LDAP_URL_SUCCESS ) {
+			return -1;
+		}
+
+		scope = lud->lud_scope;
+		if ( scope == LDAP_SCOPE_DEFAULT ) {
+			scope = LDAP_SCOPE_BASE;
+		}
+
+		if ( lud->lud_dn == NULL || lud->lud_dn[ 0 ] == '\0' ) {
+			if ( scope == LDAP_SCOPE_BASE ) {
+				BER_BVZERO( &ndn );
+
+			} else {
+				ber_str2bv( "", 0, 1, &ndn );
+			}
+
+		} else {
+
+			ber_str2bv( lud->lud_dn, 0, 0, &dn );
+			rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
+		}
+
+		ldap_free_urldesc( lud );
+		if ( rc != LDAP_SUCCESS ) {
+			return -1;
+		}
+
+		if ( BER_BVISNULL( &ndn ) ) {
+			/* rootDSE */
+			if ( ao != NULL ) {
+				ch_free( ao->ao_ndn.bv_val );
+				ch_free( ao );
+				on->on_bi.bi_private = NULL;
+			}
+
+		} else {
+			if ( ao == NULL ) {
+				ao = ch_calloc( 1, sizeof( allop_t ) );
+				on->on_bi.bi_private = (void *)ao;
+
+			} else {
+				ch_free( ao->ao_ndn.bv_val );
+			}
+
+			ao->ao_ndn = ndn;
+			ao->ao_scope = scope;
+		}
+
+	} else {
+		return SLAP_CONF_UNKNOWN;
+	}
+
+	return 0;
+}
+
+static int
+allop_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	allop_t		*ao = (allop_t *)on->on_bi.bi_private;
+
+	if ( ao != NULL ) {
+		assert( !BER_BVISNULL( &ao->ao_ndn ) );
+
+		ch_free( ao->ao_ndn.bv_val );
+		ch_free( ao );
+		on->on_bi.bi_private = NULL;
+	}
+
+	return 0;
+}
+
+static int
+allop_op_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	allop_t		*ao = (allop_t *)on->on_bi.bi_private;
+
+	slap_mask_t	mask;
+	int		i,
+			add_allUser = 0;
+
+	if ( ao == NULL ) {
+		if ( !BER_BVISEMPTY( &op->o_req_ndn )
+			|| op->ors_scope != LDAP_SCOPE_BASE )
+		{
+			return SLAP_CB_CONTINUE;
+		}
+
+	} else {
+		if ( !dnIsSuffix( &op->o_req_ndn, &ao->ao_ndn ) ) {
+			return SLAP_CB_CONTINUE;
+		}
+
+		switch ( ao->ao_scope ) {
+		case LDAP_SCOPE_BASE:
+			if ( op->o_req_ndn.bv_len != ao->ao_ndn.bv_len ) {
+				return SLAP_CB_CONTINUE;
+			}
+			break;
+
+		case LDAP_SCOPE_ONELEVEL:
+			if ( op->ors_scope == LDAP_SCOPE_BASE ) {
+				struct berval	rdn = op->o_req_ndn;
+
+				rdn.bv_len -= ao->ao_ndn.bv_len + STRLENOF( "," );
+				if ( !dnIsOneLevelRDN( &rdn ) ) {
+					return SLAP_CB_CONTINUE;
+				}
+
+				break;
+			}
+			return SLAP_CB_CONTINUE;
+
+		case LDAP_SCOPE_SUBTREE:
+			break;
+		}
+	}
+
+	mask = slap_attr_flags( op->ors_attrs );
+	if ( SLAP_OPATTRS( mask ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	if ( !SLAP_USERATTRS( mask ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	i = 0;
+	if ( op->ors_attrs == NULL ) {
+		add_allUser = 1;
+
+	} else {
+		for ( ; !BER_BVISNULL( &op->ors_attrs[ i ].an_name ); i++ )
+			;
+	}
+
+	op->ors_attrs = op->o_tmprealloc( op->ors_attrs,
+		sizeof( AttributeName ) * ( i + add_allUser + 2 ),
+		op->o_tmpmemctx );
+
+	if ( add_allUser ) {
+		op->ors_attrs[ i ] = slap_anlist_all_user_attributes[ 0 ];
+		i++;
+	}
+
+	op->ors_attrs[ i ] = slap_anlist_all_operational_attributes[ 0 ];
+
+	BER_BVZERO( &op->ors_attrs[ i + 1 ].an_name );
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst 		allop;
+
+int
+allop_init()
+{
+	allop.on_bi.bi_type = "allop";
+
+	allop.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	allop.on_bi.bi_db_config = allop_db_config;
+	allop.on_bi.bi_db_destroy = allop_db_destroy;
+
+	allop.on_bi.bi_op_search = allop_op_search;
+
+	return overlay_register( &allop );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return allop_init();
+}
+
diff --git a/contrib/slapd-modules/allop/slapo-allop.5 b/contrib/slapd-modules/allop/slapo-allop.5
new file mode 100644
index 0000000..9e7fdc9
--- /dev/null
+++ b/contrib/slapd-modules/allop/slapo-allop.5
@@ -0,0 +1,63 @@
+.TH SLAPO-ALLOP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2005-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-allop \- All Operational Attributes overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The All Operational Attributes overlay is designed to allow slapd to
+interoperate with dumb clients that expect all attributes, including
+operational ones, to be returned when "*" or an empty attribute list
+is requested, as opposed to RFC2251 and RFC3673.
+.SH CONFIGURATION
+These
+.B slapd.conf
+options apply to the All Operational overlay.
+They should appear after the
+.B overlay
+directive and before any subsequent
+.B database
+directive.
+.TP
+.B allop-URI <ldapURI>
+Specify the base and the scope of search operations that trigger the overlay.
+By default, it is "ldap:///??base", i.e. it only applies to the rootDSE.
+This requires the overlay to be instantiated as global.
+
+.SH EXAMPLES
+.LP
+default behavior: only affects requests to the rootDSE
+.nf
+        # global
+        overlay         allop
+.fi
+.LP
+affects all requests
+.nf
+        # global
+        overlay         allop
+        allop-URI       "ldap:///??sub"
+.fi
+.LP
+affects only requests directed to the suffix of a database
+.nf
+        # per database
+        database        mdb
+        suffix          "dc=example,dc=com"
+        # database specific directives ...
+        overlay         allop
+        allop-URI       "ldap:///dc=example,dc=com??base"
+.fi
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2005 by Pierangelo Masarati for SysNet s.n.c.
diff --git a/contrib/slapd-modules/allowed/Makefile b/contrib/slapd-modules/allowed/Makefile
new file mode 100644
index 0000000..32cb432
--- /dev/null
+++ b/contrib/slapd-modules/allowed/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_ALLOWED=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = allowed.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+allowed.la: allowed.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/allowed/README b/contrib/slapd-modules/allowed/README
new file mode 100644
index 0000000..a1267cf
--- /dev/null
+++ b/contrib/slapd-modules/allowed/README
@@ -0,0 +1,73 @@
+This directory contains a slapd overlay, "allowed".
+
+    --- o --- o --- o ---
+
+It adds to entries returned by search operations the value of attributes
+
+"allowedAttributes"
+	<http://msdn.microsoft.com/en-us/library/ms675217(VS.85).aspx>
+
+"allowedAttributesEffective"
+	<http://msdn.microsoft.com/en-us/library/ms675218(VS.85).aspx>
+
+"allowedChildClasses"
+	<http://msdn.microsoft.com/en-us/library/ms675219(VS.85).aspx>
+
+"allowedChildClassesEffective"
+	<http://msdn.microsoft.com/en-us/library/ms675220(VS.85).aspx>
+
+No other use is made of those attributes: they cannot be compared,
+they cannot be used in search filters, they cannot be used in ACLs, ...
+
+    --- o --- o --- o ---
+
+Usage: add to slapd.conf(5)
+
+
+moduleload	path/to/allowed.so
+overlay		allowed
+
+or add
+
+dn: olcOverlay={0}allowed,olcDatabase={1}bdb,cn=config
+objectClass: olcOverlayConfig
+olcOverlay: {0}allowed
+
+as a child of the database that's intended to support this feature
+(replace "olcDatabase={1}bdb,cn=config" with the appropriate parent);
+or use
+
+dn: olcOverlay={0}allowed,olcDatabase={-1}frontend,cn=config
+objectClass: olcOverlayConfig
+olcOverlay: {0}allowed
+
+if it's supposed to be global.
+
+    --- o --- o --- o ---
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -I../../../servers/slapd -Wall -g \
+	-o allowed.so allowed.c
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2006-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+ACKNOWLEDGEMENTS:
+This work was initially developed by Pierangelo Masarati for inclusion in
+OpenLDAP Software.
+
diff --git a/contrib/slapd-modules/allowed/allowed.c b/contrib/slapd-modules/allowed/allowed.c
new file mode 100644
index 0000000..26e3106
--- /dev/null
+++ b/contrib/slapd-modules/allowed/allowed.c
@@ -0,0 +1,504 @@
+/* allowed.c - add allowed attributes based on ACL */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2006-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+/*
+ * Rationale: return in allowedAttributes the attributes required/allowed
+ * by the objectClasses that are currently present in an object; return
+ * in allowedAttributesEffective the subset of the above that can be written
+ * by the identity that performs the search.
+ *
+ * Caveats:
+ * - right now, the overlay assumes that all values of the objectClass
+ *   attribute will be returned in rs->sr_entry; this may not be true
+ *   in general, but it usually is for back-mdb.  To generalize,
+ *   the search request should be analyzed, and if allowedAttributes or
+ *   allowedAttributesEffective are requested, add objectClass to the
+ *   requested attributes
+ * - it assumes that there is no difference between write-add and 
+ *   write-delete
+ * - it assumes that access rules do not depend on the values of the 
+ *   attributes or on the contents of the entry (attr/val, filter, ...)
+ *   allowedAttributes and allowedAttributesEffective cannot be used
+ *   in filters or in compare
+ */
+
+#include "portable.h"
+
+/* define SLAPD_OVER_ALLOWED=2 to build as run-time loadable module */
+#ifdef SLAPD_OVER_ALLOWED
+
+#include "slap.h"
+
+/*
+ * NOTE: part of the schema definition reported below is taken
+ * from Microsoft schema definitions (OID, NAME, SYNTAX);
+ *
+ * EQUALITY is taken from
+ * <http://www.redhat.com/archives/fedora-directory-devel/2006-August/msg00007.html>
+ * (posted by Andrew Bartlett)
+ *
+ * The rest is guessed.  Specifically
+ *
+ * DESC briefly describes the purpose
+ *
+ * NO-USER-MODIFICATION is added to make attributes operational
+ *
+ * USAGE is set to "dSAOperation" as per ITS#7493,
+ * to prevent replication, since this information
+ * is generated (based on ACL and identity of request)
+ * and not stored.
+ */
+
+#define AA_SCHEMA_AT "1.2.840.113556.1.4"
+
+static AttributeDescription
+		*ad_allowedChildClasses,
+		*ad_allowedChildClassesEffective,
+		*ad_allowedAttributes,
+		*ad_allowedAttributesEffective;
+
+static struct {
+	char *at;
+	AttributeDescription **ad;
+} aa_attrs[] = {
+	{ "( " AA_SCHEMA_AT ".911 "
+		"NAME 'allowedChildClasses' "
+		"EQUALITY objectIdentifierMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+		/* added by me :) */
+		"DESC 'Child classes allowed for a given object' "
+		"NO-USER-MODIFICATION "
+		"USAGE dSAOperation )", &ad_allowedChildClasses },
+	{ "( " AA_SCHEMA_AT ".912 "
+		"NAME 'allowedChildClassesEffective' "
+		"EQUALITY objectIdentifierMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+		/* added by me :) */
+		"DESC 'Child classes allowed for a given object according to ACLs' "
+		"NO-USER-MODIFICATION "
+		"USAGE dSAOperation )", &ad_allowedChildClassesEffective },
+	{ "( " AA_SCHEMA_AT ".913 "
+		"NAME 'allowedAttributes' "
+		"EQUALITY objectIdentifierMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+		/* added by me :) */
+		"DESC 'Attributes allowed for a given object' "
+		"NO-USER-MODIFICATION "
+		"USAGE dSAOperation )", &ad_allowedAttributes },
+	{ "( " AA_SCHEMA_AT ".914 "
+		"NAME 'allowedAttributesEffective' "
+		"EQUALITY objectIdentifierMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
+		/* added by me :) */
+		"DESC 'Attributes allowed for a given object according to ACLs' "
+		"NO-USER-MODIFICATION "
+		"USAGE dSAOperation )", &ad_allowedAttributesEffective },
+
+	/* TODO: add objectClass stuff? */
+
+	{ NULL, NULL }
+};
+
+static int
+aa_add_at( AttributeType *at, AttributeType ***atpp )
+{
+	int		i = 0;
+
+	if ( *atpp ) {
+		for ( i = 0; (*atpp)[ i ] != NULL; i++ ) {
+			if ( (*atpp)[ i ] == at ) {
+				break;
+			}
+		}
+	
+		if ( (*atpp)[ i ] != NULL ) {
+			return 0;
+		}
+	}
+
+	*atpp = ch_realloc( *atpp, sizeof( AttributeType * ) * ( i + 2 ) );
+	(*atpp)[ i ] = at;
+	(*atpp)[ i + 1 ] = NULL;
+
+	return 0;
+}
+
+static int
+aa_add_oc( ObjectClass *oc, ObjectClass ***ocpp, AttributeType ***atpp )
+{
+	int		i = 0;
+
+	if ( *ocpp ) {
+		for ( ; (*ocpp)[ i ] != NULL; i++ ) {
+			if ( (*ocpp)[ i ] == oc ) {
+				break;
+			}
+		}
+
+		if ( (*ocpp)[ i ] != NULL ) {
+			return 0;
+		}
+	}
+
+	*ocpp = ch_realloc( *ocpp, sizeof( ObjectClass * ) * ( i + 2 ) );
+	(*ocpp)[ i ] = oc;
+	(*ocpp)[ i + 1 ] = NULL;
+
+	if ( oc->soc_required ) {
+		int		i;
+
+		for ( i = 0; oc->soc_required[ i ] != NULL; i++ ) {
+			aa_add_at( oc->soc_required[ i ], atpp );
+		}
+	}
+
+	if ( oc->soc_allowed ) {
+		int		i;
+
+		for ( i = 0; oc->soc_allowed[ i ] != NULL; i++ ) {
+			aa_add_at( oc->soc_allowed[ i ], atpp );
+		}
+	}
+
+	return 0;
+}
+
+static int
+aa_operational( Operation *op, SlapReply *rs )
+{
+	Attribute		*a, **ap;
+	AccessControlState	acl_state = ACL_STATE_INIT;
+	struct berval		*v;
+	AttributeType		**atp = NULL;
+	ObjectClass		**ocp = NULL;
+
+#define	GOT_NONE	(0x0U)
+#define	GOT_C		(0x1U)
+#define	GOT_CE		(0x2U)
+#define	GOT_A		(0x4U)
+#define	GOT_AE		(0x8U)
+#define	GOT_ALL		(GOT_C|GOT_CE|GOT_A|GOT_AE)
+	int		got = GOT_NONE;
+
+	/* only add if requested */
+	if ( SLAP_OPATTRS( rs->sr_attr_flags ) ) {
+		got = GOT_ALL;
+
+	} else {
+		if ( ad_inlist( ad_allowedChildClasses, rs->sr_attrs ) ) {
+			got |= GOT_C;
+		}
+
+		if ( ad_inlist( ad_allowedChildClassesEffective, rs->sr_attrs ) ) {
+			got |= GOT_CE;
+		}
+
+		if ( ad_inlist( ad_allowedAttributes, rs->sr_attrs ) ) {
+			got |= GOT_A;
+		}
+
+		if ( ad_inlist( ad_allowedAttributesEffective, rs->sr_attrs ) ) {
+			got |= GOT_AE;
+		}
+	}
+
+	if ( got == GOT_NONE ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* shouldn't be called without an entry; please check */
+	assert( rs->sr_entry != NULL );
+
+	for ( ap = &rs->sr_operational_attrs; *ap != NULL; ap = &(*ap)->a_next )
+		/* go to last */ ;
+
+	/* see caveats; this is not guaranteed for all backends */
+	a = attr_find( rs->sr_entry->e_attrs, slap_schema.si_ad_objectClass );
+	if ( a == NULL ) {
+		goto do_oc;
+	}
+
+	/* if client has no access to objectClass attribute; don't compute */
+	if ( !access_allowed( op, rs->sr_entry, slap_schema.si_ad_objectClass,
+				NULL, ACL_READ, &acl_state ) )
+	{
+		return SLAP_CB_CONTINUE;
+	}
+
+	for ( v = a->a_nvals; !BER_BVISNULL( v ); v++ ) {
+		ObjectClass	*oc = oc_bvfind( v );
+
+		assert( oc != NULL );
+
+		/* if client has no access to specific value, don't compute */
+		if ( !access_allowed( op, rs->sr_entry,
+			slap_schema.si_ad_objectClass,
+			&oc->soc_cname, ACL_READ, &acl_state ) )
+		{
+			continue;
+		}
+
+		aa_add_oc( oc, &ocp, &atp );
+
+		if ( oc->soc_sups ) {
+			int i;
+
+			for ( i = 0; oc->soc_sups[ i ] != NULL; i++ ) {
+				aa_add_oc( oc->soc_sups[ i ], &ocp, &atp );
+			}
+		}
+	}
+
+	ch_free( ocp );
+
+	if ( atp != NULL ) {
+		BerVarray	bv_allowed = NULL,
+				bv_effective = NULL;
+		int		i, ja = 0, je = 0;
+
+		for ( i = 0; atp[ i ] != NULL; i++ )
+			/* just count */ ;
+	
+		if ( got & GOT_A ) {
+			bv_allowed = ch_calloc( i + 1,  sizeof( struct berval ) );
+		}
+		if ( got & GOT_AE ) {
+			bv_effective = ch_calloc( i + 1, sizeof( struct berval ) );
+		}
+
+		for ( i = 0, ja = 0, je = 0; atp[ i ] != NULL; i++ ) {
+			if ( got & GOT_A ) {
+				ber_dupbv( &bv_allowed[ ja ], &atp[ i ]->sat_cname );
+				ja++;
+			}
+
+			if ( got & GOT_AE ) {
+				AttributeDescription	*ad = NULL;
+				const char		*text = NULL;
+	
+				if ( slap_bv2ad( &atp[ i ]->sat_cname, &ad, &text ) ) {
+					/* log? */
+					continue;
+				}
+
+				if ( access_allowed( op, rs->sr_entry,
+					ad, NULL, ACL_WRITE, NULL ) )
+				{
+					ber_dupbv( &bv_effective[ je ], &atp[ i ]->sat_cname );
+					je++;
+				}
+			}
+		}
+
+		ch_free( atp );
+
+		if ( ( got & GOT_A ) && ja > 0 ) {
+			*ap = attr_alloc( ad_allowedAttributes );
+			(*ap)->a_vals = bv_allowed;
+			(*ap)->a_nvals = bv_allowed;
+			(*ap)->a_numvals = ja;
+			ap = &(*ap)->a_next;
+		}
+
+		if ( ( got & GOT_AE ) && je > 0 ) {
+			*ap = attr_alloc( ad_allowedAttributesEffective );
+			(*ap)->a_vals = bv_effective;
+			(*ap)->a_nvals = bv_effective;
+			(*ap)->a_numvals = je;
+			ap = &(*ap)->a_next;
+		}
+
+		*ap = NULL;
+	}
+
+do_oc:;
+	if ( ( got & GOT_C ) || ( got & GOT_CE ) ) {
+		BerVarray	bv_allowed = NULL,
+				bv_effective = NULL;
+		int		i, ja = 0, je = 0;
+
+		ObjectClass	*oc;
+
+		for ( i = 0, oc_start( &oc ); oc != NULL; oc_next( &oc ) ) {
+			/* we can only add AUXILIARY objectClasses */
+			if ( oc->soc_kind != LDAP_SCHEMA_AUXILIARY ) {
+				continue;
+			}
+
+			i++;
+		}
+
+		if ( got & GOT_C ) {
+			bv_allowed = ch_calloc( i + 1,  sizeof( struct berval ) );
+		}
+		if ( got & GOT_CE ) {
+			bv_effective = ch_calloc( i + 1, sizeof( struct berval ) );
+		}
+
+		for ( oc_start( &oc ); oc != NULL; oc_next( &oc ) ) {
+			/* we can only add AUXILIARY objectClasses */
+			if ( oc->soc_kind != LDAP_SCHEMA_AUXILIARY ) {
+				continue;
+			}
+
+			if ( got & GOT_C ) {
+				ber_dupbv( &bv_allowed[ ja ], &oc->soc_cname );
+				ja++;
+			}
+
+			if ( got & GOT_CE ) {
+				if ( !access_allowed( op, rs->sr_entry,
+					slap_schema.si_ad_objectClass,
+					&oc->soc_cname, ACL_WRITE, NULL ) )
+				{
+					goto done_ce;
+				}
+
+				if ( oc->soc_required ) {
+					for ( i = 0; oc->soc_required[ i ] != NULL; i++ ) {
+						AttributeDescription	*ad = NULL;
+						const char		*text = NULL;
+	
+						if ( slap_bv2ad( &oc->soc_required[ i ]->sat_cname, &ad, &text ) ) {
+							/* log? */
+							continue;
+						}
+
+						if ( !access_allowed( op, rs->sr_entry,
+							ad, NULL, ACL_WRITE, NULL ) )
+						{
+							goto done_ce;
+						}
+					}
+				}
+
+				ber_dupbv( &bv_effective[ je ], &oc->soc_cname );
+				je++;
+			}
+done_ce:;
+		}
+
+		if ( ( got & GOT_C ) && ja > 0 ) {
+			*ap = attr_alloc( ad_allowedChildClasses );
+			(*ap)->a_vals = bv_allowed;
+			(*ap)->a_nvals = bv_allowed;
+			(*ap)->a_numvals = ja;
+			ap = &(*ap)->a_next;
+		}
+
+		if ( ( got & GOT_CE ) && je > 0 ) {
+			*ap = attr_alloc( ad_allowedChildClassesEffective );
+			(*ap)->a_vals = bv_effective;
+			(*ap)->a_nvals = bv_effective;
+			(*ap)->a_numvals = je;
+			ap = &(*ap)->a_next;
+		}
+
+		*ap = NULL;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst aa;
+
+#if LDAP_VENDOR_VERSION_MINOR != X && LDAP_VENDOR_VERSION_MINOR <= 3
+/* backport register_at() from HEAD, to allow building with OL <= 2.3 */
+static int
+register_at( char *def, AttributeDescription **rad, int dupok )
+{
+	LDAPAttributeType *at;
+	int code, freeit = 0;
+	const char *err;
+	AttributeDescription *ad = NULL;
+
+	at = ldap_str2attributetype( def, &code, &err, LDAP_SCHEMA_ALLOW_ALL );
+	if ( !at ) {
+		Debug( LDAP_DEBUG_ANY,
+			"register_at: AttributeType \"%s\": %s, %s\n",
+				def, ldap_scherr2str(code), err );
+		return code;
+	}
+
+	code = at_add( at, 0, NULL, &err );
+	if ( code ) {
+		if ( code == SLAP_SCHERR_ATTR_DUP && dupok ) {
+			freeit = 1;
+
+		} else {
+			ldap_attributetype_free( at );
+			Debug( LDAP_DEBUG_ANY,
+				"register_at: AttributeType \"%s\": %s, %s\n",
+				def, scherr2str(code), err );
+			return code;
+		}
+	}
+	code = slap_str2ad( at->at_names[0], &ad, &err );
+	if ( freeit || code ) {
+		ldap_attributetype_free( at );
+	} else {
+		ldap_memfree( at );
+	}
+	if ( code ) {
+		Debug( LDAP_DEBUG_ANY, "register_at: AttributeType \"%s\": %s\n",
+			def, err );
+	}
+	if ( rad ) *rad = ad;
+	return code;
+}
+#endif
+
+#if SLAPD_OVER_ALLOWED == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_ALLOWED == SLAPD_MOD_DYNAMIC */
+int
+aa_initialize( void )
+{
+	int i;
+
+	aa.on_bi.bi_type = "allowed";
+
+	aa.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	aa.on_bi.bi_operational = aa_operational;
+
+	/* aa schema integration */
+	for ( i = 0; aa_attrs[i].at; i++ ) {
+		int code;
+
+		code = register_at( aa_attrs[i].at, aa_attrs[i].ad, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"aa_initialize: register_at failed\n" );
+			return -1;
+		}
+	}
+
+	return overlay_register( &aa );
+}
+
+#if SLAPD_OVER_ALLOWED == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return aa_initialize();
+}
+#endif /* SLAPD_OVER_ALLOWED == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_ALLOWED */
diff --git a/contrib/slapd-modules/authzid/Makefile b/contrib/slapd-modules/authzid/Makefile
new file mode 100644
index 0000000..ef9c4bc
--- /dev/null
+++ b/contrib/slapd-modules/authzid/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = authzid.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+authzid.la: authzid.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/authzid/authzid.c b/contrib/slapd-modules/authzid/authzid.c
new file mode 100644
index 0000000..37264bf
--- /dev/null
+++ b/contrib/slapd-modules/authzid/authzid.c
@@ -0,0 +1,390 @@
+/* authzid.c - RFC 3829 Authzid Control */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2010-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+/*
+ * RFC 3829 Authzid
+ *
+ * must be instantiated as a global overlay
+ */
+
+#include "portable.h"
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+#include "ac/string.h"
+
+typedef struct authzid_conn_t {
+	Connection *conn;
+	int refcnt;
+	char authzid_flag;
+} authzid_conn_t;
+
+static ldap_pvt_thread_mutex_t authzid_mutex;
+static Avlnode *authzid_tree;
+
+static int
+authzid_conn_cmp( const void *c1, const void *c2 )
+{
+	const authzid_conn_t *ac1 = (const authzid_conn_t *)c1;
+	const authzid_conn_t *ac2 = (const authzid_conn_t *)c2;
+
+	return SLAP_PTRCMP( ac1->conn, ac2->conn );
+}
+
+static int
+authzid_conn_dup( void *c1, void *c2 )
+{
+	authzid_conn_t *ac1 = (authzid_conn_t *)c1;
+	authzid_conn_t *ac2 = (authzid_conn_t *)c2;
+
+	if ( ac1->conn == ac2->conn ) {
+		return -1;
+	}
+
+	return 0;
+}
+
+static int authzid_cid;
+static slap_overinst authzid;
+
+static authzid_conn_t *
+authzid_conn_find( Connection *c )
+{
+	authzid_conn_t *ac = NULL, tmp = { 0 };
+
+	tmp.conn = c;
+	ac = (authzid_conn_t *)ldap_avl_find( authzid_tree, (caddr_t)&tmp, authzid_conn_cmp );
+	if ( ac == NULL || ( ac != NULL && ac->refcnt != 0 ) ) {
+		ac = NULL;
+	}
+	if ( ac ) {
+		ac->refcnt++;
+	}
+
+	return ac;
+}
+
+static authzid_conn_t *
+authzid_conn_get( Connection *c )
+{
+	authzid_conn_t *ac = NULL;
+
+	ldap_pvt_thread_mutex_lock( &authzid_mutex );
+	ac = authzid_conn_find( c );
+	if ( ac && ac->refcnt ) ac = NULL;
+	if ( ac ) ac->refcnt++;
+	ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+
+	return ac;
+}
+
+static void
+authzid_conn_release( authzid_conn_t *ac )
+{
+	ldap_pvt_thread_mutex_lock( &authzid_mutex );
+	ac->refcnt--;
+	ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+}
+
+static int
+authzid_conn_insert( Connection *c, char flag )
+{
+	authzid_conn_t *ac;
+	int rc;
+
+	ldap_pvt_thread_mutex_lock( &authzid_mutex );
+	ac = authzid_conn_find( c );
+	if ( ac ) {
+		ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+		return -1;
+	}
+
+	ac = ch_malloc( sizeof( authzid_conn_t ) );
+	ac->conn = c;
+	ac->refcnt = 0;
+	ac->authzid_flag = flag;
+	rc = ldap_avl_insert( &authzid_tree, (caddr_t)ac,
+		authzid_conn_cmp, authzid_conn_dup );
+	ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+
+	return rc;
+}
+
+static int
+authzid_conn_remove( Connection *c )
+{
+	authzid_conn_t *ac, *tmp;
+
+	ldap_pvt_thread_mutex_lock( &authzid_mutex );
+	ac = authzid_conn_find( c );
+	if ( !ac ) {
+		ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+		return -1;
+	}
+	tmp = ldap_avl_delete( &authzid_tree, (caddr_t)ac, authzid_conn_cmp );
+	ldap_pvt_thread_mutex_unlock( &authzid_mutex );
+
+	assert( tmp == ac );
+	ch_free( ac );
+
+	return 0;
+}
+
+static int
+authzid_response(
+	Operation *op,
+	SlapReply *rs )
+{
+	LDAPControl **ctrls;
+	struct berval edn = BER_BVNULL;
+	ber_len_t len = 0;
+	int n = 0;
+
+	assert( rs->sr_tag = LDAP_RES_BIND );
+
+	if ( rs->sr_err == LDAP_SASL_BIND_IN_PROGRESS ) {
+		authzid_conn_t *ac = op->o_controls[ authzid_cid ];
+		if ( ac ) {
+			authzid_conn_release( ac );
+		} else {
+			(void)authzid_conn_insert( op->o_conn, op->o_ctrlflag[ authzid_cid ] );
+		}
+		return SLAP_CB_CONTINUE;
+	}
+
+	(void)authzid_conn_remove( op->o_conn );
+
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	if ( !BER_BVISEMPTY( &op->orb_edn ) ) {
+		edn = op->orb_edn;
+
+	} else if ( !BER_BVISEMPTY( &op->o_conn->c_dn ) ) {
+		edn = op->o_conn->c_dn;
+	}
+
+	if ( !BER_BVISEMPTY( &edn ) ) {
+		ber_tag_t save_tag = op->o_tag;
+		struct berval save_dn = op->o_dn;
+		struct berval save_ndn = op->o_ndn;
+		int rc;
+
+		/* pretend it's an extop without data,
+		 * so it is treated as a generic write
+		 */
+		op->o_tag = LDAP_REQ_EXTENDED;
+		op->o_dn = edn;
+		op->o_ndn = edn;
+		rc = backend_check_restrictions( op, rs, NULL );
+		op->o_tag = save_tag;
+		op->o_dn = save_dn;
+		op->o_ndn = save_ndn;
+		if ( rc != LDAP_SUCCESS ) {
+			rs->sr_err = LDAP_CONFIDENTIALITY_REQUIRED;
+			return SLAP_CB_CONTINUE;
+		}
+
+		len = STRLENOF("dn:") + edn.bv_len;
+	}
+
+	/* save original controls in sc_private;
+	 * will be restored by sc_cleanup
+	 */
+	if ( rs->sr_ctrls != NULL ) {
+		op->o_callback->sc_private = rs->sr_ctrls;
+		for ( ; rs->sr_ctrls[n] != NULL; n++ )
+			;
+	}
+
+	ctrls = op->o_tmpalloc( sizeof( LDAPControl * )*( n + 2 ), op->o_tmpmemctx );
+	n = 0;
+	if ( rs->sr_ctrls ) {
+		for ( ; rs->sr_ctrls[n] != NULL; n++ ) {
+			ctrls[n] = rs->sr_ctrls[n];
+		}
+	}
+
+	/* anonymous: "", otherwise "dn:<dn>" */
+	ctrls[n] = op->o_tmpalloc( sizeof( LDAPControl ) + len + 1, op->o_tmpmemctx );
+	ctrls[n]->ldctl_oid = LDAP_CONTROL_AUTHZID_RESPONSE;
+	ctrls[n]->ldctl_iscritical = 0;
+	ctrls[n]->ldctl_value.bv_len = len;
+	ctrls[n]->ldctl_value.bv_val = (char *)&ctrls[n][1];
+	if ( len ) {
+		char *ptr;
+
+		ptr = lutil_strcopy( ctrls[n]->ldctl_value.bv_val, "dn:" );
+		ptr = lutil_strncopy( ptr, edn.bv_val, edn.bv_len );
+	}
+	ctrls[n]->ldctl_value.bv_val[len] = '\0';
+	ctrls[n + 1] = NULL;
+
+	rs->sr_ctrls = ctrls;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+authzid_cleanup(
+	Operation *op,
+	SlapReply *rs )
+{
+	if ( rs->sr_ctrls ) {
+		LDAPControl *ctrl;
+
+		/* if ours, cleanup */
+		ctrl = ldap_control_find( LDAP_CONTROL_AUTHZID_RESPONSE, rs->sr_ctrls, NULL );
+		if ( ctrl ) {
+			op->o_tmpfree( rs->sr_ctrls, op->o_tmpmemctx );
+			rs->sr_ctrls = NULL;
+		}
+
+		if ( op->o_callback->sc_private != NULL ) {
+			rs->sr_ctrls = (LDAPControl **)op->o_callback->sc_private;
+			op->o_callback->sc_private = NULL;
+		}
+	}
+
+	op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+	op->o_callback = NULL;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+authzid_op_bind(
+	Operation *op,
+	SlapReply *rs )
+{
+	slap_callback *sc;
+
+	if ( op->o_ctrlflag[ authzid_cid ] <= SLAP_CONTROL_IGNORED ) {
+		authzid_conn_t *ac = authzid_conn_get( op->o_conn );
+		if ( ac ) {
+			op->o_ctrlflag[ authzid_cid ] = ac->authzid_flag;
+			op->o_controls[ authzid_cid] = ac;
+		}
+	}
+
+	if ( op->o_ctrlflag[ authzid_cid ] > SLAP_CONTROL_IGNORED ) {
+		sc = op->o_callback;
+		op->o_callback = op->o_tmpalloc( sizeof( slap_callback ), op->o_tmpmemctx );
+		op->o_callback->sc_response = authzid_response;
+		op->o_callback->sc_cleanup = authzid_cleanup;
+		op->o_callback->sc_private = NULL;
+		op->o_callback->sc_writewait = NULL;
+		op->o_callback->sc_next = sc;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+parse_authzid_ctrl(
+	Operation	*op,
+	SlapReply	*rs,
+	LDAPControl	*ctrl )
+{
+	if ( op->o_ctrlflag[ authzid_cid ] != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "authzid control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "authzid control value not absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	/* drop ongoing requests */
+	(void)authzid_conn_remove( op->o_conn );
+
+	op->o_ctrlflag[ authzid_cid ] = ctrl->ldctl_iscritical ?  SLAP_CONTROL_CRITICAL : SLAP_CONTROL_NONCRITICAL;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+authzid_db_init( BackendDB *be, ConfigReply *cr )
+{
+	if ( !SLAP_ISGLOBALOVERLAY( be ) ) {
+		/* do not allow slapo-ppolicy to be global by now (ITS#5858) */
+		if ( cr ) {
+			snprintf( cr->msg, sizeof(cr->msg), 
+				"slapo-authzid must be global" );
+			Debug( LDAP_DEBUG_ANY, "%s\n", cr->msg );
+		}
+		return 1;
+	}
+		
+	int rc;
+
+	rc = register_supported_control( LDAP_CONTROL_AUTHZID_REQUEST,
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_BIND|SLAP_CTRL_HIDE, NULL,
+		parse_authzid_ctrl, &authzid_cid );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY,
+			"authzid_initialize: Failed to register control '%s' (%d)\n",
+			LDAP_CONTROL_AUTHZID_REQUEST, rc );
+		return rc;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Almost pointless, by now, since this overlay needs to be global,
+ * and global overlays deletion is not supported yet.
+ */
+static int
+authzid_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+#ifdef SLAP_CONFIG_DELETE
+	overlay_unregister_control( be, LDAP_CONTROL_AUTHZID_REQUEST );
+#endif /* SLAP_CONFIG_DELETE */
+
+	unregister_supported_control( LDAP_CONTROL_AUTHZID_REQUEST );
+
+	return 0;
+}
+
+static int
+authzid_initialize( void )
+{
+	ldap_pvt_thread_mutex_init( &authzid_mutex );
+
+	authzid.on_bi.bi_type = "authzid";
+
+	authzid.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	authzid.on_bi.bi_db_init = authzid_db_init;
+	authzid.on_bi.bi_db_destroy = authzid_db_destroy;
+	authzid.on_bi.bi_op_bind = authzid_op_bind;
+
+	return overlay_register( &authzid );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return authzid_initialize();
+}
+
diff --git a/contrib/slapd-modules/autogroup/Makefile b/contrib/slapd-modules/autogroup/Makefile
new file mode 100644
index 0000000..7dd6613
--- /dev/null
+++ b/contrib/slapd-modules/autogroup/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = autogroup.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+autogroup.la: autogroup.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/autogroup/README b/contrib/slapd-modules/autogroup/README
new file mode 100644
index 0000000..b68dd75
--- /dev/null
+++ b/contrib/slapd-modules/autogroup/README
@@ -0,0 +1,120 @@
+autogroup overlay Readme
+
+DESCRIPTION
+    The autogroup overlay allows automated updates of group memberships which
+    meet the requirements of any filter contained in the group definition.
+    The filters are built from LDAP URI-valued attributes. Any time an object
+    is added/deleted/updated, it is tested for compliance with the filters,
+    and its membership is accordingly updated. For searches and compares
+    it behaves like a static group.
+    If the attribute part of the URI is filled, the group entry is populated
+    by the values of this attribute in the entries resulting from the search.
+
+BUILDING
+    A Makefile is included.
+
+CONFIGURATION
+    # dyngroup.schema:
+        The dyngroup schema must be modified, adding the 'member' attribute
+        to the MAY clause of the groupOfURLs object class, i.e.:
+
+        objectClass ( NetscapeLDAPobjectClass:33
+        NAME 'groupOfURLs'
+        SUP top STRUCTURAL
+        MUST cn
+        MAY ( memberURL $ businessCategory $ description $ o $ ou $
+                owner $ seeAlso $ member) )
+
+
+    # slapd.conf:
+
+    moduleload /path/to/autogroup.so
+        Loads the overlay (OpenLDAP must be built with --enable-modules).
+
+    overlay autogroup
+        This directive adds the autogroup overlay to the current database.
+
+    autogroup-attrset <group-oc> <URL-ad> <member-ad>
+        This configuration option is defined for the autogroup overlay.
+        It may have multiple occurrences, and it must appear after the
+        overlay directive.
+
+        The value <group-oc> is the name of the objectClass that represents 
+        the group.
+
+        The value <URL-ad> is the name of the attributeDescription that 
+        contains the URI that is converted to the filters. If no URI is 
+        present, there will be no members in that group. It must be a subtype
+        of labeledURI.
+
+        The value <member-ad> is the name of the attributeDescription that
+        specifies the member attribute. User modification of this attribute 
+        is disabled for consistency.
+
+    autogroup-memberof-ad <memberof-ad>
+        This configuration option is defined for the autogroup overlay.
+
+        It defines the attribute that is used by the memberOf overlay
+        to store the names of groups that an entry is member of; it must be
+        DN-valued. It should be set to the same value as
+        memberof-memberof-ad. It defaults to 'memberOf'.
+
+
+EXAMPLE
+    ### slapd.conf
+    include /path/to/dyngroup.schema
+    # ...
+    moduleload /path/to/autogroup.so
+    # ...
+
+    database <database>
+    # ...
+
+    overlay autogroup
+    autogroup-attrset groupOfURLs memberURL member
+    ### end slapd.conf
+
+    ### slapd.conf
+    include /path/to/dyngroup.schema
+    # ...
+    moduleload /path/to/autogroup.so
+    moduleload /path/to/memberof.so
+    # ...
+
+    database <database>
+    #...
+
+    overlay memberof
+    memberof-memberof-ad foo
+
+    overlay autogroup
+    autogroup-attrset groupOfURLs memberURL member
+    autogroup-memberof-ad foo
+    ### end slapd.conf
+
+CAVEATS
+    As with static groups, update operations on groups with a large number
+    of members may be slow.
+    If the attribute part of the URI is specified, modify and delete operations
+    are more difficult to handle. In these cases the overlay will try to detect
+    if groups have been modified and then simply refresh them. This can cause
+    performance hits if the search specified by the URI deals with a significant
+    number of entries.
+
+ACKNOWLEDGEMENTS
+    This module was originally written in 2007 by Michał Szulczyński. Further
+	enhancements were contributed by Howard Chu, Raphael Ouazana,
+	Norbert Pueschel, and Christian Manal.
+
+---
+Copyright 1998-2022 The OpenLDAP Foundation.
+Portions Copyright (C) 2007 Michał Szulczyński.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+http://www.OpenLDAP.org/license.html.
diff --git a/contrib/slapd-modules/autogroup/autogroup.c b/contrib/slapd-modules/autogroup/autogroup.c
new file mode 100644
index 0000000..cbcedfe
--- /dev/null
+++ b/contrib/slapd-modules/autogroup/autogroup.c
@@ -0,0 +1,2236 @@
+/* autogroup.c - automatic group overlay */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2007-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2007 Michał Szulczyński.
+ * Portions Copyright 2009 Howard Chu.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Michał Szulczyński for inclusion in
+ * OpenLDAP Software.  Additional significant contributors include:
+ *   Howard Chu
+ *   Raphael Ouazana
+ *   Norbert Pueschel
+ *   Christian Manal
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#ifndef SLAPD_MEMBEROF_ATTR
+#define	SLAPD_MEMBEROF_ATTR	"memberOf"
+#endif
+
+static slap_overinst	autogroup;
+
+/* Filter represents the memberURL of a group. */
+typedef struct autogroup_filter_t {
+	struct berval			agf_dn;	/* The base DN in memberURL */
+	struct berval			agf_ndn;
+	struct berval			agf_filterstr;
+	Filter				*agf_filter;
+	int				agf_scope;
+	AttributeName			*agf_anlist;
+	struct autogroup_filter_t	*agf_next;
+} autogroup_filter_t;
+
+/* Description of group attributes. */
+typedef struct autogroup_def_t {
+	ObjectClass		*agd_oc;
+	AttributeDescription	*agd_member_url_ad;
+	AttributeDescription	*agd_member_ad;
+	struct autogroup_def_t	*agd_next;
+} autogroup_def_t;
+
+/* Represents the group entry. */
+typedef struct autogroup_entry_t {
+	BerValue		age_dn;
+	BerValue		age_ndn;
+	autogroup_filter_t	*age_filter; /* List of filters made from memberURLs */
+	autogroup_def_t		*age_def; /* Attribute definition */
+	ldap_pvt_thread_mutex_t age_mutex;
+	int			age_mustrefresh; /* Defined in request to refresh in response */
+	int			age_modrdn_olddnmodified; /* Defined in request to refresh in response */
+	struct autogroup_entry_t	*age_next;
+} autogroup_entry_t;
+
+/* Holds pointers to attribute definitions and groups. */
+typedef struct autogroup_info_t {
+	autogroup_def_t		*agi_def;	/* Group attributes definitions. */
+	autogroup_entry_t	*agi_entry;	/* Group entries.  */
+	AttributeDescription	*agi_memberof_ad;	/* memberOf attribute description  */
+	ldap_pvt_thread_mutex_t agi_mutex;
+} autogroup_info_t;
+
+/* Search callback for adding groups initially. */
+typedef struct autogroup_sc_t {
+	autogroup_info_t		*ags_info;	/* Group definitions and entries.  */
+	autogroup_def_t		*ags_def;	/* Attributes definition of the group being added. */
+} autogroup_sc_t;
+
+/* Used for adding members, found when searching, to a group. */
+typedef struct autogroup_ga_t {
+	autogroup_entry_t	*agg_group;	/* The group to which the members will be added. */
+	autogroup_filter_t	*agg_filter;	/* Current filter */
+	Entry			*agg_entry;	/* Used in autogroup_member_search_cb to modify 
+						this entry with the search results. */
+
+	Modifications		*agg_mod;	/* Used in autogroup_member_search_modify_cb to hold the 
+						search results which will be added to the group. */
+
+	Modifications		*agg_mod_last; /* Used in autogroup_member_search_modify_cb so we don't 
+						have to search for the last mod added. */
+} autogroup_ga_t;
+
+
+/* 
+**	dn, ndn	- the DN of the member to add
+**	age	- the group to which the member DN will be added
+*/
+static int
+autogroup_add_member_to_group( Operation *op, BerValue *dn, BerValue *ndn, autogroup_entry_t *age )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	Modifications	*modlist = (Modifications *)ch_calloc( 1, sizeof( Modifications ) );
+	SlapReply	sreply = {REP_RESULT};
+	BerValue	*vals, *nvals;
+	slap_callback	cb = { NULL, slap_null_cb, NULL, NULL };
+	Operation	o = *op;
+	unsigned long opid = op->o_opid;
+	OpExtra oex;
+
+	assert( dn != NULL );
+	assert( ndn != NULL );
+	Debug(LDAP_DEBUG_TRACE, "==> autogroup_add_member_to_group adding <%s> to <%s>\n",
+		dn->bv_val, age->age_dn.bv_val );
+
+	vals = (BerValue *)ch_calloc( 2, sizeof( BerValue ) );
+	nvals = (BerValue *)ch_calloc( 2, sizeof( BerValue ) );
+	ber_dupbv( vals, dn );
+	BER_BVZERO( &vals[ 1 ] );
+	ber_dupbv( nvals, ndn );
+	BER_BVZERO( &nvals[ 1 ] );
+
+	modlist->sml_op = LDAP_MOD_ADD;
+	modlist->sml_desc = age->age_def->agd_member_ad;
+	modlist->sml_type = age->age_def->agd_member_ad->ad_cname;
+	modlist->sml_values = vals;
+	modlist->sml_nvalues = nvals;
+	modlist->sml_numvals = 1;
+	modlist->sml_flags = SLAP_MOD_INTERNAL;
+	modlist->sml_next = NULL;
+
+	o.o_opid = 0;	/* shared with op, saved above */
+	o.o_tag = LDAP_REQ_MODIFY;
+	o.o_callback = &cb;
+	o.orm_modlist = modlist;
+	o.o_dn = op->o_bd->be_rootdn;
+	o.o_ndn = op->o_bd->be_rootndn;
+	o.o_req_dn = age->age_dn;
+	o.o_req_ndn = age->age_ndn;
+	o.o_permissive_modify = 1;
+	o.o_dont_replicate = 1;
+	o.orm_no_opattrs = 1;
+	o.o_managedsait = SLAP_CONTROL_CRITICAL;
+	o.o_relax = SLAP_CONTROL_CRITICAL;
+
+	oex.oe_key = (void *)&autogroup;
+	LDAP_SLIST_INSERT_HEAD( &o.o_extra, &oex, oe_next );
+
+	o.o_bd->bd_info = (BackendInfo *)on->on_info;
+	(void)op->o_bd->be_modify( &o, &sreply );
+	o.o_bd->bd_info = (BackendInfo *)on;
+
+	LDAP_SLIST_REMOVE( &o.o_extra, &oex, OpExtra, oe_next );
+
+	slap_mods_free( modlist, 1 );
+	op->o_opid = opid;
+
+	return sreply.sr_err;
+}
+
+/* 
+**	e	- the entry where to get the attribute values
+**	age	- the group to which the values will be added
+*/
+static int
+autogroup_add_member_values_to_group( Operation *op, struct berval *dn, autogroup_entry_t *age, Attribute *attr )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	Modifications	modlist;
+	SlapReply	sreply = {REP_RESULT};
+	slap_callback	cb = { NULL, slap_null_cb, NULL, NULL };
+	Operation	o = *op;
+	unsigned long opid = op->o_opid;
+	OpExtra oex;
+
+	Debug(LDAP_DEBUG_TRACE, "==> autogroup_add_member_values_to_group adding <%s> to <%s>\n",
+		dn->bv_val, age->age_dn.bv_val );
+
+	modlist.sml_op = LDAP_MOD_ADD;
+	modlist.sml_desc = age->age_def->agd_member_ad;
+	modlist.sml_type = age->age_def->agd_member_ad->ad_cname;
+	modlist.sml_values = attr->a_vals;
+	modlist.sml_nvalues = attr->a_nvals;
+	modlist.sml_numvals = attr->a_numvals;
+	modlist.sml_flags = SLAP_MOD_INTERNAL;
+	modlist.sml_next = NULL;
+
+	o.o_opid = 0;
+	o.o_tag = LDAP_REQ_MODIFY;
+	o.o_callback = &cb;
+	o.orm_modlist = &modlist;
+	o.o_dn = op->o_bd->be_rootdn;
+	o.o_ndn = op->o_bd->be_rootndn;
+	o.o_req_dn = age->age_dn;
+	o.o_req_ndn = age->age_ndn;
+	o.o_permissive_modify = 1;
+	o.o_dont_replicate = 1;
+	o.orm_no_opattrs = 1;
+	o.o_managedsait = SLAP_CONTROL_CRITICAL;
+	o.o_relax = SLAP_CONTROL_CRITICAL;
+
+	oex.oe_key = (void *)&autogroup;
+	LDAP_SLIST_INSERT_HEAD( &o.o_extra, &oex, oe_next );
+
+	o.o_bd->bd_info = (BackendInfo *)on->on_info;
+	(void)op->o_bd->be_modify( &o, &sreply );
+	o.o_bd->bd_info = (BackendInfo *)on;
+	op->o_opid = opid;
+	LDAP_SLIST_REMOVE( &o.o_extra, &oex, OpExtra, oe_next );
+
+	return sreply.sr_err;
+}
+
+/*
+** dn,ndn	- the DN to be deleted
+** age		- the group from which the DN will be deleted
+** If we pass a NULL dn and ndn, all members are deleted from the group. 
+*/
+static int
+autogroup_delete_member_from_group( Operation *op, BerValue *dn, BerValue *ndn, autogroup_entry_t *age )
+{
+	slap_overinst	*on = (slap_overinst *)op->o_bd->bd_info;
+	Modifications	*modlist = (Modifications *)ch_calloc( 1, sizeof( Modifications ) );
+	SlapReply	sreply = {REP_RESULT};
+	BerValue	*vals, *nvals;
+	slap_callback	cb = { NULL, slap_null_cb, NULL, NULL };
+	Operation	o = *op;
+	unsigned long opid = op->o_opid;
+	OpExtra oex;
+
+	if ( dn == NULL || ndn == NULL ) {
+		Debug(LDAP_DEBUG_TRACE, "==> autogroup_delete_member_from_group removing all members from <%s>\n",
+			age->age_dn.bv_val );
+
+		modlist->sml_values = NULL;
+		modlist->sml_nvalues = NULL;
+		modlist->sml_numvals = 0;
+	} else {
+		Debug(LDAP_DEBUG_TRACE, "==> autogroup_delete_member_from_group removing <%s> from <%s>\n",
+			dn->bv_val, age->age_dn.bv_val );
+
+		vals = (BerValue *)ch_calloc( 2, sizeof( BerValue ) );
+		nvals = (BerValue *)ch_calloc( 2, sizeof( BerValue ) );
+		ber_dupbv( vals, dn );
+		BER_BVZERO( &vals[ 1 ] );
+		ber_dupbv( nvals, ndn );
+		BER_BVZERO( &nvals[ 1 ] );
+
+		modlist->sml_values = vals;
+		modlist->sml_nvalues = nvals;
+		modlist->sml_numvals = 1;
+	}
+
+
+	modlist->sml_op = LDAP_MOD_DELETE;
+	modlist->sml_desc = age->age_def->agd_member_ad;
+	modlist->sml_type = age->age_def->agd_member_ad->ad_cname;
+	modlist->sml_flags = SLAP_MOD_INTERNAL;
+	modlist->sml_next = NULL;
+
+	o.o_opid = 0;
+	o.o_callback = &cb;
+	o.o_tag = LDAP_REQ_MODIFY;
+	o.orm_modlist = modlist;
+	o.o_dn = op->o_bd->be_rootdn;
+	o.o_ndn = op->o_bd->be_rootndn;
+	o.o_req_dn = age->age_dn;
+	o.o_req_ndn = age->age_ndn;
+	o.o_relax = SLAP_CONTROL_CRITICAL;
+	o.o_managedsait = SLAP_CONTROL_CRITICAL;
+	o.o_permissive_modify = 1;
+	o.o_dont_replicate = 1;
+	o.orm_no_opattrs = 1;
+
+	oex.oe_key = (void *)&autogroup;
+	LDAP_SLIST_INSERT_HEAD( &o.o_extra, &oex, oe_next );
+
+	o.o_bd->bd_info = (BackendInfo *)on->on_info;
+	(void)op->o_bd->be_modify( &o, &sreply );
+	o.o_bd->bd_info = (BackendInfo *)on;
+
+	LDAP_SLIST_REMOVE( &o.o_extra, &oex, OpExtra, oe_next );
+
+	slap_mods_free( modlist, 1 );
+
+	op->o_opid = opid;
+	return sreply.sr_err;
+}
+
+/*
+**      e       - the entry where to get the attribute values
+**      age     - the group from which the values will be deleted
+*/
+static int
+autogroup_delete_member_values_from_group( Operation *op, struct berval *dn, autogroup_entry_t *age, Attribute *attr )
+{
+        slap_overinst   *on = (slap_overinst *)op->o_bd->bd_info;
+        Modifications   modlist;
+        SlapReply       sreply = {REP_RESULT};
+        slap_callback   cb = { NULL, slap_null_cb, NULL, NULL };
+        Operation       o = *op;
+	unsigned long opid = op->o_opid;
+	OpExtra oex;
+
+        Debug(LDAP_DEBUG_TRACE, "==> autogroup_delete_member_values_from_group removing <%s> from <%s>\n",
+			dn->bv_val, age->age_dn.bv_val );
+
+        modlist.sml_op = LDAP_MOD_DELETE;
+        modlist.sml_desc = age->age_def->agd_member_ad;
+        modlist.sml_type = age->age_def->agd_member_ad->ad_cname;
+        modlist.sml_values = attr->a_vals;
+        modlist.sml_nvalues = attr->a_nvals;
+        modlist.sml_numvals = attr->a_numvals;
+        modlist.sml_flags = SLAP_MOD_INTERNAL;
+        modlist.sml_next = NULL;
+
+	o.o_opid = 0;
+        o.o_tag = LDAP_REQ_MODIFY;
+        o.o_callback = &cb;
+        o.orm_modlist = &modlist;
+		o.o_dn = op->o_bd->be_rootdn;
+		o.o_ndn = op->o_bd->be_rootndn;
+        o.o_req_dn = age->age_dn;
+        o.o_req_ndn = age->age_ndn;
+        o.o_permissive_modify = 1;
+	o.o_dont_replicate = 1;
+	o.orm_no_opattrs = 1;
+        o.o_managedsait = SLAP_CONTROL_CRITICAL;
+        o.o_relax = SLAP_CONTROL_CRITICAL;
+
+	oex.oe_key = (void *)&autogroup;
+	LDAP_SLIST_INSERT_HEAD( &o.o_extra, &oex, oe_next );
+
+        o.o_bd->bd_info = (BackendInfo *)on->on_info;
+        (void)op->o_bd->be_modify( &o, &sreply );
+        o.o_bd->bd_info = (BackendInfo *)on;
+	op->o_opid = opid;
+
+	LDAP_SLIST_REMOVE( &o.o_extra, &oex, OpExtra, oe_next );
+
+        return sreply.sr_err;
+}
+
+/* 
+** Callback used to add entries to a group, 
+** which are going to be written in the database
+** (used in bi_op_add)
+** The group is passed in autogroup_ga_t->agg_group
+*/
+static int
+autogroup_member_search_cb( Operation *op, SlapReply *rs )
+{
+	assert( op->o_tag == LDAP_REQ_SEARCH );
+
+	if ( rs->sr_type == REP_SEARCH ) {
+		autogroup_ga_t		*agg = (autogroup_ga_t *)op->o_callback->sc_private;
+		autogroup_entry_t	*age = agg->agg_group;
+		autogroup_filter_t	*agf = agg->agg_filter;
+		Modification		mod;
+		const char		*text = NULL;
+		char			textbuf[1024];
+		struct berval		*vals, *nvals;
+		struct berval		lvals[ 2 ], lnvals[ 2 ];
+		int			numvals;
+
+		Debug(LDAP_DEBUG_TRACE, "==> autogroup_member_search_cb <%s>\n",
+			rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN" );
+
+		if ( agf->agf_anlist ) {
+			Attribute *attr = attrs_find( rs->sr_entry->e_attrs, agf->agf_anlist[0].an_desc );
+			if (attr) {
+				vals = attr->a_vals;
+				nvals = attr->a_nvals;
+				numvals = attr->a_numvals;
+			} else {
+				// Nothing to add
+				return 0;
+			}
+		} else {
+			lvals[ 0 ] = rs->sr_entry->e_name;
+			BER_BVZERO( &lvals[ 1 ] );
+			lnvals[ 0 ] = rs->sr_entry->e_nname;
+			BER_BVZERO( &lnvals[ 1 ] );
+			vals = lvals;
+			nvals = lnvals;
+			numvals = 1;
+		}
+
+		mod.sm_op = LDAP_MOD_ADD;
+		mod.sm_desc = age->age_def->agd_member_ad;
+		mod.sm_type = age->age_def->agd_member_ad->ad_cname;
+		mod.sm_values = vals;
+		mod.sm_nvalues = nvals;
+		mod.sm_numvals = numvals;
+
+		modify_add_values( agg->agg_entry, &mod, /* permissive */ 1, &text, textbuf, sizeof( textbuf ) );
+	}
+
+	return 0;
+}
+
+/* 
+** Callback used to add entries to a group, which is already in the database.
+** (used in on_response)
+** The group is passed in autogroup_ga_t->agg_group
+** NOTE: Very slow.
+*/
+static int
+autogroup_member_search_modify_cb( Operation *op, SlapReply *rs )
+{
+	assert( op->o_tag == LDAP_REQ_SEARCH );
+
+	if ( rs->sr_type == REP_SEARCH ) {
+		autogroup_ga_t		*agg = (autogroup_ga_t *)op->o_callback->sc_private;
+		autogroup_entry_t	*age = agg->agg_group;
+		autogroup_filter_t	*agf = agg->agg_filter;
+		Modifications		*modlist;
+		struct berval		*vals, *nvals;
+		struct berval		lvals[ 2 ], lnvals[ 2 ];
+		int			numvals;
+
+		Debug(LDAP_DEBUG_TRACE, "==> autogroup_member_search_modify_cb <%s>\n",
+			rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN" );
+
+		if ( agf->agf_anlist ) {
+			Attribute *attr = attrs_find( rs->sr_entry->e_attrs, agf->agf_anlist[0].an_desc );
+			if (attr) {
+				vals = attr->a_vals;
+				nvals = attr->a_nvals;
+				numvals = attr->a_numvals;
+			} else {
+				// Nothing to add
+				return 0;
+			}
+		} else {
+			lvals[ 0 ] = rs->sr_entry->e_name;
+			BER_BVZERO( &lvals[ 1 ] );
+			lnvals[ 0 ] = rs->sr_entry->e_nname;
+			BER_BVZERO( &lnvals[ 1 ] );
+			vals = lvals;
+			nvals = lnvals;
+			numvals = 1;
+		}
+
+		if ( numvals ) {
+			modlist = (Modifications *)ch_calloc( 1, sizeof( Modifications ) );
+
+			modlist->sml_op = LDAP_MOD_ADD;
+			modlist->sml_desc = age->age_def->agd_member_ad;
+			modlist->sml_type = age->age_def->agd_member_ad->ad_cname;
+
+			ber_bvarray_dup_x( &modlist->sml_values, vals, NULL );
+			ber_bvarray_dup_x( &modlist->sml_nvalues, nvals, NULL );
+			modlist->sml_numvals = numvals;
+
+			modlist->sml_flags = SLAP_MOD_INTERNAL;
+			modlist->sml_next = NULL;
+
+			if ( agg->agg_mod == NULL ) {
+				agg->agg_mod = modlist;
+				agg->agg_mod_last = modlist;
+			} else {
+				agg->agg_mod_last->sml_next = modlist;
+				agg->agg_mod_last = modlist;
+			}
+		}
+
+	}
+
+	return 0;
+}
+
+
+/*
+** Adds all entries matching the passed filter to the specified group.
+** If modify == 1, then we modify the group's entry in the database using be_modify.
+** If modify == 0, then, we must supply a rw entry for the group, 
+**	because we only modify the entry, without calling be_modify.
+** e	- the group entry, to which the members will be added
+** age	- the group
+** agf	- the filter
+*/
+static int
+autogroup_add_members_from_filter( Operation *op, Entry *e, autogroup_entry_t *age, autogroup_filter_t *agf, int modify)
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	Operation		o = *op;
+	SlapReply		rs = { REP_SEARCH };
+	slap_callback		cb = { 0 };
+	slap_callback		null_cb = { NULL, slap_null_cb, NULL, NULL };
+	autogroup_ga_t		agg;
+	OpExtra oex;
+
+	Debug(LDAP_DEBUG_TRACE, "==> autogroup_add_members_from_filter <%s>\n",
+		age->age_dn.bv_val );
+
+	o.ors_attrsonly = 0;
+	o.o_tag = LDAP_REQ_SEARCH;
+
+	o.o_dn = op->o_bd->be_rootdn;
+	o.o_ndn = op->o_bd->be_rootndn;
+	o.o_req_dn = agf->agf_dn;
+	o.o_req_ndn = agf->agf_ndn;
+
+	o.ors_filterstr = agf->agf_filterstr;
+	o.ors_filter = agf->agf_filter;
+
+	o.ors_scope = agf->agf_scope;
+	o.ors_deref = LDAP_DEREF_NEVER;
+	o.ors_limit = NULL;
+	o.ors_tlimit = SLAP_NO_LIMIT;
+	o.ors_slimit = SLAP_NO_LIMIT;
+	o.ors_attrs =  agf->agf_anlist ? agf->agf_anlist : slap_anlist_no_attrs;
+	o.o_do_not_cache = 1;
+
+	agg.agg_group = age;
+	agg.agg_filter = agf;
+	agg.agg_mod = NULL;
+	agg.agg_mod_last = NULL;
+	agg.agg_entry = e;
+	cb.sc_private = &agg;
+
+	if ( modify == 1 ) {
+		cb.sc_response = autogroup_member_search_modify_cb;
+	} else {
+		cb.sc_response = autogroup_member_search_cb;
+	}
+
+	cb.sc_cleanup = NULL;
+	cb.sc_next = NULL;
+
+	o.o_callback = &cb;
+
+	o.o_bd->bd_info = (BackendInfo *)on->on_info;
+	op->o_bd->be_search( &o, &rs );
+	o.o_bd->bd_info = (BackendInfo *)on;	
+
+	if ( modify == 1 && agg.agg_mod ) {
+		unsigned long opid = op->o_opid;
+
+		rs_reinit( &rs, REP_RESULT );
+
+		o = *op;
+		o.o_opid = 0;
+		o.o_callback = &null_cb;
+		o.o_tag = LDAP_REQ_MODIFY;
+		o.orm_modlist = agg.agg_mod;
+		o.o_dn = op->o_bd->be_rootdn;
+		o.o_ndn = op->o_bd->be_rootndn;
+		o.o_req_dn = age->age_dn;
+		o.o_req_ndn = age->age_ndn;
+		o.o_relax = SLAP_CONTROL_CRITICAL;
+		o.o_managedsait = SLAP_CONTROL_NONCRITICAL;
+		o.o_permissive_modify = 1;
+		o.o_dont_replicate = 1;
+		o.orm_no_opattrs = 1;
+
+	oex.oe_key = (void *)&autogroup;
+	LDAP_SLIST_INSERT_HEAD( &o.o_extra, &oex, oe_next );
+
+		o.o_bd->bd_info = (BackendInfo *)on->on_info;
+		(void)op->o_bd->be_modify( &o, &rs );
+		o.o_bd->bd_info = (BackendInfo *)on;	
+
+	LDAP_SLIST_REMOVE( &o.o_extra, &oex, OpExtra, oe_next );
+
+		slap_mods_free(agg.agg_mod, 1);
+		op->o_opid = opid;
+	}
+
+	return 0;
+}
+
+/* 
+** Adds a group to the internal list from the passed entry.
+** scan specifies whether to add all matching members to the group.
+** modify specifies whether to modify the given group entry (when modify == 0),
+**	or to modify the group entry in the database (when modify == 1 and e = NULL and ndn != NULL).
+** agi	- pointer to the groups and the attribute definitions
+** agd - the attribute definition of the added group
+** e	- the entry representing the group, can be NULL if the ndn is specified, and modify == 1
+** ndn	- the DN of the group, can be NULL if we give a non-NULL e
+*/
+static int
+autogroup_add_group( Operation *op, autogroup_info_t *agi, autogroup_def_t *agd, Entry *e, BerValue *ndn, int scan, int modify)
+{
+	autogroup_entry_t	**agep = &agi->agi_entry;
+	autogroup_filter_t	*agf, *agf_prev = NULL;
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	LDAPURLDesc		*lud = NULL;
+	Attribute		*a;
+	BerValue		*bv, dn;
+	int			rc = 0, match = 1, null_entry = 0;
+
+	if ( e == NULL ) {
+		if ( overlay_entry_get_ov( op, ndn, NULL, NULL, 0, &e, on ) !=
+			LDAP_SUCCESS || e == NULL ) {
+			Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: cannot get entry for <%s>\n", ndn->bv_val );
+			return 1;
+		}
+
+		null_entry = 1;
+	}
+
+	Debug(LDAP_DEBUG_TRACE, "==> autogroup_add_group <%s>\n",
+		e->e_name.bv_val );
+
+	if ( agi->agi_entry != NULL ) {
+		for ( ; *agep ; agep = &(*agep)->age_next ) {
+			dnMatch( &match, 0, NULL, NULL, &e->e_nname, &(*agep)->age_ndn );
+			if ( match == 0 ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: group already exists: <%s>\n", e->e_name.bv_val );
+				return 1;
+			}
+			/* goto last */;
+		}
+	}
+
+
+	*agep = (autogroup_entry_t *)ch_calloc( 1, sizeof( autogroup_entry_t ) );
+	ldap_pvt_thread_mutex_init( &(*agep)->age_mutex );
+	(*agep)->age_def = agd;
+	(*agep)->age_filter = NULL;
+	(*agep)->age_mustrefresh = 0;
+	(*agep)->age_modrdn_olddnmodified = 0;
+
+	ber_dupbv( &(*agep)->age_dn, &e->e_name );
+	ber_dupbv( &(*agep)->age_ndn, &e->e_nname );
+
+	a = attrs_find( e->e_attrs, agd->agd_member_url_ad );
+
+	if ( null_entry == 1 ) {
+		a = attrs_dup( a );
+		overlay_entry_release_ov( op, e, 0, on );
+	}
+
+	if( a == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: group has no memberURL\n" );
+	} else {
+		for ( bv = a->a_nvals; !BER_BVISNULL( bv ); bv++ ) {
+
+			agf = (autogroup_filter_t*)ch_calloc( 1, sizeof( autogroup_filter_t ) );
+
+			if ( ldap_url_parse( bv->bv_val, &lud ) != LDAP_URL_SUCCESS ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: cannot parse url <%s>\n", bv->bv_val );
+				/* FIXME: error? */
+				ch_free( agf ); 
+				continue;
+			}
+
+			agf->agf_scope = lud->lud_scope;
+
+			if ( lud->lud_dn == NULL ) {
+				BER_BVSTR( &dn, "" );
+			} else {
+				ber_str2bv( lud->lud_dn, 0, 0, &dn );
+			}
+
+			rc = dnPrettyNormal( NULL, &dn, &agf->agf_dn, &agf->agf_ndn, NULL );
+			if ( rc != LDAP_SUCCESS ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: cannot normalize DN <%s>\n", dn.bv_val );
+				/* FIXME: error? */
+				goto cleanup;
+			}
+
+			if ( lud->lud_filter != NULL ) {
+				ber_str2bv( lud->lud_filter, 0, 1, &agf->agf_filterstr);
+				agf->agf_filter = str2filter( lud->lud_filter );
+			} else {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: URL filter is missing <%s>\n", bv->bv_val );
+				/* FIXME: error? */
+				goto cleanup;
+			}
+
+			if ( lud->lud_attrs != NULL ) {
+				int i;
+
+				for ( i=0 ; lud->lud_attrs[i]!=NULL ; i++) {
+					/* Just counting */;
+				}
+
+				if ( i > 1 ) {
+					Debug( LDAP_DEBUG_ANY, "autogroup_add_group: too many attributes specified in url <%s>\n",
+						bv->bv_val );
+					/* FIXME: error? */
+					filter_free( agf->agf_filter );
+					ch_free( agf->agf_filterstr.bv_val );
+					ch_free( agf->agf_dn.bv_val );
+					ch_free( agf->agf_ndn.bv_val );
+					ldap_free_urldesc( lud );
+					ch_free( agf );
+					continue;
+				}
+
+				agf->agf_anlist = str2anlist( NULL, lud->lud_attrs[0], "," );
+
+				if ( agf->agf_anlist == NULL ) {
+					Debug( LDAP_DEBUG_ANY, "autogroup_add_group: unable to find AttributeDescription \"%s\".\n",
+						lud->lud_attrs[0] );
+					/* FIXME: error? */
+					filter_free( agf->agf_filter );
+					ch_free( agf->agf_filterstr.bv_val );
+					ch_free( agf->agf_dn.bv_val );
+					ch_free( agf->agf_ndn.bv_val );
+					ldap_free_urldesc( lud );
+					ch_free( agf );
+					continue;
+				}
+			}
+
+			agf->agf_next = NULL;
+
+			if( (*agep)->age_filter == NULL ) {
+				(*agep)->age_filter = agf;
+			}
+
+			if( agf_prev != NULL ) {
+				agf_prev->agf_next = agf;
+			}
+
+			agf_prev = agf;
+
+			if ( scan == 1 ){
+				autogroup_add_members_from_filter( op, e, (*agep), agf, modify );
+			}
+
+			Debug( LDAP_DEBUG_TRACE, "autogroup_add_group: added memberURL DN <%s> with filter <%s>\n",
+				agf->agf_ndn.bv_val, agf->agf_filterstr.bv_val );
+
+			ldap_free_urldesc( lud );
+
+			continue;
+
+
+cleanup:;
+
+			ch_free( agf->agf_ndn.bv_val );
+			ch_free( agf->agf_dn.bv_val );
+			ldap_free_urldesc( lud );				
+			ch_free( agf ); 
+		}
+	}
+
+	if ( null_entry == 1 ) {
+		attrs_free( a );
+	}
+	return rc;
+}
+
+/* 
+** Used when opening the database to add all existing 
+** groups from the database to our internal list.
+*/
+static int
+autogroup_group_add_cb( Operation *op, SlapReply *rs )
+{
+	assert( op->o_tag == LDAP_REQ_SEARCH );
+
+	if ( rs->sr_type == REP_SEARCH ) {
+		autogroup_sc_t		*ags = (autogroup_sc_t *)op->o_callback->sc_private;
+
+		Debug(LDAP_DEBUG_TRACE, "==> autogroup_group_add_cb <%s>\n",
+			rs->sr_entry ? rs->sr_entry->e_name.bv_val : "UNKNOWN_DN" );
+
+		autogroup_add_group( op, ags->ags_info, ags->ags_def, rs->sr_entry, NULL, 0, 0);
+	}
+
+	return 0;
+}
+
+typedef struct ag_addinfo {
+	slap_overinst *on;
+	Entry *e;
+	autogroup_def_t		*agd;
+} ag_addinfo;
+
+static int
+autogroup_add_entry_cb( Operation *op, SlapReply *rs )
+{
+	slap_callback *sc = op->o_callback;
+	ag_addinfo *aa = sc->sc_private;
+	slap_overinst *on = aa->on;
+	autogroup_info_t	*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	BackendInfo *bi = op->o_bd->bd_info;
+
+	if ( rs->sr_err != LDAP_SUCCESS )
+		goto done;
+
+	op->o_bd->bd_info = (BackendInfo *)on;
+	ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
+	if ( aa->agd ) {
+		autogroup_add_group( op, agi, aa->agd, aa->e, NULL, 1 , 0);
+	} else {
+		autogroup_entry_t	*age;
+		autogroup_filter_t	*agf;
+		struct berval odn, ondn;
+		int rc;
+
+		/* must use rootdn when calling test_filter */
+		odn = op->o_dn;
+		ondn = op->o_ndn;
+		op->o_dn = op->o_bd->be_rootdn;
+		op->o_ndn = op->o_bd->be_rootndn;
+
+		for ( age = agi->agi_entry; age ; age = age->age_next ) {
+			ldap_pvt_thread_mutex_lock( &age->age_mutex );
+
+			/* Check if any of the filters are the suffix to the entry DN.
+			   If yes, we can test that filter against the entry. */
+
+			for ( agf = age->age_filter; agf ; agf = agf->agf_next ) {
+				if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
+					rc = test_filter( op, aa->e, agf->agf_filter );
+					if ( rc == LDAP_COMPARE_TRUE ) {
+						if ( agf->agf_anlist ) {
+							Attribute *a = attr_find( aa->e->e_attrs, agf->agf_anlist[0].an_desc );
+							if ( a )
+								autogroup_add_member_values_to_group( op, &op->o_req_dn, age, a );
+						} else {
+							autogroup_add_member_to_group( op, &aa->e->e_name, &aa->e->e_nname, age );
+						}
+						break;
+					}
+				}
+			}
+			ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+		}
+		op->o_dn = odn;
+		op->o_ndn = ondn;
+	}
+	ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+
+	op->o_bd->bd_info = bi;
+
+done:
+	op->o_callback = sc->sc_next;
+	op->o_tmpfree( sc, op->o_tmpmemctx );
+
+	return SLAP_CB_CONTINUE;
+}
+
+/*
+** When adding a group, we first strip any existing members,
+** and add all which match the filters ourselves.
+*/
+static int
+autogroup_add_entry( Operation *op, SlapReply *rs)
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	autogroup_info_t	*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_def_t		*agd = agi->agi_def;
+	slap_callback	*sc = NULL;
+	ag_addinfo	*aa = NULL;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_add_entry <%s>\n", 
+		op->ora_e->e_name.bv_val );
+
+	sc = op->o_tmpcalloc( sizeof(slap_callback) + sizeof(ag_addinfo), 1, op->o_tmpmemctx );
+	sc->sc_private = (sc+1);
+	sc->sc_response = autogroup_add_entry_cb;
+	aa = sc->sc_private;
+	aa->on = on;
+	aa->e = op->ora_e;
+	sc->sc_next = op->o_callback;
+	op->o_callback = sc;
+
+	/* Check if it's a group. */
+	for ( ; agd ; agd = agd->agd_next ) {
+		if ( is_entry_objectclass_or_sub( op->ora_e, agd->agd_oc ) ) {
+			Modification		mod;
+			const char		*text = NULL;
+			char			textbuf[1024];
+
+			mod.sm_op = LDAP_MOD_DELETE;
+			mod.sm_desc = agd->agd_member_ad;
+			mod.sm_type = agd->agd_member_ad->ad_cname;
+			mod.sm_values = NULL;
+			mod.sm_nvalues = NULL;
+
+			/* We don't want any member attributes added by the user. */
+			modify_delete_values( op->ora_e, &mod, /* permissive */ 1, &text, textbuf, sizeof( textbuf ) );
+
+			aa->agd = agd;
+
+			break;
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+/*
+** agi	- internal group and attribute definitions list
+** e	- the group to remove from the internal list
+*/
+static int
+autogroup_delete_group( autogroup_info_t *agi, autogroup_entry_t *e )
+{
+	autogroup_entry_t	*age = agi->agi_entry,
+				*age_prev = NULL,
+				*age_next;
+	int			rc = 1;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_delete_group <%s>\n", 
+		age->age_dn.bv_val );
+
+	for ( age_next = age ; age_next ; age_prev = age, age = age_next ) {
+		age_next = age->age_next;
+
+		if ( age == e ) {
+			autogroup_filter_t	*agf = age->age_filter,
+							*agf_next;
+
+			if ( age_prev != NULL ) {
+				age_prev->age_next = age_next;
+			} else {
+				agi->agi_entry = NULL;
+			}
+
+			ch_free( age->age_dn.bv_val );
+			ch_free( age->age_ndn.bv_val );
+
+			for( agf_next = agf ; agf_next ; agf = agf_next ){
+				agf_next = agf->agf_next;
+
+				filter_free( agf->agf_filter );
+				ch_free( agf->agf_filterstr.bv_val );
+				ch_free( agf->agf_dn.bv_val );
+				ch_free( agf->agf_ndn.bv_val );
+				anlist_free( agf->agf_anlist, 1, NULL );
+				ch_free( agf );
+			}
+
+			ldap_pvt_thread_mutex_unlock( &age->age_mutex );		
+			ldap_pvt_thread_mutex_destroy( &age->age_mutex );
+			ch_free( age );
+
+			rc = 0;	
+			return rc;
+
+		}
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "autogroup_delete_group: group <%s> not found, should not happen\n", age->age_dn.bv_val );
+
+	return rc;
+
+}
+
+static int
+autogroup_delete_entry( Operation *op, SlapReply *rs)
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	autogroup_info_t	*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_entry_t	*age, *age_prev, *age_next;
+	autogroup_filter_t	*agf;
+	Entry			*e;
+	int			matched_group = 0, rc = 0;
+	struct berval odn, ondn;
+	OpExtra *oex;
+
+	LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+		if ( oex->oe_key == (void *)&autogroup )
+			return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_delete_entry <%s>\n", op->o_req_dn.bv_val );
+
+	ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
+
+	if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
+		LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "autogroup_delete_entry: cannot get entry for <%s>\n", op->o_req_dn.bv_val );
+		ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );			
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* Check if the entry to be deleted is one of our groups. */
+	for ( age_next = agi->agi_entry ; age_next ; age_prev = age ) {
+		age = age_next;
+		ldap_pvt_thread_mutex_lock( &age->age_mutex );
+		age_next = age->age_next;
+
+		if ( is_entry_objectclass_or_sub( e, age->age_def->agd_oc ) ) {
+			int match = 1;
+
+			matched_group = 1;
+
+			dnMatch( &match, 0, NULL, NULL, &e->e_nname, &age->age_ndn );
+
+			if ( match == 0 ) {
+				autogroup_delete_group( agi, age );
+				break;
+			}
+		}
+
+		ldap_pvt_thread_mutex_unlock( &age->age_mutex );			
+	}
+
+	if ( matched_group == 1 ) {
+		overlay_entry_release_ov( op, e, 0, on );
+		ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* Check if the entry matches any of the groups.
+	   If yes, we can delete the entry from that group. */
+
+	odn = op->o_dn;
+	ondn = op->o_ndn;
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+		ldap_pvt_thread_mutex_lock( &age->age_mutex );		
+
+		for ( agf = age->age_filter; agf ; agf = agf->agf_next ) {
+			if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
+				rc = test_filter( op, e, agf->agf_filter );
+				if ( rc == LDAP_COMPARE_TRUE ) {
+					/* If the attribute is retrieved from the entry, we don't know what to delete
+					** So the group must be entirely refreshed
+					** But the refresh can't be done now because the entry is not deleted
+					** So the group is marked as mustrefresh
+					*/
+					if ( agf->agf_anlist ) {
+						age->age_mustrefresh = 1;
+					} else {
+						autogroup_delete_member_from_group( op, &e->e_name, &e->e_nname, age );
+					}
+					break;
+				}
+			}
+		}
+		ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+	}
+	op->o_dn = odn;
+	op->o_ndn = ondn;
+
+	overlay_entry_release_ov( op, e, 0, on );
+	ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+autogroup_response( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	autogroup_info_t	*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_def_t		*agd = agi->agi_def;
+	autogroup_entry_t	*age;
+	autogroup_filter_t	*agf;
+	BerValue		new_dn, new_ndn, pdn;
+	Entry			*e, *group;
+	Attribute		*a, *ea, *attrs;
+	int			is_olddn, is_newdn, is_value_refresh, dn_equal;
+	OpExtra *oex;
+
+	LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+		if ( oex->oe_key == (void *)&autogroup )
+			break;
+	}
+
+	/* Handle all cases where a refresh of the group is needed */
+	if ( op->o_tag == LDAP_REQ_DELETE || op->o_tag == LDAP_REQ_MODIFY ) {
+		if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS && !oex ) {
+
+			ldap_pvt_thread_mutex_lock( &agi->agi_mutex );
+
+			for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+				/* Request detected that the group must be refreshed */
+
+				ldap_pvt_thread_mutex_lock( &age->age_mutex );
+
+				if ( age->age_mustrefresh ) {
+					autogroup_delete_member_from_group( op, NULL, NULL, age) ;
+
+					for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+						autogroup_add_members_from_filter( op, NULL, age, agf, 1 );
+					}
+				}
+
+				ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+			}
+
+			ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+		}
+	} else if ( op->o_tag == LDAP_REQ_MODRDN ) {
+		if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS && !oex ) {
+
+			Debug( LDAP_DEBUG_TRACE, "==> autogroup_response MODRDN from <%s>\n", op->o_req_dn.bv_val );
+
+			ldap_pvt_thread_mutex_lock( &agi->agi_mutex );			
+
+			if ( op->oq_modrdn.rs_newSup ) {
+				pdn = *op->oq_modrdn.rs_newSup;
+			} else {
+				dnParent( &op->o_req_dn, &pdn );
+			}
+			build_new_dn( &new_dn, &pdn, &op->orr_newrdn, op->o_tmpmemctx );
+
+			if ( op->oq_modrdn.rs_nnewSup ) {
+				pdn = *op->oq_modrdn.rs_nnewSup;
+			} else {
+				dnParent( &op->o_req_ndn, &pdn );
+			}
+			build_new_dn( &new_ndn, &pdn, &op->orr_nnewrdn, op->o_tmpmemctx );
+
+			Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN to <%s>\n", new_dn.bv_val );
+
+			dnMatch( &dn_equal, 0, NULL, NULL, &op->o_req_ndn, &new_ndn );
+
+			if ( overlay_entry_get_ov( op, &new_ndn, NULL, NULL, 0, &e, on ) !=
+				LDAP_SUCCESS || e == NULL ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN cannot get entry for <%s>\n", new_dn.bv_val );
+				ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+				return SLAP_CB_CONTINUE;
+			}
+
+			a = attrs_find( e->e_attrs, slap_schema.si_ad_objectClass );
+
+
+			if ( a == NULL ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN entry <%s> has no objectClass\n", new_dn.bv_val );
+				overlay_entry_release_ov( op, e, 0, on );
+				ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+				return SLAP_CB_CONTINUE;
+			}
+
+
+			/* If a groups DN is modified, just update age_dn/ndn of that group with the new DN. */
+			for ( ; agd; agd = agd->agd_next ) {
+
+				if ( value_find_ex( slap_schema.si_ad_objectClass,
+						SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+						SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+						a->a_nvals, &agd->agd_oc->soc_cname,
+						op->o_tmpmemctx ) == 0 )
+				{		
+					for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+						int match = 1;
+
+						dnMatch( &match, 0, NULL, NULL, &age->age_ndn, &op->o_req_ndn );
+						if ( match == 0 ) {
+							Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN updating group's DN to <%s>\n", new_dn.bv_val );
+							ber_dupbv( &age->age_dn, &new_dn );
+							ber_dupbv( &age->age_ndn, &new_ndn );
+
+							op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx  );
+							op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
+							overlay_entry_release_ov( op, e, 0, on );
+							ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+							return SLAP_CB_CONTINUE;
+						}
+					}
+
+				}
+			}
+
+			/* For each group: 
+			   1. check if the original entry's DN is in the group.
+			   2. check if the any of the group filter's base DN is a suffix of the new DN
+
+			   If 1 and 2 are both false, we do nothing.
+			   If 1 and 2 is true, we remove the old DN from the group, and add the new DN.
+			   If 1 is false, and 2 is true, we check the entry against the group's filters,
+				and add it's DN to the group.
+			   If 1 is true, and 2 is false, we delete the entry's DN from the group.
+			*/
+			attrs = attrs_dup( e->e_attrs );
+			overlay_entry_release_ov( op, e, 0, on );
+			for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+				is_olddn = 0;
+				is_newdn = 0;
+				is_value_refresh = 0;
+
+				ldap_pvt_thread_mutex_lock( &age->age_mutex );
+
+				if ( age->age_filter && age->age_filter->agf_anlist ) {
+					ea = attrs_find( attrs, age->age_filter->agf_anlist[0].an_desc );
+				}
+				else {
+					ea = NULL;
+				}
+
+				if ( age->age_modrdn_olddnmodified ) {
+					/* Request already marked this group to be updated */
+					is_olddn = 1;
+					is_value_refresh = 1;
+					age->age_modrdn_olddnmodified = 0;
+				} else {
+
+					if ( overlay_entry_get_ov( op, &age->age_ndn, NULL, NULL, 0, &group, on ) !=
+						LDAP_SUCCESS || group == NULL ) {
+						Debug( LDAP_DEBUG_TRACE, "autogroup_response MODRDN cannot get group entry <%s>\n", age->age_dn.bv_val );
+
+						op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
+						op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
+
+						attrs_free( attrs );
+						ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+						ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+						return SLAP_CB_CONTINUE;
+					}
+
+					a = attrs_find( group->e_attrs, age->age_def->agd_member_ad );
+
+					if ( a != NULL ) {
+						if ( value_find_ex( age->age_def->agd_member_ad,
+								SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+								SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+								a->a_nvals, ea ? ea->a_nvals : &op->o_req_ndn, op->o_tmpmemctx ) == 0 ) 
+						{
+							is_olddn = 1;
+						}
+
+					}
+
+					overlay_entry_release_ov( op, group, 0, on );
+
+				}
+
+				for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+					if ( dnIsSuffix( &new_ndn, &agf->agf_ndn ) ) {
+						/* TODO: should retest filter as it could imply conditions on the dn */
+						is_newdn = 1;
+						break;
+					}
+				}
+
+
+				if ( is_value_refresh ) {
+					if ( is_olddn != is_newdn ) {
+						/* group refresh */
+						autogroup_delete_member_from_group( op, NULL, NULL, age) ;
+
+						for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+							autogroup_add_members_from_filter( op, NULL, age, agf, 1 );
+						}
+					}
+					ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+					continue;
+				}
+				if ( is_olddn == 1 && is_newdn == 0 ) {
+					if ( ea )
+						autogroup_delete_member_values_from_group( op, &new_dn, age, ea );
+					else
+						autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
+				} else
+				if ( is_olddn == 0 && is_newdn == 1 ) {
+					Entry etmp;
+					struct berval odn, ondn;
+					etmp.e_name = op->o_req_dn;
+					etmp.e_nname = op->o_req_ndn;
+					etmp.e_attrs = attrs;
+					odn = op->o_dn;
+					ondn = op->o_ndn;
+					op->o_dn = op->o_bd->be_rootdn;
+					op->o_ndn = op->o_bd->be_rootndn;
+
+					for ( agf = age->age_filter; agf; agf = agf->agf_next ) {
+						if ( test_filter( op, &etmp, agf->agf_filter ) == LDAP_COMPARE_TRUE ) {
+							if ( ea ) {
+								autogroup_add_member_values_to_group( op, &new_dn, age, ea );
+							} else
+								autogroup_add_member_to_group( op, &new_dn, &new_ndn, age );
+							break;
+						}
+					}
+					op->o_dn = odn;
+					op->o_ndn = ondn;
+				} else
+				if ( is_olddn == 1 && is_newdn == 1 && dn_equal != 0 ) {
+					if ( ea ) {
+						/* group refresh */
+						autogroup_delete_member_from_group( op, NULL, NULL, age) ;
+
+						for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+							autogroup_add_members_from_filter( op, NULL, age, agf, 1 );
+						}
+					}
+					else {
+						autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
+						autogroup_add_member_to_group( op, &new_dn, &new_ndn, age );
+					}
+				}
+
+				ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+			}
+
+			op->o_tmpfree( new_dn.bv_val, op->o_tmpmemctx );
+			op->o_tmpfree( new_ndn.bv_val, op->o_tmpmemctx );
+
+			attrs_free( attrs );
+
+			ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );			
+		}
+	}
+
+	if ( op->o_tag == LDAP_REQ_MODIFY ) {
+		if ( rs->sr_type == REP_RESULT && rs->sr_err == LDAP_SUCCESS  && !oex ) {
+			Entry etmp;
+			struct berval odn, ondn;
+			Debug( LDAP_DEBUG_TRACE, "==> autogroup_response MODIFY <%s>\n", op->o_req_dn.bv_val );
+
+			ldap_pvt_thread_mutex_lock( &agi->agi_mutex );			
+
+			if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
+				LDAP_SUCCESS || e == NULL ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY cannot get entry for <%s>\n", op->o_req_dn.bv_val );
+				ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+				return SLAP_CB_CONTINUE;
+			}
+
+			a = attrs_find( e->e_attrs, slap_schema.si_ad_objectClass );
+
+
+			if ( a == NULL ) {
+				Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY entry <%s> has no objectClass\n", op->o_req_dn.bv_val );
+				overlay_entry_release_ov( op, e, 0, on );
+				ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+				return SLAP_CB_CONTINUE;
+			}
+
+			/* If we modify a group's memberURL, we have to delete all of it's members,
+			   and add them anew, because we cannot tell from which memberURL a member was added. */
+			for ( ; agd; agd = agd->agd_next ) {
+
+				if ( value_find_ex( slap_schema.si_ad_objectClass,
+						SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+						SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+						a->a_nvals, &agd->agd_oc->soc_cname,
+						op->o_tmpmemctx ) == 0 )
+				{
+					Modifications	*m;
+					int		match = 1;
+
+					m = op->orm_modlist;
+
+					for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+						ldap_pvt_thread_mutex_lock( &age->age_mutex );
+
+						dnMatch( &match, 0, NULL, NULL, &op->o_req_ndn, &age->age_ndn );
+
+						if ( match == 0 ) {
+							for ( ; m ; m = m->sml_next ) {
+								if ( m->sml_desc == age->age_def->agd_member_url_ad ) {
+									autogroup_def_t	*group_agd = age->age_def;
+									Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY changing memberURL for group <%s>\n", 
+										op->o_req_dn.bv_val );
+
+									overlay_entry_release_ov( op, e, 0, on );
+
+									autogroup_delete_member_from_group( op, NULL, NULL, age );
+									autogroup_delete_group( agi, age );
+
+									autogroup_add_group( op, agi, group_agd, NULL, &op->o_req_ndn, 1, 1);
+
+									ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+									return SLAP_CB_CONTINUE;
+								}
+							}
+
+							ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+							break;
+						}
+
+						ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+					}
+
+					overlay_entry_release_ov( op, e, 0, on );
+					ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+					return SLAP_CB_CONTINUE;
+				}
+			}
+
+			/* When modifying any of the attributes of an entry, we must
+			   check if the entry is in any of our groups, and if
+			   the modified entry matches any of the filters of that group.
+
+			   If the entry exists in a group, but the modified attributes do
+				not match any of the group's filters, we delete the entry from that group.
+			   If the entry doesn't exist in a group, but matches a filter, 
+				we add it to that group.
+			*/
+			attrs = attrs_dup( e->e_attrs );
+			overlay_entry_release_ov( op, e, 0, on );
+			etmp.e_name = op->o_req_dn;
+			etmp.e_nname = op->o_req_ndn;
+			etmp.e_attrs = attrs;
+			odn = op->o_dn;
+			ondn = op->o_ndn;
+			op->o_dn = op->o_bd->be_rootdn;
+			op->o_ndn = op->o_bd->be_rootndn;
+
+			for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+				is_olddn = 0;
+				is_newdn = 0;
+
+				ldap_pvt_thread_mutex_lock( &age->age_mutex );
+
+				if ( age->age_filter && age->age_filter->agf_anlist ) {
+					ea = attrs_find( attrs, age->age_filter->agf_anlist[0].an_desc );
+				}
+				else {
+					ea = NULL;
+				}
+
+				if ( overlay_entry_get_ov( op, &age->age_ndn, NULL, NULL, 0, &group, on ) !=
+					LDAP_SUCCESS || group == NULL ) {
+					Debug( LDAP_DEBUG_TRACE, "autogroup_response MODIFY cannot get entry for <%s>\n", 
+						age->age_dn.bv_val );
+
+					attrs_free( attrs );
+					ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+					ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+					op->o_dn = odn;
+					op->o_ndn = ondn;
+					return SLAP_CB_CONTINUE;
+				}
+
+				a = attrs_find( group->e_attrs, age->age_def->agd_member_ad );
+
+				if ( a != NULL ) {
+					if ( value_find_ex( age->age_def->agd_member_ad,
+							SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+							SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+							a->a_nvals, ea ? ea->a_nvals : &op->o_req_ndn, op->o_tmpmemctx ) == 0 ) 
+					{
+						is_olddn = 1;
+					}
+
+				}
+
+				overlay_entry_release_ov( op, group, 0, on );
+
+				for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+					if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
+						if ( test_filter( op, &etmp, agf->agf_filter ) == LDAP_COMPARE_TRUE ) {
+							is_newdn = 1;
+							break;
+						}
+					}
+				}
+
+				if ( is_olddn == 1 && is_newdn == 0 ) {
+					if(ea)
+						autogroup_delete_member_values_from_group( op, &op->o_req_dn, age, ea );
+					else
+						autogroup_delete_member_from_group( op, &op->o_req_dn, &op->o_req_ndn, age );
+				} else
+				if ( is_olddn == 0 && is_newdn == 1 ) {
+					if(ea)
+						autogroup_add_member_values_to_group( op, &op->o_req_dn, age, ea );
+					else
+						autogroup_add_member_to_group( op, &op->o_req_dn, &op->o_req_ndn, age );
+				} 
+
+				ldap_pvt_thread_mutex_unlock( &age->age_mutex );
+			}
+
+			op->o_dn = odn;
+			op->o_ndn = ondn;
+			attrs_free( attrs );
+
+			ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+/*
+** Detect if filter contains a memberOf check for dn
+*/
+static int
+autogroup_memberOf_filter( Filter *f, BerValue *dn, AttributeDescription *memberof_ad )
+{
+	int result = 0;
+	if ( f == NULL ) return 0;
+
+  	switch ( f->f_choice & SLAPD_FILTER_MASK ) {
+		case LDAP_FILTER_AND:
+		case LDAP_FILTER_OR:
+		case LDAP_FILTER_NOT:
+			for ( f = f->f_un.f_un_complex; f && !result; f = f->f_next ) {
+				result = result || autogroup_memberOf_filter( f, dn, memberof_ad );
+			}
+			break;
+		case LDAP_FILTER_EQUALITY:
+			result = ( f->f_ava->aa_desc == memberof_ad &&
+			           ber_bvcmp( &f->f_ava->aa_value, dn ) == 0 );
+			break;
+		default:
+			break;
+	}
+
+	return result;
+}
+
+/*
+** When modifying a group, we must deny any modifications to the member attribute,
+** because the group would be inconsistent.
+*/
+static int
+autogroup_modify_entry( Operation *op, SlapReply *rs)
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	autogroup_info_t		*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_def_t		*agd = agi->agi_def;
+	autogroup_entry_t	*age;
+	Entry			*e;
+	Attribute		*a;
+	struct berval odn, ondn;
+	OpExtra *oex;
+
+	LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+		if ( oex->oe_key == (void *)&autogroup )
+			return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_modify_entry <%s>\n", op->o_req_dn.bv_val );
+	ldap_pvt_thread_mutex_lock( &agi->agi_mutex );			
+
+	if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
+		LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "autogroup_modify_entry cannot get entry for <%s>\n", op->o_req_dn.bv_val );
+		ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+		return SLAP_CB_CONTINUE;
+	}
+
+	odn = op->o_dn;
+	ondn = op->o_ndn;
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	/* Must refresh groups if a matching member value is modified OR filter contains memberOf=DN */
+	for ( age = agi->agi_entry; age ; age = age->age_next ) {
+		autogroup_filter_t	*agf;
+		for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+			if ( agf->agf_anlist ) {
+				Modifications	*m;
+				for ( m = op->orm_modlist ; m ; m = m->sml_next ) {
+					if ( m->sml_desc == agf->agf_anlist[0].an_desc ) {
+						if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
+							int rc = test_filter( op, e, agf->agf_filter );
+							if ( rc == LDAP_COMPARE_TRUE ) {
+								age->age_mustrefresh = 1;
+							}
+						}
+					}
+				}
+			}
+
+			if ( autogroup_memberOf_filter( agf->agf_filter, &op->o_req_ndn, agi->agi_memberof_ad ) ) {
+				age->age_mustrefresh = 1;
+			}
+		}
+	}
+	op->o_dn = odn;
+	op->o_ndn = ondn;
+
+	a = attrs_find( e->e_attrs, slap_schema.si_ad_objectClass );
+
+	if ( a == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "autogroup_modify_entry entry <%s> has no objectClass\n", op->o_req_dn.bv_val );
+		ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );		
+		return SLAP_CB_CONTINUE;
+	}
+
+
+	for ( ; agd; agd = agd->agd_next ) {
+
+		if ( value_find_ex( slap_schema.si_ad_objectClass,
+				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+				a->a_nvals, &agd->agd_oc->soc_cname,
+				op->o_tmpmemctx ) == 0 )
+		{
+			Modifications	*m;
+			int		match = 1;
+
+			m = op->orm_modlist;
+
+			for ( age = agi->agi_entry ; age ; age = age->age_next ) {
+				dnMatch( &match, 0, NULL, NULL, &op->o_req_ndn, &age->age_ndn );
+
+				if ( match == 0 ) {
+					for ( ; m ; m = m->sml_next ) {
+						if ( m->sml_desc == age->age_def->agd_member_ad ) {
+							overlay_entry_release_ov( op, e, 0, on );
+							ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+							Debug( LDAP_DEBUG_TRACE, "autogroup_modify_entry attempted to modify group's <%s> member attribute\n", op->o_req_dn.bv_val );
+							send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, "attempt to modify dynamic group member attribute");
+							return LDAP_CONSTRAINT_VIOLATION;
+						}
+					}
+					break;
+				}
+			}
+
+			/* an entry may only have one dynamic group class */
+			break;
+		}
+	}
+
+	overlay_entry_release_ov( op, e, 0, on );
+	ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );			
+	return SLAP_CB_CONTINUE;
+}
+
+/*
+** Detect if the olddn is part of a group and so if the group should be refreshed
+*/
+static int
+autogroup_modrdn_entry( Operation *op, SlapReply *rs)
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	autogroup_info_t	*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_entry_t	*age;
+	Entry			*e;
+	struct berval odn, ondn;
+	OpExtra *oex;
+
+	LDAP_SLIST_FOREACH( oex, &op->o_extra, oe_next ) {
+		if ( oex->oe_key == (void *)&autogroup )
+			return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_modrdn_entry <%s>\n", op->o_req_dn.bv_val );
+	ldap_pvt_thread_mutex_lock( &agi->agi_mutex );			
+
+	if ( overlay_entry_get_ov( op, &op->o_req_ndn, NULL, NULL, 0, &e, on ) !=
+		LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "autogroup_modrdn_entry cannot get entry for <%s>\n", op->o_req_dn.bv_val );
+		ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );
+		return SLAP_CB_CONTINUE;
+	}
+
+	odn = op->o_dn;
+	ondn = op->o_ndn;
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	/* Must check if a dn is modified */
+	for ( age = agi->agi_entry; age ; age = age->age_next ) {
+		autogroup_filter_t	*agf;
+		for ( agf = age->age_filter ; agf ; agf = agf->agf_next ) {
+			if ( agf->agf_anlist ) {
+				if ( dnIsSuffix( &op->o_req_ndn, &agf->agf_ndn ) ) {
+					int rc = test_filter( op, e, agf->agf_filter );
+					if ( rc == LDAP_COMPARE_TRUE ) {
+						age->age_modrdn_olddnmodified = 1;
+					}
+				}
+			}
+		}
+	}
+	op->o_dn = odn;
+	op->o_ndn = ondn;
+
+	overlay_entry_release_ov( op, e, 0, on );
+	ldap_pvt_thread_mutex_unlock( &agi->agi_mutex );			
+	return SLAP_CB_CONTINUE;
+}
+
+/* 
+** Builds a filter for searching for the 
+** group entries, according to the objectClass. 
+*/
+static int
+autogroup_build_def_filter( autogroup_def_t *agd, Operation *op )
+{
+	char	*ptr;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_build_def_filter\n" );
+
+	op->ors_filterstr.bv_len = STRLENOF( "(=)" ) 
+			+ slap_schema.si_ad_objectClass->ad_cname.bv_len
+			+ agd->agd_oc->soc_cname.bv_len;
+	ptr = op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+	*ptr++ = '(';
+	ptr = lutil_strcopy( ptr, slap_schema.si_ad_objectClass->ad_cname.bv_val );
+	*ptr++ = '=';
+	ptr = lutil_strcopy( ptr, agd->agd_oc->soc_cname.bv_val );
+	*ptr++ = ')';
+	*ptr = '\0';
+
+	op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
+
+	assert( op->ors_filterstr.bv_len == ptr - op->ors_filterstr.bv_val );
+
+	return 0;
+}
+
+enum {
+	AG_ATTRSET = 1,
+	AG_MEMBER_OF_AD,
+	AG_LAST
+};
+
+static ConfigDriver	ag_cfgen;
+
+static ConfigTable agcfg[] = {
+	{ "autogroup-attrset", "group-oc> <URL-ad> <member-ad",
+		4, 4, 0, ARG_MAGIC|AG_ATTRSET, ag_cfgen,
+		"( OLcfgCtAt:2.1 NAME ( 'olcAutoGroupAttrSet' 'olcAGattrSet' ) "
+			"DESC 'Automatic groups: <group objectClass>, <URL attributeDescription>, <member attributeDescription>' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"X-ORDERED 'VALUES' )",
+			NULL, NULL },
+	
+	{ "autogroup-memberof-ad", "memberOf attribute",
+		2, 2, 0, ARG_MAGIC|AG_MEMBER_OF_AD, ag_cfgen,
+		"( OLcfgCtAt:2.2 NAME ( 'olcAutoGroupMemberOfAd' 'olcAGmemberOfAd' ) "
+			"DESC 'memberOf attribute' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
+			NULL, NULL },
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs agocs[] = {
+	{ "( OLcfgCtOc:2.1 "
+		"NAME ( 'olcAutoGroupConfig' 'olcAutomaticGroups' ) "
+		"DESC 'Automatic groups configuration' "
+		"SUP olcOverlayConfig "
+		"MAY ( "
+			"olcAutoGroupAttrSet "
+			"$ olcAutoGroupMemberOfAd "
+		    ")"
+	  ")",
+		Cft_Overlay, agcfg, NULL, NULL },
+	{ NULL, 0, NULL }
+};
+
+
+static int
+ag_cfgen( ConfigArgs *c )
+{
+	slap_overinst		*on = (slap_overinst *)c->bi;
+	autogroup_info_t		*agi = (autogroup_info_t *)on->on_bi.bi_private;
+	autogroup_def_t		*agd;
+	autogroup_entry_t	*age;
+
+	int rc = 0, i;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_cfgen\n" );
+
+	if( agi == NULL ) {
+		agi = (autogroup_info_t*)ch_calloc( 1, sizeof(autogroup_info_t) );
+		ldap_pvt_thread_mutex_init( &agi->agi_mutex );
+		agi->agi_def = NULL;
+		agi->agi_entry = NULL;
+		on->on_bi.bi_private = (void *)agi;
+	}
+
+	agd = agi->agi_def;
+	age = agi->agi_entry;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+
+		switch( c->type ){
+		case AG_ATTRSET:
+			for ( i = 0 ; agd ; i++, agd = agd->agd_next ) {
+				struct berval	bv;
+				char		*ptr = c->cr_msg;
+	
+				assert(agd->agd_oc != NULL);
+				assert(agd->agd_member_url_ad != NULL);
+				assert(agd->agd_member_ad != NULL);
+	
+				ptr += snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					SLAP_X_ORDERED_FMT "%s %s %s", i,
+					agd->agd_oc->soc_cname.bv_val,
+					agd->agd_member_url_ad->ad_cname.bv_val,
+					agd->agd_member_ad->ad_cname.bv_val );
+	
+				bv.bv_val = c->cr_msg;
+				bv.bv_len = ptr - bv.bv_val;
+				value_add_one ( &c->rvalue_vals, &bv );
+	
+			}
+			break;
+
+		case AG_MEMBER_OF_AD:
+			if ( agi->agi_memberof_ad != NULL ){
+				value_add_one( &c->rvalue_vals, &agi->agi_memberof_ad->ad_cname );
+			}
+			break;
+
+		default:
+			assert( 0 );
+			return 1;
+      }
+
+		return rc;
+
+	}else if ( c->op == LDAP_MOD_DELETE ) {
+		if ( c->valx < 0) {
+			autogroup_def_t 		*agd_next;
+			autogroup_entry_t	*age_next;
+			autogroup_filter_t	*agf = age->age_filter,
+						*agf_next;
+
+			for ( agd_next = agd; agd_next; agd = agd_next ) {
+				agd_next = agd->agd_next;
+
+				ch_free( agd );
+			}
+
+			for ( age_next = age ; age_next ; age = age_next ) {
+				age_next = age->age_next;
+
+				ch_free( age->age_dn.bv_val );
+				ch_free( age->age_ndn.bv_val );
+
+				for( agf_next = agf ; agf_next ; agf = agf_next ){
+					agf_next = agf->agf_next;
+
+					filter_free( agf->agf_filter );
+					ch_free( agf->agf_filterstr.bv_val );
+					ch_free( agf->agf_dn.bv_val );
+					ch_free( agf->agf_ndn.bv_val );
+					anlist_free( agf->agf_anlist, 1, NULL );
+					ch_free( agf );
+				}
+
+				ldap_pvt_thread_mutex_init( &age->age_mutex );
+				ch_free( age );
+			}
+
+			ch_free( agi );
+			on->on_bi.bi_private = NULL;
+
+		} else {
+			autogroup_def_t		**agdp;
+			autogroup_entry_t	*age_next, *age_prev;
+			autogroup_filter_t	*agf,
+						*agf_next;
+
+			for ( i = 0, agdp = &agi->agi_def;
+				i < c->valx; i++ ) 
+			{
+				if ( *agdp == NULL) {
+					return 1;
+				}
+				agdp = &(*agdp)->agd_next;
+			}
+
+			agd = *agdp;
+			*agdp = agd->agd_next;
+
+			for ( age_next = age , age_prev = NULL ; age_next ; age_prev = age, age = age_next ) {
+				age_next = age->age_next;
+
+				if( age->age_def == agd ) {
+					agf = age->age_filter;
+
+					ch_free( age->age_dn.bv_val );
+					ch_free( age->age_ndn.bv_val );
+
+					for ( agf_next = agf; agf_next ; agf = agf_next ) {
+						agf_next = agf->agf_next;
+						filter_free( agf->agf_filter );
+						ch_free( agf->agf_filterstr.bv_val );
+						ch_free( agf->agf_dn.bv_val );
+						ch_free( agf->agf_ndn.bv_val );
+						anlist_free( agf->agf_anlist, 1, NULL );
+						ch_free( agf );
+					}
+
+					ldap_pvt_thread_mutex_destroy( &age->age_mutex );
+					ch_free( age );
+
+					age = age_prev;
+
+					if( age_prev != NULL ) {
+						age_prev->age_next = age_next;
+					}
+				}
+			}
+
+			ch_free( agd );
+			agd = agi->agi_def;
+
+		}
+
+		return rc;
+	}
+
+	switch(c->type){
+	case AG_ATTRSET: {
+		autogroup_def_t		**agdp,
+					*agd_next = NULL;
+		ObjectClass		*oc = NULL;
+		AttributeDescription	*member_url_ad = NULL,
+					*member_ad = NULL;
+		const char		*text;
+
+
+		oc = oc_find( c->argv[ 1 ] );
+		if( oc == NULL ){
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+				"unable to find ObjectClass \"%s\"",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+
+		rc = slap_str2ad( c->argv[ 2 ], &member_url_ad, &text );
+		if( rc != LDAP_SUCCESS ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+				"unable to find AttributeDescription \"%s\"",
+				c->argv[ 2 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		if( !is_at_subtype( member_url_ad->ad_type, slap_schema.si_ad_labeledURI->ad_type ) ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+				"AttributeDescription \"%s\" ",
+				"must be of a subtype \"labeledURI\"",
+				c->argv[ 2 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		rc = slap_str2ad( c->argv[3], &member_ad, &text );
+		if( rc != LDAP_SUCCESS ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+				"unable to find AttributeDescription \"%s\"",
+				c->argv[ 3 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		for ( agdp = &agi->agi_def ; *agdp ; agdp = &(*agdp)->agd_next ) {
+			/* The same URL attribute / member attribute pair
+			* cannot be repeated */
+
+			if ( (*agdp)->agd_member_url_ad == member_url_ad && (*agdp)->agd_member_ad == member_ad ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+					"URL attributeDescription \"%s\" already mapped",
+					member_ad->ad_cname.bv_val );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+					c->log, c->cr_msg );
+/*				return 1; //warning*/
+			}
+		}
+
+		if ( c->valx >= 0 ) {
+			int	i;
+
+			for ( i = 0, agdp = &agi->agi_def ;
+				i < c->valx; i++ )
+			{
+				if ( *agdp == NULL ) {
+					snprintf( c->cr_msg, sizeof( c->cr_msg ),
+						"\"autogroup-attrset <oc> <URL-ad> <member-ad>\": "
+						"invalid index {%d}",
+						c->valx );
+					Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+						c->log, c->cr_msg );
+
+					return 1;
+				}
+				agdp = &(*agdp)->agd_next;
+			}
+			agd_next = *agdp;
+
+		} else {
+			for ( agdp = &agi->agi_def; *agdp;
+				agdp = &(*agdp)->agd_next )
+				/* goto last */;
+		}
+
+		*agdp = (autogroup_def_t *)ch_calloc( 1, sizeof(autogroup_info_t));
+
+		(*agdp)->agd_oc = oc;
+		(*agdp)->agd_member_url_ad = member_url_ad;
+		(*agdp)->agd_member_ad = member_ad;
+		(*agdp)->agd_next = agd_next;
+
+		} break;
+	
+	case AG_MEMBER_OF_AD: {
+		AttributeDescription *memberof_ad = NULL;
+		const char     *text;
+
+		rc = slap_str2ad( c->argv[ 1 ], &memberof_ad, &text );
+		if( rc != LDAP_SUCCESS ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"\"autogroup-memberof-ad <memberof-ad>\": "
+				"unable to find AttributeDescription \"%s\"",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		if ( !is_at_syntax( memberof_ad->ad_type, SLAPD_DN_SYNTAX )    /* e.g. "member" */
+		     && !is_at_syntax( memberof_ad->ad_type, SLAPD_NAMEUID_SYNTAX ) )  /* e.g. "uniqueMember" */
+		{
+			snprintf( c->cr_msg, sizeof( c->cr_msg ),
+				"memberof attribute=\"%s\" must either "
+				"have DN (%s) or nameUID (%s) syntax",
+				c->argv[ 1 ], SLAPD_DN_SYNTAX, SLAPD_NAMEUID_SYNTAX );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		agi->agi_memberof_ad = memberof_ad;
+
+		} break;
+
+	default:
+		rc = 1;
+		break;
+	}
+
+	return rc;
+}
+
+extern int slapMode;
+
+/* 
+** Do a search for all the groups in the
+** database, and add them to out internal list.
+*/
+static int
+autogroup_db_open(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst			*on = (slap_overinst *) be->bd_info;
+	autogroup_info_t		*agi = on->on_bi.bi_private;
+	autogroup_def_t		*agd;
+	autogroup_sc_t		ags;
+	Operation		*op;
+	slap_callback		cb = { 0 };
+
+	void				*thrctx = ldap_pvt_thread_pool_context();
+	Connection			conn = { 0 };
+	OperationBuffer 	opbuf;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_open\n" );
+
+	if ( agi == NULL || !( slapMode & SLAP_SERVER_MODE )) {
+		return 0;
+	}
+
+	connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+	op = &opbuf.ob_op;
+
+	op->ors_attrsonly = 0;
+	op->o_tag = LDAP_REQ_SEARCH;
+	op->o_dn = be->be_rootdn;
+	op->o_ndn = be->be_rootndn;
+
+	op->o_req_dn = be->be_suffix[0];
+	op->o_req_ndn = be->be_nsuffix[0];
+
+	op->ors_scope = LDAP_SCOPE_SUBTREE;
+	op->ors_deref = LDAP_DEREF_NEVER;
+	op->ors_limit = NULL;
+	op->ors_tlimit = SLAP_NO_LIMIT;
+	op->ors_slimit = SLAP_NO_LIMIT;
+	op->ors_attrs =  slap_anlist_no_attrs;
+	op->o_do_not_cache = 1;
+
+	op->o_bd = be;
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+
+	ags.ags_info = agi;
+	cb.sc_private = &ags;
+	cb.sc_response = autogroup_group_add_cb;
+	cb.sc_cleanup = NULL;
+	cb.sc_next = NULL;
+
+	op->o_callback = &cb;
+
+	for (agd = agi->agi_def ; agd ; agd = agd->agd_next) {
+		SlapReply	rs = { REP_RESULT };
+
+		autogroup_build_def_filter(agd, op);
+
+		ags.ags_def = agd;
+
+		op->o_bd->be_search( op, &rs );
+
+		filter_free_x( op, op->ors_filter, 1 );
+		op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	}		
+
+	if( ! agi->agi_memberof_ad ){
+		int			rc;
+		const char		*text = NULL;
+		
+		rc = slap_str2ad( SLAPD_MEMBEROF_ATTR, &agi->agi_memberof_ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "autogroup_db_open: "
+			"unable to find attribute=\"%s\": %s (%d)\n",
+			SLAPD_MEMBEROF_ATTR, text, rc );
+			return rc;
+		}
+	}
+
+	return 0;
+}
+
+static int
+autogroup_db_close(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst			*on = (slap_overinst *) be->bd_info;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_close\n" );
+
+	if ( on->on_bi.bi_private ) {
+		autogroup_info_t		*agi = on->on_bi.bi_private;
+		autogroup_entry_t	*age = agi->agi_entry,
+					*age_next;
+		autogroup_filter_t	*agf, *agf_next;
+
+		for ( age_next = age; age_next; age = age_next ) {
+			age_next = age->age_next;
+
+			ch_free( age->age_dn.bv_val );
+			ch_free( age->age_ndn.bv_val );
+
+			agf = age->age_filter;
+
+			for ( agf_next = agf; agf_next; agf = agf_next ) {
+				agf_next = agf->agf_next;
+
+				filter_free( agf->agf_filter );
+				ch_free( agf->agf_filterstr.bv_val );
+				ch_free( agf->agf_dn.bv_val );
+				ch_free( agf->agf_ndn.bv_val );	
+				anlist_free( agf->agf_anlist, 1, NULL );
+				ch_free( agf );
+			}
+
+			ldap_pvt_thread_mutex_destroy( &age->age_mutex );
+			ch_free( age );
+		}
+	}
+
+	return 0;
+}
+
+static int
+autogroup_db_destroy(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst			*on = (slap_overinst *) be->bd_info;
+
+	Debug( LDAP_DEBUG_TRACE, "==> autogroup_db_destroy\n" );
+
+	if ( on->on_bi.bi_private ) {
+		autogroup_info_t		*agi = on->on_bi.bi_private;
+		autogroup_def_t		*agd = agi->agi_def,
+					*agd_next;
+
+		for ( agd_next = agd; agd_next; agd = agd_next ) {
+			agd_next = agd->agd_next;
+
+			ch_free( agd );
+		}
+
+		ldap_pvt_thread_mutex_destroy( &agi->agi_mutex );
+		ch_free( agi );
+	}
+
+	return 0;
+}
+
+static
+int
+autogroup_initialize(void)
+{
+	int		rc = 0;
+	autogroup.on_bi.bi_type = "autogroup";
+
+	autogroup.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	autogroup.on_bi.bi_db_open = autogroup_db_open;
+	autogroup.on_bi.bi_db_close = autogroup_db_close;
+	autogroup.on_bi.bi_db_destroy = autogroup_db_destroy;
+
+	autogroup.on_bi.bi_op_add = autogroup_add_entry;
+	autogroup.on_bi.bi_op_delete = autogroup_delete_entry;
+	autogroup.on_bi.bi_op_modify = autogroup_modify_entry;
+	autogroup.on_bi.bi_op_modrdn = autogroup_modrdn_entry;
+
+	autogroup.on_response = autogroup_response;
+
+	autogroup.on_bi.bi_cf_ocs = agocs;
+
+	rc = config_register_schema( agcfg, agocs );
+	if ( rc ) {
+		return rc;
+	}
+
+	return overlay_register( &autogroup );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return autogroup_initialize();
+}
diff --git a/contrib/slapd-modules/autogroup/slapo-autogroup.5 b/contrib/slapd-modules/autogroup/slapo-autogroup.5
new file mode 100644
index 0000000..4c6414d
--- /dev/null
+++ b/contrib/slapd-modules/autogroup/slapo-autogroup.5
@@ -0,0 +1,116 @@
+.TH SLAPO-AUTOGROUP 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Portions Copyright \[u00A9] 2007 Michał Szulczyński.
+.\" Copying restrictions apply.  See the COPYRIGHT file.
+.\" $OpenLDAP$
+.SH NAME
+\FCslapo-autogroup\FT \- automatic updates of group memberships which meet the
+requirements of any filter contained in the group definition.
+.SH SYNOPSIS
+In \FCslapd.conf\FT:
+ ...
+ \FCinclude ETCDIR/schema/dyngroup.schema\FT
+ ...
+ \FCmoduleload autogroup.so\FT
+ ...
+ \FCdatabase\FT ...
+ ...
+ \FCoverlay autogroup\FT
+ \FCautogroup-attrset groupOfURLs memberURL member\FT
+.SH DESCRIPTION
+The
+.B autogroup
+overlay to
+.BR slapd (8)
+allows automated updates of group memberships which meet the requirements
+of any filter contained in the group definition. The filters are built from
+LDAP URI-valued attributes. Any time an object is added/deleted/updated, it is
+tested for compliance with the filters, and its membership is accordingly
+updated. For searches and compares, it behaves like a static group.
+If the attribute part of the URI is filled, the group entry is populated by
+the values of this attribute in the entries resulting from the search.
+.SH CONFIGURATION
+Either
+.BR \FCslapd.conf\FT (5)
+or the \FCcn=config\FT methodology of
+.BR \FCslapd-config\FT (5)
+may be used for configuring autogroup.  Both syntaxes are provided
+here for convenience:
+.TP
+.B \FCautogroup-attrset\FT <group-oc> <URL-ad> <member-ad>
+.TP
+.B \FColcAutoGroupAttrSet:\FT <group-oc> <URL-ad> <member-ad>
+This defines the objectclass-attribute-URI mappings defining the
+automatically managed groups, and may appear multiple times.
+
+The value <group-oc> is the name of the objectClass that represents
+the group.
+
+The value <URL-ad> is the name of the attributeDescription that
+contains the URI that is converted to the filters. If no URI is
+present, there will be no members in that group. It must be a subtype
+of labeledURI.
+
+The value <member-ad> is the name of the attributeDescription that
+specifies the member attribute. User modification of this attribute is
+disabled for consistency.
+.TP
+.B \FCautogroup-memberof-ad\FT <memberof-ad>
+.TP
+.B \FColcAutoGroupMemberOfAd\FT <memberof-ad>
+This defines the attribute that is used by the memberOf overlay to
+store the names of groups that an entry is member of; it must be
+DN-valued. It should be set to the same value as
+memberof-memberof-ad. It defaults to 'memberOf'.
+.SH EXAMPLES
+As above in SYNOPSIS, or with memberof:
+
+ ...
+ \FCinclude ETCDIR/schema/dyngroup.schema\FT
+ \FCinclude ETCDIR/schema/memberof.schema\FT
+ ...
+ \FCmoduleload autogroup.so\FT
+ \FCmoduleload memberof.so\FT
+ ...
+ \FCdatabase\FT ...
+ ...
+ \FCoverlay memberof\FT
+ \FCmemberof-memberof-ad\FT foo
+ ...
+ \FCoverlay autogroup\FT
+ \FCautogroup-attrset groupOfURLs memberURL member\FT
+ \FCautogroup-memberof-ad\FT foo
+.SH CAVEATS
+As with static groups, update operations on groups with a large number
+of members may be slow. If the attribute part of the URI is specified,
+modify and delete operations are more difficult to handle. In these
+cases the overlay will try to detect if groups have been modified and
+then simply refresh them. This can cause performance hits if the
+search specified by the URI deals with a significant number of
+entries.
+.SH BACKWARD COMPATIBILITY
+The autogroup overlay has been reworked with the 2.5 release to use
+a consistent namespace as with other overlays. As a side-effect the
+following cn=config parameters are deprecated and will be removed in
+a future release:
+.IP \[bu] 2
+.B olcAGattrSet
+is replaced with olcAutoGroupAttrSet
+.IP \[bu]
+.B olcAGmemberOfAd
+is replaced with olcAutoGroupMemberOfAd
+.IP \[bu]
+.B olcAutomaticGroups
+is replaced with olcAutoGroupConfig
+.SH ACKNOWLEDGEMENTS
+This module was originally written in 2007 by Michał
+Szulczyński.  Further enhancements were contributed by Howard
+Chu, Raphael Ouazana, Norbert Pueschel, and Christian Manal.  Manpage
+updates provided by Emily Backes.
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+.SH Copyrights
+Copyright 1998-2022 The OpenLDAP Foundation.
+Portions Copyright \[u00A9] 2007 Michał Szulczyński.
+All rights reserved.
diff --git a/contrib/slapd-modules/cloak/Makefile b/contrib/slapd-modules/cloak/Makefile
new file mode 100644
index 0000000..c54e6b1
--- /dev/null
+++ b/contrib/slapd-modules/cloak/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_CLOAK=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = cloak.la
+MANPAGES = slapo-cloak.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+cloak.la: cloak.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/cloak/cloak.c b/contrib/slapd-modules/cloak/cloak.c
new file mode 100644
index 0000000..ced7a80
--- /dev/null
+++ b/contrib/slapd-modules/cloak/cloak.c
@@ -0,0 +1,354 @@
+/* cloak.c - Overlay to hide some attribute except if explicitly requested */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Emmanuel Dreyfus
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the Emmanuel Dreyfus for
+ * inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_CLOAK
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "lutil.h"
+#include "slap.h"
+#include "slap-config.h"
+
+enum { CLOAK_ATTR = 1 };
+
+typedef struct cloak_info_t {
+	ObjectClass 		*ci_oc;	
+	AttributeDescription	*ci_ad;
+	struct cloak_info_t	*ci_next;
+} cloak_info_t;
+
+#define CLOAK_USAGE "\"cloak-attr <attr> [<class>]\": "
+
+static int
+cloak_cfgen( ConfigArgs *c )
+{
+	slap_overinst	*on = (slap_overinst *)c->bi;
+	cloak_info_t	*ci = (cloak_info_t *)on->on_bi.bi_private;
+
+	int		rc = 0, i;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch( c->type ) {
+		case CLOAK_ATTR:
+			for ( i = 0; ci; i++, ci = ci->ci_next ) {
+				struct berval	bv;
+				int len;
+
+				assert( ci->ci_ad != NULL );
+
+				if ( ci->ci_oc != NULL )
+					len = snprintf( c->cr_msg, 
+					sizeof( c->cr_msg ),
+					SLAP_X_ORDERED_FMT "%s %s", i,
+					ci->ci_ad->ad_cname.bv_val,
+					ci->ci_oc->soc_cname.bv_val );
+				else
+					len = snprintf( c->cr_msg, 
+					sizeof( c->cr_msg ),
+					SLAP_X_ORDERED_FMT "%s", i,
+					ci->ci_ad->ad_cname.bv_val );
+
+				bv.bv_val = c->cr_msg;
+				bv.bv_len = len;
+				value_add_one( &c->rvalue_vals, &bv );
+			}
+			break;
+
+		default:
+			rc = 1;
+			break;
+		}
+
+		return rc;
+
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		cloak_info_t	*ci_next;
+
+		switch( c->type ) {
+		case CLOAK_ATTR:
+			for ( ci_next = ci, i = 0; 
+			      ci_next, c->valx < 0 || i < c->valx; 
+			      ci = ci_next, i++ ){
+
+				ci_next = ci->ci_next;
+
+				ch_free ( ci->ci_ad );
+				if ( ci->ci_oc != NULL )
+					ch_free ( ci->ci_oc );
+
+				ch_free( ci );
+			}
+			ci = (cloak_info_t *)on->on_bi.bi_private;
+			break;
+
+		default:
+			rc = 1;
+			break;
+		}
+
+		return rc;
+	}
+
+	switch( c->type ) {
+	case CLOAK_ATTR: {
+		ObjectClass		*oc = NULL;
+		AttributeDescription	*ad = NULL;
+		const char		*text;
+		cloak_info_t 	       **cip = NULL;
+		cloak_info_t 	        *ci_next = NULL;
+
+		if ( c->argc == 3 ) {
+			oc = oc_find( c->argv[ 2 ] );
+			if ( oc == NULL ) {
+				snprintf( c->cr_msg, 
+					  sizeof( c->cr_msg ), 
+					  CLOAK_USAGE
+					  "unable to find ObjectClass \"%s\"",
+					  c->argv[ 2 ] );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				       c->log, c->cr_msg );
+				return 1;
+			}
+		}
+
+		rc = slap_str2ad( c->argv[ 1 ], &ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			snprintf( c->cr_msg, sizeof( c->cr_msg ), CLOAK_USAGE
+				"unable to find AttributeDescription \"%s\"",
+				c->argv[ 1 ] );
+			Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+				c->log, c->cr_msg );
+			return 1;
+		}
+
+		for ( i = 0, cip = (cloak_info_t **)&on->on_bi.bi_private;
+		      c->valx < 0 || i < c->valx, *cip;
+		      i++, cip = &(*cip)->ci_next ) {
+			if ( c->valx >= 0 && *cip == NULL ) {
+				snprintf( c->cr_msg, sizeof( c->cr_msg ),
+					CLOAK_USAGE
+					"invalid index {%d}\n",
+					c->valx );
+				Debug( LDAP_DEBUG_ANY, "%s: %s.\n",
+					c->log, c->cr_msg );
+				return 1;
+			}
+			ci_next = *cip;
+		}
+
+		*cip = (cloak_info_t *)SLAP_CALLOC( 1, sizeof( cloak_info_t ) );
+		(*cip)->ci_oc = oc;
+		(*cip)->ci_ad = ad;
+		(*cip)->ci_next = ci_next;
+
+		rc = 0;
+		break;
+	}
+
+	default:
+		rc = 1;
+		break;
+	}
+
+	return rc;
+}
+
+static int
+cloak_search_response_cb( Operation *op, SlapReply *rs )
+{
+	slap_callback   *sc;
+	cloak_info_t	*ci;
+	Entry		*e = NULL;
+	Entry		*me = NULL;
+
+	assert( op && op->o_callback && rs );
+
+	if ( rs->sr_type != REP_SEARCH || !rs->sr_entry ) {
+		return ( SLAP_CB_CONTINUE );
+	}
+
+	sc = op->o_callback;
+	e = rs->sr_entry;
+
+	/* 
+	 * First perform a quick scan for an attribute to cloak
+	 */
+	for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
+		Attribute *a;
+
+		if ( ci->ci_oc != NULL &&
+		     !is_entry_objectclass_or_sub( e, ci->ci_oc ) )
+			continue;
+
+		for ( a = e->e_attrs; a; a = a->a_next )
+			if ( a->a_desc == ci->ci_ad )
+				break;
+
+		if ( a != NULL )
+			break;
+	}
+
+	/*
+	 * Nothing found to cloak
+	 */
+	if ( ci == NULL )
+		return ( SLAP_CB_CONTINUE );
+
+	/*
+	 * We are now committed to cloak an attribute.
+	 */
+	rs_entry2modifiable( op, rs, (slap_overinst *) op->o_bd->bd_info );
+	me = rs->sr_entry;
+		
+	for ( ci = (cloak_info_t *)sc->sc_private; ci; ci = ci->ci_next ) {
+		Attribute *a;
+		Attribute *pa;
+
+		for ( pa = NULL, a = me->e_attrs;
+		      a; 
+		      pa = a, a = a->a_next ) {
+
+			if ( a->a_desc != ci->ci_ad )
+				continue;
+
+			Debug( LDAP_DEBUG_TRACE, "cloak_search_response_cb: cloak %s\n", 
+			       a->a_desc->ad_cname.bv_val );
+
+			if ( pa != NULL ) 
+				pa->a_next = a->a_next;
+			else
+				me->e_attrs = a->a_next;
+
+			attr_clean( a );
+		}
+
+	}
+
+	return ( SLAP_CB_CONTINUE );
+}
+
+static int
+cloak_search_cleanup_cb( Operation *op, SlapReply *rs )
+{
+	if ( rs->sr_type == REP_RESULT || rs->sr_err != LDAP_SUCCESS ) {
+		slap_freeself_cb( op, rs );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+cloak_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst   *on = (slap_overinst *)op->o_bd->bd_info;
+	cloak_info_t    *ci = (cloak_info_t *)on->on_bi.bi_private; 
+	slap_callback	*sc;
+
+	if ( op->ors_attrsonly ||
+	     op->ors_attrs ||
+	     get_manageDSAit( op ) )
+		return SLAP_CB_CONTINUE;
+
+	sc = op->o_tmpcalloc( 1, sizeof( *sc ), op->o_tmpmemctx );
+	sc->sc_response = cloak_search_response_cb;
+	sc->sc_cleanup = cloak_search_cleanup_cb;
+	sc->sc_next = op->o_callback;
+	sc->sc_private = ci;
+	op->o_callback = sc;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst cloak_ovl;
+
+static ConfigTable cloakcfg[] = {
+	{ "cloak-attr", "attribute [class]",
+		2, 3, 0, ARG_MAGIC|CLOAK_ATTR, cloak_cfgen,
+		"( OLcfgCtAt:4.1 NAME 'olcCloakAttribute' "
+			"DESC 'Cloaked attribute: attribute [class]' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"X-ORDERED 'VALUES' )",
+			NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static int
+cloak_db_destroy(
+	BackendDB *be,
+	ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	cloak_info_t	*ci = (cloak_info_t *)on->on_bi.bi_private;
+
+	for ( ; ci; ) {
+		cloak_info_t *tmp = ci;
+		ci = ci->ci_next;
+		SLAP_FREE( tmp );
+	}
+
+	on->on_bi.bi_private = NULL;
+
+	return 0;
+}
+
+static ConfigOCs cloakocs[] = {
+	{ "( OLcfgCtOc:4.1 "
+	  "NAME 'olcCloakConfig' "
+	  "DESC 'Attribute cloak configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcCloakAttribute ) )", 
+	  Cft_Overlay, cloakcfg },
+	{ NULL, 0, NULL }
+};
+
+#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
+static
+#endif
+int
+cloak_initialize( void ) {
+	int rc;
+	cloak_ovl.on_bi.bi_type = "cloak";
+	cloak_ovl.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	cloak_ovl.on_bi.bi_db_destroy = cloak_db_destroy;
+	cloak_ovl.on_bi.bi_op_search = cloak_search;
+        cloak_ovl.on_bi.bi_cf_ocs = cloakocs;
+
+	rc = config_register_schema ( cloakcfg, cloakocs );
+	if ( rc ) 
+		return rc;
+
+	return overlay_register( &cloak_ovl );
+}
+
+#if SLAPD_OVER_CLOAK == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return cloak_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_CLOAK) */
+
diff --git a/contrib/slapd-modules/cloak/slapo-cloak.5 b/contrib/slapd-modules/cloak/slapo-cloak.5
new file mode 100644
index 0000000..2655d2e
--- /dev/null
+++ b/contrib/slapd-modules/cloak/slapo-cloak.5
@@ -0,0 +1,82 @@
+.TH SLAPO-CLOAK 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2022 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply.  See the COPYRIGHT file.
+.\" $OpenLDAP$
+.SH NAME
+slapo-cloak \- Attribute cloak overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B cloak
+overlay to
+.BR slapd (8)
+allows the server to hide specific attributes, unless explicitly requested
+by the client. This improve performance when a client requests all attributes
+and get a huge binary attribute that is of no interest for it.
+This behavior is disabled when the \fImanageDSAit\fP
+control (RFC 3296) is used.
+
+.SH CONFIGURATION
+The config directives that are specific to the
+.B cloak
+overlay must be prefixed by
+.BR cloak\- ,
+to avoid potential conflicts with directives specific to the underlying 
+database or to other stacked overlays.
+
+.TP
+.B overlay cloak
+This directive adds the cloak overlay to the current database,
+or to the frontend, if used before any database instantiation; see
+.BR slapd.conf (5)
+for details.
+
+.LP
+This
+.B slapd.conf
+configuration option is defined for the cloak overlay. It may have multiple 
+occurrences, and it must appear after the
+.B overlay
+directive:
+.TP
+.B cloak-attr <attribute> [<class>]
+The value 
+.B <attribute>
+is the name of the attribute that will be cloaked.
+
+The optional
+.B <class>
+restricts cloaking only to entries of the named 
+.B <class>.
+
+.SH EXAMPLE
+This example hide the
+.B jpegPhoto
+attribute. Add the following to slapd.conf:
+
+.LP
+.nf
+    database <database>
+    # ...
+
+    overlay cloak
+    cloak-attr jpegPhoto
+.fi
+.LP
+and that slapd loads cloak.la, if compiled as a run-time module;
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+The
+.BR slapo-cloak (5)
+overlay supports dynamic configuration via
+.BR back-config .
+.SH ACKNOWLEDGEMENTS
+.P
+This module was originally written in 2008 by Emmanuel Dreyfus.
diff --git a/contrib/slapd-modules/comp_match/Makefile b/contrib/slapd-modules/comp_match/Makefile
new file mode 100644
index 0000000..9b78c5c
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/Makefile
@@ -0,0 +1,69 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 2003-2022 The OpenLDAP Foundation.
+# Portions Copyright 2004 by IBM Corporation.
+# All rights reserved.
+
+# Copyright 2004 Sang Seok Lim, IBM Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+SNACC_DIR = ../$(LDAP_SRC)/snacc
+SNACC_INC = -I$(SNACC_DIR) -I$(SNACC_DIR)/c-lib/inc
+SNACC_LIB = $(SNACC_DIR)/c-lib/libcasn1.a
+
+SSL_DIR = /usr/local
+SSL_INC = -I$(SSL_DIR)/include/openssl
+SSL_LIB = -lcrypto -L$(SSL_DIR)/lib
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DLDAP_COMPONENT
+INCS = $(LDAP_INC) $(SNACC_INC) $(SSL_INC)
+LIBS = $(LDAP_LIB) $(SNACC_LIB) $(SSL_LIB)
+
+PROGRAMS = compmatch.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+compmatch.la: componentlib.lo init.lo certificate.lo asn_to_syn_mr.lo authorityKeyIdentifier.lo crl.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/comp_match/README b/contrib/slapd-modules/comp_match/README
new file mode 100644
index 0000000..133757c
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/README
@@ -0,0 +1,127 @@
+Copyright 2004 Sang Seok Lim, IBM . All rights reserved.
+
+Redistribution and use in source and binary forms, with
+or without modification, are permitted only as authorized
+by the OpenLDAP Public License.
+
+A copy of this license is available in the file LICENSE in
+the top-level directory of the distribution or, alternatively,
+at <http://www.OpenLDAP.org/license.html>.
+
+This directory contains a Component Matching module and
+a X.509 Certificate example.  In order to understand Component
+Matching, see RFC 3687 and
+http://www.openldap.org/conf/odd-sandiego-2004/Sangseok.pdf
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+A) Brief introduction about files in this directory
+%%%%%%%%%%55%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) init.c
+module_init() and functions which are dynamically linked
+into the main slapd codes.
+
+2) componentlib.c and componentlib.h
+GSER and BER decoder library of each primitive ASN.1 type.
+They use component representation to store ASN.1 values.
+
+3) certificate.c/.h authorityKeyIdentifier.c/.h
+eSNACC generated BER and GSER decoder routines of the X.509
+certificate specification and one of its extensions,
+authorityKeyIdentifier.
+
+4) asn_to_syn_mr.c asn.h
+An mapping table from ASN.1 types to corresponding Syntaxes,
+matching rules, and component description in slapd.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+B) How to use Component Matching on X.509 certificates
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) be sure to configure slapd with enable-modules on.
+2) install the GSER-support eSNACC compiler. You can find
+only in www.openldap.org. At least, you need the library
+(libcasn1.a) and header files for compiling this module.
+3) modify Makefile accordingly. then run make.
+you will get compmatch.la and other necessary files in ./libs
+4) modify slapd.conf to include the following module command
+	moduleload <path to>compmatch.la
+5) run slapd and perform search operations against
+the attribute, userCertificate. You need to read through
+RFC 3687 in order to understand how to compose component
+filters.
+Ex) component search filter examples
+"(userCertificate:componentFilterMatch:=item:{ component
+\"toBeSigned.serialNumber\", rule integerMatch, value 2 })"
+You can find more examples in "test031-component-filter"
+in the OpenLDAP source directory.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+C) How to add a new ASN.1 syntax
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+1) download and install the eSNACC compiler supporting
+Component Matching. You can find the compiler only in
+www.openldap.org.  Before compiling, be sure to define
+the "LDAP_COMPONENT" macro to obtain component
+supported version of C library and back-ends of eSNACC.
+Otherwise compiled library will fail to be linked to
+the module.
+2) using eSNACC, compile your ASN.1 specifications and
+copy the generated .c and .h files to this directory
+Ex)
+$ esnacc -E BER_COMP -E GSER -t -d -f example.asn 
+For Component Matching, set BOTH BER_COMP and GSER on.
+After compiling, you will get example.c and example.h
+3) modify example.c accordingly, seeing certificate.c
+and certificate.asn as a reference.
+- add init_module_xxx() located in generated .c file
+into init_module() in init.c.
+- modify the arguments of InstallOidDecoderMapping(...)
+accordingly
+- in the generated .c file, you need to write
+"DecComponentxxxTop(...)" function for yourself.
+You can copy BDecComponentCertificateTop in the 
+generated .c file and modify it accordingly.
+4) register a new attribute syntax with a new OID
+in a schema file
+5) then goto 3) of B) section.
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+D) How to configure Component Indexing
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+You can generate indices on each component of
+a given attribute whose values are in either GSER or
+BER. Currently primitive ASN.1 types, DN, and RDN
+can be indexed for equality matching in BDB.
+In order to generate indices, put following line
+in the slapd configuration file, slapd.conf.
+
+index [attribute name].[component reference] eq
+
+Ex)
+index userCertificate eq
+index userCertificate.toBeSigned.issuer.rdnSequence eq
+index userCertificate.toBeSigned.serialNumber eq
+index userCertificate.toBeSigned.version eq
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+D) How to configure Attribute Alias
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+If your client is unable to use component filters,
+attribute aliasing can be used instead. Attribute
+Alias maps a virtual attribute type to an attribute
+component and a component matching rule.
+You can create your own aliases by following steps.
+
+1) register aliasing attributes in the schema file.
+Sample aliasing attributes are in test.schema.
+2) compose component filters for aliasing attributes
+and put them in "preprocessed_comp_filter" array
+in "init.c".
+3) add "add_aa_entry" function calls in
+"init_attribute_aliasing_table()" in "init.c"
+4) perform searching against the aliasing attribute
+Ex)
+"(x509CertificateIssuer:distinguishedNameMatch=
+cn=ray,L=yorktown,o=ibm,c=us)"
diff --git a/contrib/slapd-modules/comp_match/asn.h b/contrib/slapd-modules/comp_match/asn.h
new file mode 100644
index 0000000..a7d5b16
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/asn.h
@@ -0,0 +1,57 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18	03:20:00	slim@OpenLDAP.org
+ */
+#ifndef _H_ASN_MODULE
+#define _H_ASN_MODULE
+
+typedef enum { BER, GSER } EncRulesType;
+
+typedef enum AsnTypeId {
+	BASICTYPE_BOOLEAN = 0,
+	BASICTYPE_INTEGER, 
+	BASICTYPE_BITSTRING,
+	BASICTYPE_OCTETSTRING,
+	BASICTYPE_NULL,
+	BASICTYPE_OID,
+	BASICTYPE_REAL,
+	BASICTYPE_ENUMERATED,
+	BASICTYPE_NUMERIC_STR,
+	BASICTYPE_PRINTABLE_STR,
+	BASICTYPE_UNIVERSAL_STR,
+	BASICTYPE_IA5_STR,
+	BASICTYPE_BMP_STR,
+	BASICTYPE_UTF8_STR,
+	BASICTYPE_UTCTIME,
+	BASICTYPE_GENERALIZEDTIME,
+	BASICTYPE_GRAPHIC_STR,
+	BASICTYPE_VISIBLE_STR,
+	BASICTYPE_GENERAL_STR,
+	BASICTYPE_OBJECTDESCRIPTOR,
+	BASICTYPE_VIDEOTEX_STR,
+	BASICTYPE_T61_STR,
+	BASICTYPE_OCTETCONTAINING,
+	BASICTYPE_BITCONTAINING,
+	BASICTYPE_RELATIVE_OID,	/* 25 */
+	BASICTYPE_ANY,
+	/* Embedded Composite Types*/
+	COMPOSITE_ASN1_TYPE,
+	/* A New ASN.1 types including type reference */
+	RDNSequence,
+	RelativeDistinguishedName,
+	TelephoneNumber,
+	FacsimileTelephoneNumber__telephoneNumber,
+	DirectoryString,
+	/* Newly Defined ASN.1 Type, Manually registered */
+	ASN_COMP_CERTIFICATE,
+	/* ASN.1 Type End */
+	ASNTYPE_END
+} AsnTypeId;
+
+#endif
diff --git a/contrib/slapd-modules/comp_match/asn_to_syn_mr.c b/contrib/slapd-modules/comp_match/asn_to_syn_mr.c
new file mode 100644
index 0000000..9c3f7e7
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/asn_to_syn_mr.c
@@ -0,0 +1,282 @@
+#include <component.h>
+#include "asn.h"
+#include "componentlib.h"
+#include "certificate.h"
+
+AsnTypetoMatchingRuleTable directory_component_matching_table[] = {
+	"1.2.36.79672281.1.13.7",
+{
+	{ BASICTYPE_BOOLEAN,NULL,"1.3.6.1.4.1.1466.115.121.1.7", NULL },
+        { BASICTYPE_INTEGER,NULL ,"1.3.6.1.4.1.1466.115.121.1.27", NULL },
+        { BASICTYPE_BITSTRING,NULL ,"1.3.6.1.4.1.1466.115.121.1.6", NULL },
+        { BASICTYPE_OCTETSTRING,NULL , "1.3.6.1.4.1.1466.115.121.1.40", NULL },
+        { BASICTYPE_NULL,NULL , NULL, NULL },
+        { BASICTYPE_OID,NULL ,"1.3.6.1.4.1.1466.115.121.1.38", NULL },
+        { BASICTYPE_REAL,NULL , NULL, NULL },
+        { BASICTYPE_ENUMERATED,NULL , NULL, NULL },
+        { BASICTYPE_NUMERIC_STR, "numericStringMatch", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
+        { BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
+        { BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch" , NULL, NULL },
+        { BASICTYPE_IA5_STR, "caseIgnoreMatch", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
+        { BASICTYPE_BMP_STR, "caseIgnoreMatch" , NULL, NULL },
+        { BASICTYPE_UTF8_STR, "caseIgnoreMatch" , NULL, NULL },
+        { BASICTYPE_UTCTIME, "uTCTimeMatch" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
+        { BASICTYPE_GENERALIZEDTIME, "generalizedTimeMatch" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
+        { BASICTYPE_GRAPHIC_STR, "caseIgnoreMatch", NULL, NULL },
+        { BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", NULL, NULL },
+        { BASICTYPE_GENERAL_STR, "caseIgnoreMatch", NULL, NULL },
+        { BASICTYPE_OBJECTDESCRIPTOR, NULL , NULL, NULL },
+        { BASICTYPE_VIDEOTEX_STR, "caseIgnoreMatch", NULL, NULL },
+        { BASICTYPE_T61_STR, "caseIgnoreMatch", NULL, NULL },
+        { BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
+        { BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
+        { BASICTYPE_RELATIVE_OID, NULL, "1.2.36.79672281.1.5.0", NULL },
+        { RDNSequence, "distinguishedNameMatch" , NULL, NULL },
+        { RelativeDistinguishedName, NULL , NULL, NULL },
+        { TelephoneNumber, "telephoneNumberMatch" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
+        { FacsimileTelephoneNumber__telephoneNumber, "telephoneNumberMatch","1.3.6.1.4.1.1466.115.121.1.22", NULL },
+        { DirectoryString, "caseIgnoreMatch" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
+        { ASN_COMP_CERTIFICATE, NULL , "1.2.36.79672281.1.5.2" , NULL },
+        { ASNTYPE_END , NULL , NULL, NULL }
+},
+	NULL
+}; 
+
+AsnTypetoSyntax asn_to_syntax_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN,"Boolean","1.3.6.1.4.1.1466.115.121.1.7", NULL },
+{ BASICTYPE_INTEGER,"Integer","1.3.6.1.4.1.1466.115.121.1.27", NULL },
+{ BASICTYPE_BITSTRING,"Bit String","1.3.6.1.4.1.1466.115.121.1.6", NULL },
+{ BASICTYPE_OCTETSTRING,"Octet String", "1.3.6.1.4.1.1466.115.121.1.40", NULL },
+{ BASICTYPE_NULL,NULL, NULL, NULL },
+{ BASICTYPE_OID,"OID","1.3.6.1.4.1.1466.115.121.1.38", NULL },
+{ BASICTYPE_REAL,NULL, NULL, NULL },
+{ BASICTYPE_ENUMERATED,"Integer", "1.3.6.1.4.1.1466.115.121.1.27", NULL },
+{ BASICTYPE_NUMERIC_STR, "Numeric String", "1.3.6.1.4.1.1466.115.121.1.36", NULL },
+{ BASICTYPE_PRINTABLE_STR, "Printable String", "1.3.6.1.4.1.1466.115.121.1.44", NULL },
+{ BASICTYPE_UNIVERSAL_STR, NULL , NULL, NULL },
+{ BASICTYPE_IA5_STR, "IA5 String", "1.3.6.1.4.1.1466.115.121.1.26", NULL },
+{ BASICTYPE_BMP_STR, NULL , NULL, NULL },
+{ BASICTYPE_UTF8_STR, "Directory String" , "1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ BASICTYPE_UTCTIME, "UTC Time" , "1.3.6.1.4.1.1466.115.121.1.53", NULL },
+{ BASICTYPE_GENERALIZEDTIME, "Generalized Time" ,"1.3.6.1.4.1.1466.115.121.1.24", NULL },
+{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL },
+{ BASICTYPE_VISIBLE_STR, "Directory String", "1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL },
+{ BASICTYPE_OBJECTDESCRIPTOR, "Object Class Description", "1.3.6.1.4.1.1466.115.121.1.37", NULL },
+{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL },
+{ BASICTYPE_T61_STR, NULL, NULL, NULL },
+{ BASICTYPE_OCTETCONTAINING, NULL , NULL, NULL },
+{ BASICTYPE_BITCONTAINING, NULL , NULL, NULL },
+{ BASICTYPE_RELATIVE_OID, "OID", "1.3.6.1.4.1.1466.115.121.1.38", NULL },
+{ BASICTYPE_ANY, NULL, NULL, NULL },
+{ COMPOSITE_ASN1_TYPE, NULL , NULL, NULL },
+{ RDNSequence, "Distinguished Name" , "1.3.6.1.4.1.1466.115.121.1.12", NULL },
+{ RelativeDistinguishedName, "RDN", "1.2.36.79672281.1.5.0", NULL },
+{ TelephoneNumber, "Telephone Number" , "1.3.6.1.4.1.1466.115.121.1.50", NULL },
+{ FacsimileTelephoneNumber__telephoneNumber, "Facsimile Telephone Number","1.3.6.1.4.1.1466.115.121.1.22", NULL },
+{ DirectoryString, "Directory String" ,"1.3.6.1.4.1.1466.115.121.1.15", NULL },
+{ ASN_COMP_CERTIFICATE, "componentCertificate", "1.2.36.79672281.1.5.2" , NULL },
+{ ASNTYPE_END , NULL , NULL, NULL }
+}; 
+
+/*
+ * This table describes relationship between an ASN.1 type and its
+ * potential matching rules such as equality, approx, ordering, and substring
+ * Based on the description of this table, the following ComponentType
+ * table is initialized
+ */
+AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN, "booleanMatch", NULL, NULL, NULL },
+{ BASICTYPE_INTEGER, "integerMatch", NULL, "integerOrderingMatch", NULL },
+{ BASICTYPE_BITSTRING, "bitStringMatch", NULL, NULL, NULL },
+{ BASICTYPE_OCTETSTRING, "octetStringMatch", NULL, "octetStringOrderingMatch", NULL },
+{ BASICTYPE_NULL, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OID, "objectIdentifierMatch", NULL, NULL, NULL },
+{ BASICTYPE_REAL,  NULL, NULL, NULL, NULL },
+{ BASICTYPE_ENUMERATED,  "integerMatch", NULL, "integerOrderingMatch", NULL },
+{ BASICTYPE_NUMERIC_STR,  "numericStringMatch", NULL, "numericStringOrderingMatch", "numericStringSubstringsMatch"},
+{ BASICTYPE_PRINTABLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UNIVERSAL_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_IA5_STR, "caseIgnoreMatch", "IA5StringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_BMP_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UTF8_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_UTCTIME, NULL, NULL, NULL, NULL },
+{ BASICTYPE_GENERALIZEDTIME,  NULL, NULL, NULL, NULL },
+{ BASICTYPE_GRAPHIC_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_VISIBLE_STR, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ BASICTYPE_GENERAL_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OBJECTDESCRIPTOR, "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
+{ BASICTYPE_VIDEOTEX_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_T61_STR, NULL, NULL, NULL, NULL },
+{ BASICTYPE_OCTETCONTAINING,  NULL, NULL, NULL, NULL },
+{ BASICTYPE_BITCONTAINING,  NULL, NULL, NULL, NULL },
+{ BASICTYPE_RELATIVE_OID,  "objectIdentifierFirstComponentMatch", NULL, NULL, NULL },
+{ BASICTYPE_ANY, NULL, NULL, NULL, NULL },
+{ COMPOSITE_ASN1_TYPE,  NULL, NULL, NULL, NULL },
+{ RDNSequence,  "distinguishedNameMatch", NULL, NULL, NULL },
+{ RelativeDistinguishedName, "rdnMatch" , NULL, NULL, NULL },
+{ TelephoneNumber, NULL, NULL, NULL, NULL },
+{ FacsimileTelephoneNumber__telephoneNumber,  "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch" },
+{ DirectoryString, "caseIgnoreMatch", "directoryStringApproxMatch", "caseIgnoreOrderingMatch", "caseIgnoreSubstringsMatch"},
+{ ASN_COMP_CERTIFICATE, "componentFilterMatch", NULL, NULL, NULL },
+{ ASNTYPE_END, NULL, NULL, NULL, NULL }
+};
+
+/*
+ * This table maps an ASN type to a corresponding ComponentType which has
+ * equivalent contents of an existing AttributeType
+ */
+AsnTypetoCompType asntype_to_compType_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN,{}},
+{ BASICTYPE_INTEGER, {}},
+{ BASICTYPE_BITSTRING, {}},
+{ BASICTYPE_OCTETSTRING, {}},
+{ BASICTYPE_NULL, {}},
+{ BASICTYPE_OID, {}},
+{ BASICTYPE_REAL, {}},
+{ BASICTYPE_ENUMERATED, {}},
+{ BASICTYPE_NUMERIC_STR, {}},
+{ BASICTYPE_PRINTABLE_STR, {}},
+{ BASICTYPE_UNIVERSAL_STR, {}},
+{ BASICTYPE_IA5_STR, {}},
+{ BASICTYPE_BMP_STR, {}},
+{ BASICTYPE_UTF8_STR, {}},
+{ BASICTYPE_UTCTIME, {}},
+{ BASICTYPE_GENERALIZEDTIME, {}},
+{ BASICTYPE_GRAPHIC_STR, {}},
+{ BASICTYPE_VISIBLE_STR, {}},
+{ BASICTYPE_GENERAL_STR,{}},
+{ BASICTYPE_OBJECTDESCRIPTOR, {}},
+{ BASICTYPE_VIDEOTEX_STR, {}},
+{ BASICTYPE_T61_STR, {}},
+{ BASICTYPE_OCTETCONTAINING, {}},
+{ BASICTYPE_BITCONTAINING, {}},
+{ BASICTYPE_RELATIVE_OID, {}},
+{ BASICTYPE_ANY, {}},
+{ COMPOSITE_ASN1_TYPE, {}},
+{ RDNSequence, {}},
+{ RelativeDistinguishedName, {}}, 
+{ TelephoneNumber, {}},
+{ FacsimileTelephoneNumber__telephoneNumber, {}},
+{ DirectoryString, {}},
+{ ASN_COMP_CERTIFICATE, {}},
+{ ASNTYPE_END , {}}
+};
+
+AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[] = {
+{ BASICTYPE_BOOLEAN, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BOOLEAN,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentBool,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentBool,(ber_decoder_func*)BDecComponentBool,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBool}},
+{ BASICTYPE_INTEGER, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_INTEGER,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentInt,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentInt,(ber_decoder_func*)BDecComponentInt,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentInt}},
+{ BASICTYPE_BITSTRING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BITSTRING,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentBits,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentBits,(ber_decoder_func*)BDecComponentBits,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBits}},
+{ BASICTYPE_OCTETSTRING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OCTETSTRING,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentOcts,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentOcts,(ber_decoder_func*)BDecComponentOcts,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentOcts}},
+{ BASICTYPE_NULL, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_NULL,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentNull,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentNull,(ber_decoder_func*)BDecComponentNull,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentNull}},
+{ BASICTYPE_OID, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OID,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentOid,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentOid,(ber_decoder_func*)BDecComponentOid,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentOid}},
+{ BASICTYPE_REAL, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_REAL,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentReal,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentReal,(ber_decoder_func*)BDecComponentReal,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentReal}},
+{ BASICTYPE_ENUMERATED, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_ENUMERATED,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentEnum,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentEnum,(ber_decoder_func*)BDecComponentEnum,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentEnum}},
+{ BASICTYPE_NUMERIC_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_NUMERIC_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentNumericString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentNumericString,(ber_decoder_func*)BDecComponentNumericString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentNumericString}},
+{ BASICTYPE_PRINTABLE_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_PRINTABLE_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentPrintableString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentPrintableString,(ber_decoder_func*)BDecComponentPrintableString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentPrintableString}},
+{ BASICTYPE_UNIVERSAL_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UNIVERSAL_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUniversalString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUniversalString,(ber_decoder_func*)BDecComponentUniversalString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUniversalString}},
+{ BASICTYPE_IA5_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_IA5_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentIA5String,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentIA5String,(ber_decoder_func*)BDecComponentIA5String,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentIA5String}},
+{ BASICTYPE_BMP_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BMP_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentBMPString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentBMPString,(ber_decoder_func*)BDecComponentBMPString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentBMPString}},
+{ BASICTYPE_UTF8_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UTF8_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_UTCTIME, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_UTCTIME,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTCTime,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTCTime,(ber_decoder_func*)BDecComponentUTCTime,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTCTime}},
+{ BASICTYPE_GENERALIZEDTIME, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GENERALIZEDTIME,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTCTime,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTCTime,(ber_decoder_func*)BDecComponentUTCTime,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTCTime}},
+{ BASICTYPE_GRAPHIC_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GRAPHIC_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentPrintableString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentPrintableString,(ber_decoder_func*)BDecComponentPrintableString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentPrintableString}},
+{ BASICTYPE_VISIBLE_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_VISIBLE_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentVisibleString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentVisibleString,(ber_decoder_func*)BDecComponentVisibleString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentVisibleString}},
+{ BASICTYPE_GENERAL_STR,{ -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_GENERAL_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_OBJECTDESCRIPTOR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OBJECTDESCRIPTOR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_VIDEOTEX_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_VIDEOTEX_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentTeletexString,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentTeletexString,(ber_decoder_func*)BDecComponentTeletexString,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentTeletexString}},
+{ BASICTYPE_T61_STR, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_T61_STR,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentUTF8String,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentUTF8String,(ber_decoder_func*)BDecComponentUTF8String,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentUTF8String}},
+{ BASICTYPE_OCTETCONTAINING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_OCTETCONTAINING,
+	(encoder_func*)NULL,(encoder_func*)NULL,(encoder_func*)NULL,
+	(gser_decoder_func*)NULL,(ber_decoder_func*)NULL,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,NULL}},
+{ BASICTYPE_BITCONTAINING, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_BITCONTAINING,
+	(encoder_func*)NULL,(encoder_func*)NULL,(encoder_func*)NULL,
+	(gser_decoder_func*)NULL,(ber_decoder_func*)NULL,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,NULL}},
+{ BASICTYPE_RELATIVE_OID, { -1, NULL, {},{},0,ASN_BASIC,BASICTYPE_RELATIVE_OID,
+	(encoder_func*)NULL,(encoder_func*)GEncComponentRelativeOid,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentRelativeOid,(ber_decoder_func*)BDecComponentRelativeOid,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRelativeOid}},
+{ BASICTYPE_ANY, {}},
+{ COMPOSITE_ASN1_TYPE, {}},
+{ RDNSequence, { -1, NULL, {},{},0,ASN_COMPOSITE,RDNSequence,
+	(encoder_func*)ConvertRDNSequence2RFC2253,(encoder_func*)NULL,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentRDNSequence,(ber_decoder_func*)BDecComponentRDNSequence,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRDNSequence}},
+{ RelativeDistinguishedName, { -1, NULL, {},{},0,ASN_COMPOSITE,RDNSequence,
+	(encoder_func*)ConvertRDNSequence2RFC2253,(encoder_func*)NULL,(encoder_func*)NULL,
+	(gser_decoder_func*)GDecComponentRDNSequence,(ber_decoder_func*)BDecComponentRDNSequence,
+	(comp_free_func*)NULL,(extract_component_from_id_func*)NULL,MatchingComponentRDNSequence}}, 
+{ TelephoneNumber, {}},
+{ FacsimileTelephoneNumber__telephoneNumber, {}},
+{ DirectoryString, {}},
+{ ASN_COMP_CERTIFICATE, {}},
+{ ASNTYPE_END , {}}
+};
diff --git a/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn
new file mode 100644
index 0000000..85ac92d
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.asn
@@ -0,0 +1,65 @@
+AuthorityKeyIdentifierDefinition DEFINITIONS ::=

+BEGIN

+AuthorityKeyIdentifier ::= SEQUENCE {

+    keyIdentifier             [0] IMPLICIT KeyIdentifier            OPTIONAL,

+    authorityCertIssuer       [1] IMPLICIT GeneralNames             OPTIONAL,

+    authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber  OPTIONAL }

+    -- authorityCertIssuer and authorityCertSerialNumber MUST both

+    -- be present or both be absent

+

+KeyIdentifier ::= OCTET STRING

+

+CertificateSerialNumber ::= INTEGER

+

+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

+

+GeneralName ::= CHOICE {

+        otherName                       [0]     OtherName,

+        rfc822Name                      [1]     IA5String,

+        dNSName                         [2]     IA5String,

+        x400Address                     [3]     ORAddress,

+        directoryName                   [4]     Name,

+        ediPartyName                    [5]     EDIPartyName,

+        uniformResourceIdentifier       [6]     IA5String,

+        iPAddress                       [7]     OCTET STRING,

+        registeredID                    [8]     OBJECT IDENTIFIER }

+

+OtherName ::= SEQUENCE {

+        type-id    OBJECT IDENTIFIER,

+        value      [0] EXPLICIT ANY DEFINED BY type-id }

+

+EDIPartyName ::= SEQUENCE {

+        nameAssigner            [0]     DirectoryString OPTIONAL,

+        partyName               [1]     DirectoryString }

+

+-- following ORAddress may not conform original def. in ASN.1

+ORAddress ::= SEQUENCE {

+-- built-in-standard-attributes BuiltInStandardAttributes,

+	type-id	OBJECT IDENTIFIER,

+-- built-in-domain-defined-attributes

+	value	ANY DEFINED BY type-id,

+-- BuiltInDomainDefinedAttributes OPTIONAL,

+-- see also teletex-domain-defined-attributes

+--extension-attributes ExtensionAttributes OPTIONAL }

+	extension	OCTET STRING OPTIONAL }

+

+

+Name ::= CHOICE {

+     rdnSequence	RDNSequence }

+

+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

+

+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

+

+AttributeTypeAndValue ::= SEQUENCE {

+     type     OBJECT IDENTIFIER,

+     value    ANY DEFINED BY type}

+

+DirectoryString ::= CHOICE {

+	teletexString	TeletexString (SIZE (1..MAX)),

+	printableString	PrintableString (SIZE (1..MAX)),

+	universalString	UniversalString (SIZE (1..MAX)),

+	utf8String	UTF8String (SIZE (1..MAX)),

+	bmpString	BMPString (SIZE (1..MAX)) }

+

+END

diff --git a/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c
new file mode 100644
index 0000000..84e83b8
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.c
@@ -0,0 +1,2058 @@
+/*
+ *    authorityKeyIdentifier.c
+ *    "AuthorityKeyIdentifierDefinition" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Wed Dec  8 22:22:49 2004
+ *    The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "authorityKeyIdentifier.h"
+
+BDecComponentAuthorityKeyIdentifierTop( void* mem_op, GenBuf* b, void *v, AsnLen* bytesDecoded,int mode) {
+	AsnTag tag;
+	AsnLen elmtLen;
+
+	tag = BDecTag ( b, bytesDecoded );
+	elmtLen = BDecLen ( b, bytesDecoded );
+	if ( elmtLen <= 0 ) return (-1);
+	if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+		return (-1);
+	}
+		
+	return BDecComponentAuthorityKeyIdentifier( mem_op, b, tag, elmtLen, ( ComponentAuthorityKeyIdentifier**)v, (AsnLen*)bytesDecoded, mode );
+}
+
+
+void init_module_AuthorityKeyIdentifierDefinition() {
+	InstallOidDecoderMapping( "2.5.29.35", NULL,
+				GDecComponentAuthorityKeyIdentifier,
+				BDecComponentAuthorityKeyIdentifierTop,
+				ExtractingComponentAuthorityKeyIdentifier,
+				MatchingComponentAuthorityKeyIdentifier	);
+}
+
+int
+MatchingComponentOtherName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->type_id, (ComponentSyntaxInfo*)&((ComponentOtherName*)csi_assert)->type_id );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentOtherName*)csi_attr)->value, (&((ComponentOtherName*)csi_attr)->type_id));
+	rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentOtherName*)csi_attr)->value, (ComponentAny*)&((ComponentOtherName*)csi_assert)->value);
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentOtherName */
+
+void*
+ExtractingComponentOtherName ( void* mem_op, ComponentReference* cr, ComponentOtherName *comp )
+{
+
+	if ( ( comp->type_id.identifier.bv_val && strncmp(comp->type_id.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type_id.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->type_id;
+		else
+		return NULL;
+	}
+	if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->value;
+		else
+		return NULL;
+	}
+	return NULL;
+}  /* ExtractingComponentOtherName */
+
+int
+BDecComponentOtherName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentOtherName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentOtherName *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc = 	BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->type_id), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->type_id)->identifier.bv_val = (&k->type_id)->id_buf;
+		(&k->type_id)->identifier.bv_len = strlen("type_id");
+		strcpy( (&k->type_id)->identifier.bv_val, "type_id");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ 	rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->value)->identifier.bv_val = (&k->value)->id_buf;
+		(&k->value)->identifier.bv_len = strlen("value");
+		strcpy( (&k->value)->identifier.bv_val, "value");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentOtherName*) CompAlloc( mem_op, sizeof(ComponentOtherName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOtherName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOtherName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentOtherName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOtherName;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecOtherName*/
+
+int
+GDecComponentOtherName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentOtherName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentOtherName *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "type_id", strlen("type_id") ) == 0 ) {
+		rc = 	GDecComponentOid (mem_op, b, (&k->type_id), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->type_id)->identifier.bv_val = peek_head;
+	(&k->type_id)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+		rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+	rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->value)->identifier.bv_val = peek_head;
+	(&k->value)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentOtherName*) CompAlloc( mem_op, sizeof(ComponentOtherName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOtherName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOtherName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentOtherName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOtherName;
+	return LDAP_SUCCESS;
+}  /* GDecOtherName*/
+
+
+int
+MatchingComponentORAddress ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->type_id, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->type_id );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->value, (&((ComponentORAddress*)csi_attr)->type_id));
+	rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentORAddress*)csi_attr)->value, (ComponentAny*)&((ComponentORAddress*)csi_assert)->value);
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_attr)->extension, (ComponentSyntaxInfo*)&((ComponentORAddress*)csi_assert)->extension );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentORAddress */
+
+void*
+ExtractingComponentORAddress ( void* mem_op, ComponentReference* cr, ComponentORAddress *comp )
+{
+
+	if ( ( comp->type_id.identifier.bv_val && strncmp(comp->type_id.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type_id.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->type_id;
+		else
+		return NULL;
+	}
+	if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->value;
+		else
+		return NULL;
+	}
+	if ( ( comp->extension.identifier.bv_val && strncmp(comp->extension.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extension.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->extension;
+		else
+		return NULL;
+	}
+	return NULL;
+}  /* ExtractingComponentORAddress */
+
+int
+BDecComponentORAddress PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentORAddress **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentORAddress *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc = 	BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->type_id), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->type_id)->identifier.bv_val = (&k->type_id)->id_buf;
+		(&k->type_id)->identifier.bv_len = strlen("type_id");
+		strcpy( (&k->type_id)->identifier.bv_val, "type_id");
+    }
+    else
+        return -1;
+
+
+
+    {
+		rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+ 	rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->value)->identifier.bv_val = (&k->value)->id_buf;
+		(&k->value)->identifier.bv_len = strlen("value");
+		strcpy( (&k->value)->identifier.bv_val, "value");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc = 	BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extension), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->extension)->identifier.bv_val = (&k->extension)->id_buf;
+		(&k->extension)->identifier.bv_len = strlen("extension");
+		strcpy( (&k->extension)->identifier.bv_val, "extension");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentORAddress*) CompAlloc( mem_op, sizeof(ComponentORAddress) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentORAddress ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentORAddress ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentORAddress;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentORAddress;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecORAddress*/
+
+int
+GDecComponentORAddress PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentORAddress **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentORAddress *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "type_id", strlen("type_id") ) == 0 ) {
+		rc = 	GDecComponentOid (mem_op, b, (&k->type_id), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->type_id)->identifier.bv_val = peek_head;
+	(&k->type_id)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+		rc = SetAnyTypeByComponentOid ((&k->value), (&k->type_id));
+	rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->value)->identifier.bv_val = peek_head;
+	(&k->value)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "extension", strlen("extension") ) == 0 ) {
+		rc = 	GDecComponentOcts (mem_op, b, (&k->extension), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->extension)->identifier.bv_val = peek_head;
+	(&k->extension)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentORAddress*) CompAlloc( mem_op, sizeof(ComponentORAddress) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentORAddress ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentORAddress ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentORAddress;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentORAddress;
+	return LDAP_SUCCESS;
+}  /* GDecORAddress*/
+
+
+int
+MatchingComponentDirectoryString ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	ComponentDirectoryString *v1, *v2;
+
+
+	v1 = (ComponentDirectoryString*)csi_attr;
+	v2 = (ComponentDirectoryString*)csi_assert;
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	if( (v1->choiceId != v2->choiceId ) )
+		return LDAP_COMPARE_FALSE;
+	switch( v1->choiceId )
+	{
+	   case DIRECTORYSTRING_TELETEXSTRING :
+		rc = 	MatchingComponentTeletexString ( oid, (ComponentSyntaxInfo*)(v1->a.teletexString), (ComponentSyntaxInfo*)(v2->a.teletexString) );
+		break;
+	   case DIRECTORYSTRING_PRINTABLESTRING :
+		rc = 	MatchingComponentPrintableString ( oid, (ComponentSyntaxInfo*)(v1->a.printableString), (ComponentSyntaxInfo*)(v2->a.printableString) );
+		break;
+	   case DIRECTORYSTRING_UNIVERSALSTRING :
+		rc = 	MatchingComponentUniversalString ( oid, (ComponentSyntaxInfo*)(v1->a.universalString), (ComponentSyntaxInfo*)(v2->a.universalString) );
+		break;
+	   case DIRECTORYSTRING_UTF8STRING :
+		rc = 	MatchingComponentUTF8String ( oid, (ComponentSyntaxInfo*)(v1->a.utf8String), (ComponentSyntaxInfo*)(v2->a.utf8String) );
+		break;
+	   case DIRECTORYSTRING_BMPSTRING :
+		rc = 	MatchingComponentBMPString ( oid, (ComponentSyntaxInfo*)(v1->a.bmpString), (ComponentSyntaxInfo*)(v2->a.bmpString) );
+		break;
+	default : 
+		 return LDAP_PROTOCOL_ERROR;
+	}
+	return rc;
+}  /* BMatchingComponentDirectoryStringContent */
+
+void*
+ExtractingComponentDirectoryString ( void* mem_op, ComponentReference* cr, ComponentDirectoryString *comp )
+{
+
+
+	if( (comp->choiceId) ==  DIRECTORYSTRING_TELETEXSTRING &&
+		 (( comp->a.teletexString->identifier.bv_val && strncmp(comp->a.teletexString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.teletexString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.teletexString);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTeletexString ( mem_op, cr, (comp->a.teletexString) );
+		};
+	}
+	if( (comp->choiceId) ==  DIRECTORYSTRING_PRINTABLESTRING &&
+		 (( comp->a.printableString->identifier.bv_val && strncmp(comp->a.printableString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.printableString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.printableString);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentPrintableString ( mem_op, cr, (comp->a.printableString) );
+		};
+	}
+	if( (comp->choiceId) ==  DIRECTORYSTRING_UNIVERSALSTRING &&
+		 (( comp->a.universalString->identifier.bv_val && strncmp(comp->a.universalString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.universalString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.universalString);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentUniversalString ( mem_op, cr, (comp->a.universalString) );
+		};
+	}
+	if( (comp->choiceId) ==  DIRECTORYSTRING_UTF8STRING &&
+		 (( comp->a.utf8String->identifier.bv_val && strncmp(comp->a.utf8String->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.utf8String->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.utf8String);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentUTF8String ( mem_op, cr, (comp->a.utf8String) );
+		};
+	}
+	if( (comp->choiceId) ==  DIRECTORYSTRING_BMPSTRING &&
+		 (( comp->a.bmpString->identifier.bv_val && strncmp(comp->a.bmpString->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.bmpString->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.bmpString);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentBMPString ( mem_op, cr, (comp->a.bmpString) );
+		};
+	}
+	return NULL;
+}  /* ExtractingComponentDirectoryString */
+
+int
+BDecComponentDirectoryString PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentDirectoryString **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentDirectoryString *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    switch (tagId0)
+    {
+       case MAKE_TAG_ID (UNIV, PRIM, TELETEXSTRING_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, TELETEXSTRING_TAG_CODE):
+        (k->choiceId) = DIRECTORYSTRING_TELETEXSTRING;
+		rc = 	BDecComponentTeletexString (mem_op, b, tagId0, elmtLen0, (&k->a.teletexString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.teletexString)->identifier.bv_val = (k->a.teletexString)->id_buf;
+		(k->a.teletexString)->identifier.bv_len = strlen("teletexString");
+		strcpy( (k->a.teletexString)->identifier.bv_val, "teletexString");
+    break;
+
+       case MAKE_TAG_ID (UNIV, PRIM, PRINTABLESTRING_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, PRINTABLESTRING_TAG_CODE):
+        (k->choiceId) = DIRECTORYSTRING_PRINTABLESTRING;
+		rc = 	BDecComponentPrintableString (mem_op, b, tagId0, elmtLen0, (&k->a.printableString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.printableString)->identifier.bv_val = (k->a.printableString)->id_buf;
+		(k->a.printableString)->identifier.bv_len = strlen("printableString");
+		strcpy( (k->a.printableString)->identifier.bv_val, "printableString");
+    break;
+
+       case MAKE_TAG_ID (UNIV, PRIM, UNIVERSALSTRING_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, UNIVERSALSTRING_TAG_CODE):
+        (k->choiceId) = DIRECTORYSTRING_UNIVERSALSTRING;
+		rc = 	BDecComponentUniversalString (mem_op, b, tagId0, elmtLen0, (&k->a.universalString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.universalString)->identifier.bv_val = (k->a.universalString)->id_buf;
+		(k->a.universalString)->identifier.bv_len = strlen("universalString");
+		strcpy( (k->a.universalString)->identifier.bv_val, "universalString");
+    break;
+
+       case MAKE_TAG_ID (UNIV, PRIM, UTF8STRING_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, UTF8STRING_TAG_CODE):
+        (k->choiceId) = DIRECTORYSTRING_UTF8STRING;
+		rc = 	BDecComponentUTF8String (mem_op, b, tagId0, elmtLen0, (&k->a.utf8String), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.utf8String)->identifier.bv_val = (k->a.utf8String)->id_buf;
+		(k->a.utf8String)->identifier.bv_len = strlen("utf8String");
+		strcpy( (k->a.utf8String)->identifier.bv_val, "utf8String");
+    break;
+
+       case MAKE_TAG_ID (UNIV, PRIM, BMPSTRING_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, BMPSTRING_TAG_CODE):
+        (k->choiceId) = DIRECTORYSTRING_BMPSTRING;
+		rc = 	BDecComponentBMPString (mem_op, b, tagId0, elmtLen0, (&k->a.bmpString), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.bmpString)->identifier.bv_val = (k->a.bmpString)->id_buf;
+		(k->a.bmpString)->identifier.bv_len = strlen("bmpString");
+		strcpy( (k->a.bmpString)->identifier.bv_val, "bmpString");
+    break;
+
+    default:
+        Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+        return -1;
+        break;
+    } /* end switch */
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentDirectoryString*) CompAlloc( mem_op, sizeof(ComponentDirectoryString) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentDirectoryString ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentDirectoryString ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentDirectoryString;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentDirectoryString;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecDirectoryStringContent */
+
+int
+GDecComponentDirectoryString PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentDirectoryString **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentDirectoryString *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head2 != ':'){
+		Asn1Error("Missing : in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( strncmp("teletexString",peek_head, strlen("teletexString")) == 0){
+		(k->choiceId) = DIRECTORYSTRING_TELETEXSTRING;
+		rc = 	GDecComponentTeletexString (mem_op, b, (&k->a.teletexString), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.teletexString)->identifier.bv_val = peek_head;
+		(k->a.teletexString)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("printableString",peek_head,strlen("printableString")) == 0){
+		(k->choiceId) = DIRECTORYSTRING_PRINTABLESTRING;
+		rc = 	GDecComponentPrintableString (mem_op, b, (&k->a.printableString), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.printableString)->identifier.bv_val = peek_head;
+		(k->a.printableString)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("universalString",peek_head,strlen("universalString")) == 0){
+		(k->choiceId) = DIRECTORYSTRING_UNIVERSALSTRING;
+		rc = 	GDecComponentUniversalString (mem_op, b, (&k->a.universalString), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.universalString)->identifier.bv_val = peek_head;
+		(k->a.universalString)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("utf8String",peek_head,strlen("utf8String")) == 0){
+		(k->choiceId) = DIRECTORYSTRING_UTF8STRING;
+		rc = 	GDecComponentUTF8String (mem_op, b, (&k->a.utf8String), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.utf8String)->identifier.bv_val = peek_head;
+		(k->a.utf8String)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("bmpString",peek_head,strlen("bmpString")) == 0){
+		(k->choiceId) = DIRECTORYSTRING_BMPSTRING;
+		rc = 	GDecComponentBMPString (mem_op, b, (&k->a.bmpString), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.bmpString)->identifier.bv_val = peek_head;
+		(k->a.bmpString)->identifier.bv_len = strLen;
+	}
+	else {
+		Asn1Error("Undefined Identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentDirectoryString*) CompAlloc( mem_op, sizeof(ComponentDirectoryString) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentDirectoryString ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentDirectoryString ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentDirectoryString;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentDirectoryString;
+	return LDAP_SUCCESS;
+}  /* GDecDirectoryStringContent */
+
+
+int
+MatchingComponentEDIPartyName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	if(COMPONENTNOT_NULL( ((ComponentEDIPartyName*)csi_attr)->nameAssigner ) ) {
+	rc =	MatchingComponentDirectoryString ( oid, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_attr)->nameAssigner, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_assert)->nameAssigner );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	rc =	MatchingComponentDirectoryString ( oid, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_attr)->partyName, (ComponentSyntaxInfo*)((ComponentEDIPartyName*)csi_assert)->partyName );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentEDIPartyName */
+
+void*
+ExtractingComponentEDIPartyName ( void* mem_op, ComponentReference* cr, ComponentEDIPartyName *comp )
+{
+
+	if ( ( comp->nameAssigner->identifier.bv_val && strncmp(comp->nameAssigner->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->nameAssigner->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->nameAssigner;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentDirectoryString ( mem_op, cr, comp->nameAssigner );
+		}
+	}
+	if ( ( comp->partyName->identifier.bv_val && strncmp(comp->partyName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->partyName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->partyName;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentDirectoryString ( mem_op, cr, comp->partyName );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentEDIPartyName */
+
+int
+BDecComponentEDIPartyName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentEDIPartyName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	AsnLen totalElmtsLen3 = 0;
+	AsnLen elmtLen3;
+	AsnTag tagId3;
+	int old_mode = mode;
+	int rc;
+	ComponentEDIPartyName *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc =     tagId2 = BDecTag (b, &totalElmtsLen1 );
+    elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+	BDecComponentDirectoryString (mem_op, b, tagId2, elmtLen2, (&k->nameAssigner), &totalElmtsLen1, mode);
+    if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc(b, &totalElmtsLen1 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->nameAssigner)->identifier.bv_val = (k->nameAssigner)->id_buf;
+		(k->nameAssigner)->identifier.bv_len = strlen("nameAssigner");
+		strcpy( (k->nameAssigner)->identifier.bv_val, "nameAssigner");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+
+
+    if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+		rc =     tagId2 = BDecTag (b, &totalElmtsLen1 );
+    elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+	BDecComponentDirectoryString (mem_op, b, tagId2, elmtLen2, (&k->partyName), &totalElmtsLen1, mode);
+    if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc(b, &totalElmtsLen1 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->partyName)->identifier.bv_val = (k->partyName)->id_buf;
+		(k->partyName)->identifier.bv_len = strlen("partyName");
+		strcpy( (k->partyName)->identifier.bv_val, "partyName");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentEDIPartyName*) CompAlloc( mem_op, sizeof(ComponentEDIPartyName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEDIPartyName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEDIPartyName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentEDIPartyName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEDIPartyName;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecEDIPartyName*/
+
+int
+GDecComponentEDIPartyName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentEDIPartyName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentEDIPartyName *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "nameAssigner", strlen("nameAssigner") ) == 0 ) {
+		rc = 	GDecComponentDirectoryString (mem_op, b, (&k->nameAssigner), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->nameAssigner)->identifier.bv_val = peek_head;
+	( k->nameAssigner)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "partyName", strlen("partyName") ) == 0 ) {
+		rc = 	GDecComponentDirectoryString (mem_op, b, (&k->partyName), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->partyName)->identifier.bv_val = peek_head;
+	( k->partyName)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentEDIPartyName*) CompAlloc( mem_op, sizeof(ComponentEDIPartyName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEDIPartyName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEDIPartyName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentEDIPartyName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEDIPartyName;
+	return LDAP_SUCCESS;
+}  /* GDecEDIPartyName*/
+
+
+
+int
+MatchingComponentGeneralName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	ComponentGeneralName *v1, *v2;
+
+
+	v1 = (ComponentGeneralName*)csi_attr;
+	v2 = (ComponentGeneralName*)csi_assert;
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	if( (v1->choiceId != v2->choiceId ) )
+		return LDAP_COMPARE_FALSE;
+	switch( v1->choiceId )
+	{
+	   case GENERALNAME_OTHERNAME :
+		rc = 	MatchingComponentOtherName ( oid, (ComponentSyntaxInfo*)(v1->a.otherName), (ComponentSyntaxInfo*)(v2->a.otherName) );
+		break;
+	   case GENERALNAME_RFC822NAME :
+		rc = 	MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.rfc822Name), (ComponentSyntaxInfo*)(v2->a.rfc822Name) );
+		break;
+	   case GENERALNAME_DNSNAME :
+		rc = 	MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.dNSName), (ComponentSyntaxInfo*)(v2->a.dNSName) );
+		break;
+	   case GENERALNAME_X400ADDRESS :
+		rc = 	MatchingComponentORAddress ( oid, (ComponentSyntaxInfo*)(v1->a.x400Address), (ComponentSyntaxInfo*)(v2->a.x400Address) );
+		break;
+	   case GENERALNAME_DIRECTORYNAME :
+		rc = 	MatchingComponentName ( oid, (ComponentSyntaxInfo*)(v1->a.directoryName), (ComponentSyntaxInfo*)(v2->a.directoryName) );
+		break;
+	   case GENERALNAME_EDIPARTYNAME :
+		rc = 	MatchingComponentEDIPartyName ( oid, (ComponentSyntaxInfo*)(v1->a.ediPartyName), (ComponentSyntaxInfo*)(v2->a.ediPartyName) );
+		break;
+	   case GENERALNAME_UNIFORMRESOURCEIDENTIFIER :
+		rc = 	MatchingComponentIA5String ( oid, (ComponentSyntaxInfo*)(v1->a.uniformResourceIdentifier), (ComponentSyntaxInfo*)(v2->a.uniformResourceIdentifier) );
+		break;
+	   case GENERALNAME_IPADDRESS :
+		rc = 	MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)(v1->a.iPAddress), (ComponentSyntaxInfo*)(v2->a.iPAddress) );
+		break;
+	   case GENERALNAME_REGISTEREDID :
+		rc = 	MatchingComponentOid ( oid, (ComponentSyntaxInfo*)(v1->a.registeredID), (ComponentSyntaxInfo*)(v2->a.registeredID) );
+		break;
+	default : 
+		 return LDAP_PROTOCOL_ERROR;
+	}
+	return rc;
+}  /* BMatchingComponentGeneralNameContent */
+
+void*
+ExtractingComponentGeneralName ( void* mem_op, ComponentReference* cr, ComponentGeneralName *comp )
+{
+
+
+	if( (comp->choiceId) ==  GENERALNAME_OTHERNAME &&
+		 (( comp->a.otherName->identifier.bv_val && strncmp(comp->a.otherName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.otherName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.otherName);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentOtherName ( mem_op, cr, (comp->a.otherName) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_RFC822NAME &&
+		 (( comp->a.rfc822Name->identifier.bv_val && strncmp(comp->a.rfc822Name->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.rfc822Name->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.rfc822Name);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentIA5String ( mem_op, cr, (comp->a.rfc822Name) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_DNSNAME &&
+		 (( comp->a.dNSName->identifier.bv_val && strncmp(comp->a.dNSName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.dNSName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.dNSName);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentIA5String ( mem_op, cr, (comp->a.dNSName) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_X400ADDRESS &&
+		 (( comp->a.x400Address->identifier.bv_val && strncmp(comp->a.x400Address->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.x400Address->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.x400Address);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentORAddress ( mem_op, cr, (comp->a.x400Address) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_DIRECTORYNAME &&
+		 (( comp->a.directoryName->identifier.bv_val && strncmp(comp->a.directoryName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.directoryName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.directoryName);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentName ( mem_op, cr, (comp->a.directoryName) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_EDIPARTYNAME &&
+		 (( comp->a.ediPartyName->identifier.bv_val && strncmp(comp->a.ediPartyName->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.ediPartyName->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.ediPartyName);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentEDIPartyName ( mem_op, cr, (comp->a.ediPartyName) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_UNIFORMRESOURCEIDENTIFIER &&
+		 (( comp->a.uniformResourceIdentifier->identifier.bv_val && strncmp(comp->a.uniformResourceIdentifier->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.uniformResourceIdentifier->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.uniformResourceIdentifier);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentIA5String ( mem_op, cr, (comp->a.uniformResourceIdentifier) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_IPADDRESS &&
+		 (( comp->a.iPAddress->identifier.bv_val && strncmp(comp->a.iPAddress->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.iPAddress->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.iPAddress);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentOcts ( mem_op, cr, (comp->a.iPAddress) );
+		};
+	}
+	if( (comp->choiceId) ==  GENERALNAME_REGISTEREDID &&
+		 (( comp->a.registeredID->identifier.bv_val && strncmp(comp->a.registeredID->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.registeredID->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.registeredID);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentOid ( mem_op, cr, (comp->a.registeredID) );
+		};
+	}
+	return NULL;
+}  /* ExtractingComponentGeneralName */
+
+int
+BDecComponentGeneralName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentGeneralName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	AsnLen totalElmtsLen3 = 0;
+	AsnLen elmtLen3;
+	AsnTag tagId3;
+	int old_mode = mode;
+	int rc;
+	ComponentGeneralName *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    switch (tagId0)
+    {
+       case MAKE_TAG_ID (CNTX, CONS, 0):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_OTHERNAME;
+		rc = 	BDecComponentOtherName (mem_op, b, tagId1, elmtLen1, (&k->a.otherName), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.otherName)->identifier.bv_val = (k->a.otherName)->id_buf;
+		(k->a.otherName)->identifier.bv_len = strlen("otherName");
+		strcpy( (k->a.otherName)->identifier.bv_val, "otherName");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 1):
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+   (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_RFC822NAME;
+		rc = 	BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.rfc822Name), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.rfc822Name)->identifier.bv_val = (k->a.rfc822Name)->id_buf;
+		(k->a.rfc822Name)->identifier.bv_len = strlen("rfc822Name");
+		strcpy( (k->a.rfc822Name)->identifier.bv_val, "rfc822Name");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 2):
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+   (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_DNSNAME;
+		rc = 	BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.dNSName), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.dNSName)->identifier.bv_val = (k->a.dNSName)->id_buf;
+		(k->a.dNSName)->identifier.bv_len = strlen("dNSName");
+		strcpy( (k->a.dNSName)->identifier.bv_val, "dNSName");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 3):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_X400ADDRESS;
+		rc = 	BDecComponentORAddress (mem_op, b, tagId1, elmtLen1, (&k->a.x400Address), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.x400Address)->identifier.bv_val = (k->a.x400Address)->id_buf;
+		(k->a.x400Address)->identifier.bv_len = strlen("x400Address");
+		strcpy( (k->a.x400Address)->identifier.bv_val, "x400Address");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 4):
+        (k->choiceId) = GENERALNAME_DIRECTORYNAME;
+		tagId1 = BDecTag (b, &totalElmtsLen1 );
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->a.directoryName), &totalElmtsLen1, mode);
+    if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc(b, &totalElmtsLen1 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.directoryName)->identifier.bv_val = (k->a.directoryName)->id_buf;
+		(k->a.directoryName)->identifier.bv_len = strlen("directoryName");
+		strcpy( (k->a.directoryName)->identifier.bv_val, "directoryName");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 5):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_EDIPARTYNAME;
+		rc = 	BDecComponentEDIPartyName (mem_op, b, tagId1, elmtLen1, (&k->a.ediPartyName), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.ediPartyName)->identifier.bv_val = (k->a.ediPartyName)->id_buf;
+		(k->a.ediPartyName)->identifier.bv_len = strlen("ediPartyName");
+		strcpy( (k->a.ediPartyName)->identifier.bv_val, "ediPartyName");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 6):
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, IA5STRING_TAG_CODE)) &&
+   (tagId1 != MAKE_TAG_ID (UNIV, CONS, IA5STRING_TAG_CODE)))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_UNIFORMRESOURCEIDENTIFIER;
+		rc = 	BDecComponentIA5String (mem_op, b, tagId1, elmtLen1, (&k->a.uniformResourceIdentifier), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.uniformResourceIdentifier)->identifier.bv_val = (k->a.uniformResourceIdentifier)->id_buf;
+		(k->a.uniformResourceIdentifier)->identifier.bv_len = strlen("uniformResourceIdentifier");
+		strcpy( (k->a.uniformResourceIdentifier)->identifier.bv_val, "uniformResourceIdentifier");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 7):
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+if ((tagId1 != MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) &&
+   (tagId1 != MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE)))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_IPADDRESS;
+		rc = 	BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->a.iPAddress), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.iPAddress)->identifier.bv_val = (k->a.iPAddress)->id_buf;
+		(k->a.iPAddress)->identifier.bv_len = strlen("iPAddress");
+		strcpy( (k->a.iPAddress)->identifier.bv_val, "iPAddress");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+       case MAKE_TAG_ID (CNTX, CONS, 8):
+if (BDecTag (b, &totalElmtsLen1 ) != MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        (k->choiceId) = GENERALNAME_REGISTEREDID;
+		rc = 	BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->a.registeredID), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.registeredID)->identifier.bv_val = (k->a.registeredID)->id_buf;
+		(k->a.registeredID)->identifier.bv_len = strlen("registeredID");
+		strcpy( (k->a.registeredID)->identifier.bv_val, "registeredID");
+	if (elmtLen0 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    break;
+
+    default:
+        Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+        return -1;
+        break;
+    } /* end switch */
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentGeneralName*) CompAlloc( mem_op, sizeof(ComponentGeneralName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralName;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecGeneralNameContent */
+
+int
+GDecComponentGeneralName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentGeneralName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentGeneralName *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head2 != ':'){
+		Asn1Error("Missing : in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( strncmp("otherName",peek_head, strlen("otherName")) == 0){
+		(k->choiceId) = GENERALNAME_OTHERNAME;
+		rc = 	GDecComponentOtherName (mem_op, b, (&k->a.otherName), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.otherName)->identifier.bv_val = peek_head;
+		(k->a.otherName)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("rfc822Name",peek_head,strlen("rfc822Name")) == 0){
+		(k->choiceId) = GENERALNAME_RFC822NAME;
+		rc = 	GDecComponentIA5String (mem_op, b, (&k->a.rfc822Name), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.rfc822Name)->identifier.bv_val = peek_head;
+		(k->a.rfc822Name)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("dNSName",peek_head,strlen("dNSName")) == 0){
+		(k->choiceId) = GENERALNAME_DNSNAME;
+		rc = 	GDecComponentIA5String (mem_op, b, (&k->a.dNSName), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.dNSName)->identifier.bv_val = peek_head;
+		(k->a.dNSName)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("x400Address",peek_head,strlen("x400Address")) == 0){
+		(k->choiceId) = GENERALNAME_X400ADDRESS;
+		rc = 	GDecComponentORAddress (mem_op, b, (&k->a.x400Address), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.x400Address)->identifier.bv_val = peek_head;
+		(k->a.x400Address)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("directoryName",peek_head,strlen("directoryName")) == 0){
+		(k->choiceId) = GENERALNAME_DIRECTORYNAME;
+		rc = 	GDecComponentName (mem_op, b, (&k->a.directoryName), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.directoryName)->identifier.bv_val = peek_head;
+		(k->a.directoryName)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("ediPartyName",peek_head,strlen("ediPartyName")) == 0){
+		(k->choiceId) = GENERALNAME_EDIPARTYNAME;
+		rc = 	GDecComponentEDIPartyName (mem_op, b, (&k->a.ediPartyName), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.ediPartyName)->identifier.bv_val = peek_head;
+		(k->a.ediPartyName)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("uniformResourceIdentifier",peek_head,strlen("uniformResourceIdentifier")) == 0){
+		(k->choiceId) = GENERALNAME_UNIFORMRESOURCEIDENTIFIER;
+		rc = 	GDecComponentIA5String (mem_op, b, (&k->a.uniformResourceIdentifier), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.uniformResourceIdentifier)->identifier.bv_val = peek_head;
+		(k->a.uniformResourceIdentifier)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("iPAddress",peek_head,strlen("iPAddress")) == 0){
+		(k->choiceId) = GENERALNAME_IPADDRESS;
+		rc = 	GDecComponentOcts (mem_op, b, (&k->a.iPAddress), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.iPAddress)->identifier.bv_val = peek_head;
+		(k->a.iPAddress)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("registeredID",peek_head,strlen("registeredID")) == 0){
+		(k->choiceId) = GENERALNAME_REGISTEREDID;
+		rc = 	GDecComponentOid (mem_op, b, (&k->a.registeredID), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.registeredID)->identifier.bv_val = peek_head;
+		(k->a.registeredID)->identifier.bv_len = strLen;
+	}
+	else {
+		Asn1Error("Undefined Identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentGeneralName*) CompAlloc( mem_op, sizeof(ComponentGeneralName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralName;
+	return LDAP_SUCCESS;
+}  /* GDecGeneralNameContent */
+
+
+int
+MatchingComponentGeneralNames ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	void* component1, *component2;
+	AsnList *v1, *v2, t_list;
+
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	v1 = &((ComponentGeneralNames*)csi_attr)->comp_list;
+	v2 = &((ComponentGeneralNames*)csi_assert)->comp_list;
+	FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+	{
+		if( MatchingComponentGeneralName(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+			return LDAP_COMPARE_FALSE;
+		}
+	} /* end of for */
+
+	AsnListFirst( v1 );
+	AsnListFirst( v2 );
+	if( (!component1 && component2) || (component1 && !component2))
+		return LDAP_COMPARE_FALSE;
+	else
+		return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentGeneralNamesContent */
+
+void*
+ExtractingComponentGeneralNames ( void* mem_op, ComponentReference* cr, ComponentGeneralNames *comp )
+{
+	int count = 0;
+	int total;
+	AsnList *v = &comp->comp_list;
+	ComponentInt *k;
+	ComponentGeneralName *component;
+
+
+	switch ( cr->cr_curr->ci_type ) {
+	case LDAP_COMPREF_FROM_BEGINNING :
+		count = cr->cr_curr->ci_val.ci_from_beginning;
+		FOR_EACH_LIST_ELMT( component , v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentGeneralName ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_FROM_END :
+		total = AsnListCount ( v );
+		count = cr->cr_curr->ci_val.ci_from_end;
+		count = total + count +1;
+		FOR_EACH_LIST_ELMT ( component, v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL ) 
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentGeneralName ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_ALL :
+		return comp;
+	case LDAP_COMPREF_COUNT :
+		k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		k->comp_desc->cd_tag = (-1);
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+		k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+		k->value = AsnListCount(v);
+		return k;
+	default :
+		return NULL;
+	}
+}  /* ExtractingComponentGeneralNames */
+
+int
+BDecComponentGeneralNames PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentGeneralNames **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentGeneralNames *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit(&k->comp_list,sizeof(ComponentGeneralName));
+    for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+    {
+        ComponentGeneralName **tmpVar;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+    {
+        BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+        break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+    }
+        elmtLen1 = BDecLen (b, &totalElmtsLen1);
+    tmpVar = (ComponentGeneralName**) CompAsnListAppend (mem_op,&k->comp_list);
+		rc = 	BDecComponentGeneralName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+    } /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentGeneralNames*) CompAlloc( mem_op, sizeof(ComponentGeneralNames) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralNames ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralNames ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralNames;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralNames;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecGeneralNamesContent */
+
+int
+GDecComponentGeneralNames PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentGeneralNames **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentGeneralNames *k,*t, c_temp;
+
+
+	int ElmtsLen1;
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit( &k->comp_list, sizeof( ComponentGeneralName ) );
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+		Asn1Error("Error during Reading { in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+	{
+		ComponentGeneralName **tmpVar;
+		if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		if(*peek_head == '}') break;
+		if( !(*peek_head == '{' || *peek_head ==',') ) {
+			return LDAP_PROTOCOL_ERROR;
+		}
+		tmpVar = (ComponentGeneralName**) CompAsnListAppend (mem_op, &k->comp_list);
+		if ( tmpVar == NULL ) {
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		rc = 	GDecComponentGeneralName (mem_op, b, tmpVar, bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	} /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentGeneralNames*) CompAlloc( mem_op, sizeof(ComponentGeneralNames) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentGeneralNames ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentGeneralNames ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentGeneralNames;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentGeneralNames;
+	return LDAP_SUCCESS;
+}  /* GDecGeneralNamesContent */
+
+
+int
+MatchingComponentAuthorityKeyIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentKeyIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentAuthorityKeyIdentifier*)csi_attr)->keyIdentifier, (ComponentSyntaxInfo*)&((ComponentAuthorityKeyIdentifier*)csi_assert)->keyIdentifier );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	if(COMPONENTNOT_NULL( ((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertIssuer ) ) {
+	rc =	MatchingComponentGeneralNames ( oid, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertIssuer, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_assert)->authorityCertIssuer );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	if(COMPONENTNOT_NULL( ((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertSerialNumber ) ) {
+	rc =	MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_attr)->authorityCertSerialNumber, (ComponentSyntaxInfo*)((ComponentAuthorityKeyIdentifier*)csi_assert)->authorityCertSerialNumber );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentAuthorityKeyIdentifier */
+
+void*
+ExtractingComponentAuthorityKeyIdentifier ( void* mem_op, ComponentReference* cr, ComponentAuthorityKeyIdentifier *comp )
+{
+
+	if ( ( comp->keyIdentifier.identifier.bv_val && strncmp(comp->keyIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->keyIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->keyIdentifier;
+		else
+		return NULL;
+	}
+	if ( ( comp->authorityCertIssuer->identifier.bv_val && strncmp(comp->authorityCertIssuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->authorityCertIssuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->authorityCertIssuer;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentGeneralNames ( mem_op, cr, comp->authorityCertIssuer );
+		}
+	}
+	if ( ( comp->authorityCertSerialNumber->identifier.bv_val && strncmp(comp->authorityCertSerialNumber->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->authorityCertSerialNumber->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->authorityCertSerialNumber;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentCertificateSerialNumber ( mem_op, cr, comp->authorityCertSerialNumber );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentAuthorityKeyIdentifier */
+
+int
+BDecComponentAuthorityKeyIdentifier PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAuthorityKeyIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentAuthorityKeyIdentifier *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 0)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+                rc =    BDecComponentKeyIdentifier (mem_op, b, tagId1, elmtLen1, (&k->keyIdentifier), &totalElmtsLen1, mode);
+                if ( rc != LDAP_SUCCESS ) return rc;
+                (&k->keyIdentifier)->identifier.bv_val = (&k->keyIdentifier)->id_buf;
+                (&k->keyIdentifier)->identifier.bv_len = strlen("keyIdentifier");
+                strcpy( (&k->keyIdentifier)->identifier.bv_val, "keyIdentifier");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+                                                                                
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+                rc =    BDecComponentGeneralNames (mem_op, b, tagId1, elmtLen1,
+(&k->authorityCertIssuer), &totalElmtsLen1, mode);
+                if ( rc != LDAP_SUCCESS ) return rc;
+                (k->authorityCertIssuer)->identifier.bv_val = (k->authorityCertIssuer)->id_buf;
+                (k->authorityCertIssuer)->identifier.bv_len = strlen("authorityCertIssuer");
+                strcpy( (k->authorityCertIssuer)->identifier.bv_val, "authorityCertIssuer");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+                                                                                
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 2))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+                rc =    BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->authorityCertSerialNumber), &totalElmtsLen1, DEC_ALLOC_MODE_0 );                if ( rc != LDAP_SUCCESS ) return rc;
+                (k->authorityCertSerialNumber)->identifier.bv_val = (k->authorityCertSerialNumber)->id_buf;
+                (k->authorityCertSerialNumber)->identifier.bv_len = strlen("authorityCertSerialNumber");
+                strcpy( (k->authorityCertSerialNumber)->identifier.bv_val, "authorityCertSerialNumber");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+                                                                                
+    }
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAuthorityKeyIdentifier*) CompAlloc( mem_op, sizeof(ComponentAuthorityKeyIdentifier) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAuthorityKeyIdentifier ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAuthorityKeyIdentifier ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAuthorityKeyIdentifier;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAuthorityKeyIdentifier;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecAuthorityKeyIdentifier*/
+
+int
+GDecComponentAuthorityKeyIdentifier PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAuthorityKeyIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentAuthorityKeyIdentifier *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "keyIdentifier", strlen("keyIdentifier") ) == 0 ) {
+		rc = 	GDecComponentKeyIdentifier (mem_op, b, (&k->keyIdentifier), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->keyIdentifier)->identifier.bv_val = peek_head;
+	(&k->keyIdentifier)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "authorityCertIssuer", strlen("authorityCertIssuer") ) == 0 ) {
+		rc = 	GDecComponentGeneralNames (mem_op, b, (&k->authorityCertIssuer), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->authorityCertIssuer)->identifier.bv_val = peek_head;
+	( k->authorityCertIssuer)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "authorityCertSerialNumber", strlen("authorityCertSerialNumber") ) == 0 ) {
+		rc = 	GDecComponentCertificateSerialNumber (mem_op, b, (&k->authorityCertSerialNumber), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->authorityCertSerialNumber)->identifier.bv_val = peek_head;
+	( k->authorityCertSerialNumber)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAuthorityKeyIdentifier*) CompAlloc( mem_op, sizeof(ComponentAuthorityKeyIdentifier) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAuthorityKeyIdentifier ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAuthorityKeyIdentifier ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAuthorityKeyIdentifier;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAuthorityKeyIdentifier;
+	return LDAP_SUCCESS;
+}  /* GDecAuthorityKeyIdentifier*/
+
+
diff --git a/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h
new file mode 100644
index 0000000..5fa4ab5
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/authorityKeyIdentifier.h
@@ -0,0 +1,327 @@
+
+#include "asn-incl.h"
+/*
+ *    authorityKeyIdentifier.h
+ *    "AuthorityKeyIdentifierDefinition" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Sat Dec 11 10:15:39 2004
+ *    The generated files are strongly encouraged to be
+ *    compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _authorityKeyIdentifier_h_
+#define _authorityKeyIdentifier_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+typedef ComponentOcts ComponentKeyIdentifier; /* OCTET STRING */
+
+#define MatchingComponentKeyIdentifier MatchingComponentOcts
+
+#define ExtractingComponentKeyIdentifier ExtractingComponentOcts
+
+#define BDecComponentKeyIdentifier BDecComponentOcts
+
+#define GDecComponentKeyIdentifier GDecComponentOcts
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef struct OtherName /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid type_id; /* OBJECT IDENTIFIER */
+	ComponentAnyDefinedBy value; /* [0] EXPLICIT ANY DEFINED BY type-id */
+} ComponentOtherName;
+
+int MatchingComponentOtherName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentOtherName PROTO (( void* mem_op, ComponentReference *cr, ComponentOtherName *comp ));
+
+
+int BDecComponentOtherName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentOtherName PROTO (( void* mem_op, GenBuf * b, ComponentOtherName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct ORAddress /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid type_id; /* OBJECT IDENTIFIER */
+	ComponentAnyDefinedBy value; /* ANY DEFINED BY type-id */
+	ComponentOcts extension; /* OCTET STRING OPTIONAL */
+} ComponentORAddress;
+
+int MatchingComponentORAddress PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentORAddress PROTO (( void* mem_op, ComponentReference *cr, ComponentORAddress *comp ));
+
+
+int BDecComponentORAddress PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentORAddress PROTO (( void* mem_op, GenBuf * b, ComponentORAddress **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid type; /* OBJECT IDENTIFIER */
+	ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct DirectoryString /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum DirectoryStringChoiceId
+    {
+        DIRECTORYSTRING_TELETEXSTRING,
+        DIRECTORYSTRING_PRINTABLESTRING,
+        DIRECTORYSTRING_UNIVERSALSTRING,
+        DIRECTORYSTRING_UTF8STRING,
+        DIRECTORYSTRING_BMPSTRING
+    } choiceId;
+    union DirectoryStringChoiceUnion
+    {
+	ComponentTeletexString* teletexString; /* TeletexString SIZE 1..MAX */
+	ComponentPrintableString* printableString; /* PrintableString SIZE 1..MAX */
+	ComponentUniversalString* universalString; /* UniversalString SIZE 1..MAX */
+	ComponentUTF8String* utf8String; /* UTF8String SIZE 1..MAX */
+	ComponentBMPString* bmpString; /* BMPString SIZE 1..MAX */
+    } a;
+} ComponentDirectoryString;
+
+int MatchingComponentDirectoryString PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentDirectoryString PROTO (( void* mem_op, ComponentReference *cr, ComponentDirectoryString *comp ));
+
+
+int BDecComponentDirectoryString PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentDirectoryString PROTO (( void* mem_op, GenBuf * b, ComponentDirectoryString **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct EDIPartyName /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentDirectoryString* nameAssigner; /* [0] DirectoryString OPTIONAL */
+	ComponentDirectoryString* partyName; /* [1] DirectoryString */
+} ComponentEDIPartyName;
+
+int MatchingComponentEDIPartyName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentEDIPartyName PROTO (( void* mem_op, ComponentReference *cr, ComponentEDIPartyName *comp ));
+
+
+int BDecComponentEDIPartyName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentEDIPartyName PROTO (( void* mem_op, GenBuf * b, ComponentEDIPartyName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum NameChoiceId
+    {
+        NAME_RDNSEQUENCE
+    } choiceId;
+    union NameChoiceUnion
+    {
+	ComponentRDNSequence* rdnSequence; /* RDNSequence */
+    } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct GeneralName /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum GeneralNameChoiceId
+    {
+        GENERALNAME_OTHERNAME,
+        GENERALNAME_RFC822NAME,
+        GENERALNAME_DNSNAME,
+        GENERALNAME_X400ADDRESS,
+        GENERALNAME_DIRECTORYNAME,
+        GENERALNAME_EDIPARTYNAME,
+        GENERALNAME_UNIFORMRESOURCEIDENTIFIER,
+        GENERALNAME_IPADDRESS,
+        GENERALNAME_REGISTEREDID
+    } choiceId;
+    union GeneralNameChoiceUnion
+    {
+	ComponentOtherName* otherName; /* [0] OtherName */
+	ComponentIA5String* rfc822Name; /* [1] IA5String */
+	ComponentIA5String* dNSName; /* [2] IA5String */
+	ComponentORAddress* x400Address; /* [3] ORAddress */
+	ComponentName* directoryName; /* [4] Name */
+	ComponentEDIPartyName* ediPartyName; /* [5] EDIPartyName */
+	ComponentIA5String* uniformResourceIdentifier; /* [6] IA5String */
+	ComponentOcts* iPAddress; /* [7] OCTET STRING */
+	ComponentOid* registeredID; /* [8] OBJECT IDENTIFIER */
+    } a;
+} ComponentGeneralName;
+
+int MatchingComponentGeneralName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentGeneralName PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralName *comp ));
+
+
+int BDecComponentGeneralName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentGeneralName PROTO (( void* mem_op, GenBuf * b, ComponentGeneralName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentGeneralNames; /* SEQUENCE SIZE 1..MAX OF GeneralName */
+
+int MatchingComponentGeneralNames PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentGeneralNames PROTO (( void* mem_op, ComponentReference *cr, ComponentGeneralNames *comp ));
+
+
+int BDecComponentGeneralNames PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentGeneralNames PROTO (( void* mem_op, GenBuf * b, ComponentGeneralNames **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AuthorityKeyIdentifier /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentKeyIdentifier keyIdentifier; /* [0] KeyIdentifier OPTIONAL */
+	ComponentGeneralNames* authorityCertIssuer; /* [1] GeneralNames OPTIONAL */
+	ComponentCertificateSerialNumber* authorityCertSerialNumber; /* [2] CertificateSerialNumber OPTIONAL */
+} ComponentAuthorityKeyIdentifier;
+
+int MatchingComponentAuthorityKeyIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAuthorityKeyIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAuthorityKeyIdentifier *comp ));
+
+
+int BDecComponentAuthorityKeyIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAuthorityKeyIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAuthorityKeyIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of authorityKeyIdentifier.h */
diff --git a/contrib/slapd-modules/comp_match/certificate.asn1 b/contrib/slapd-modules/comp_match/certificate.asn1
new file mode 100644
index 0000000..db81897
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/certificate.asn1
@@ -0,0 +1,175 @@
+AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4} DEFINITIONS ::=
+BEGIN
+-- based on RFC 3280 and X.509
+
+Certificate ::=	SEQUENCE {
+	toBeSigned TBSCertificate,
+	signatureAlgorithm AlgorithmIdentifier,
+	signature BIT STRING
+}
+
+TBSCertificate ::= SEQUENCE {
+		version [0] Version DEFAULT v1,
+		serialNumber CertificateSerialNumber,
+		signature AlgorithmIdentifier,
+		issuer Name,
+		validity Validity,
+		subject Name,
+		subjectPublicKeyInfo SubjectPublicKeyInfo,
+		issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL,
+		-- if present, version shall be v2 or v3
+		subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL,
+		-- if present, version shall be v2 or v3
+		extensions [3] Extensions OPTIONAL
+		-- If present, version shall be v3 -- }
+
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+CertificateSerialNumber ::= INTEGER
+
+AlgorithmIdentifier ::= SEQUENCE {
+	algorithm	OBJECT IDENTIFIER,
+	parameters	ANY DEFINED BY algorithm OPTIONAL -- DSA, SHA-1--
+}
+
+Name ::= CHOICE {
+	rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
+
+AttributeTypeAndValue ::= SEQUENCE {
+	type     AttributeType,
+	value    ANY DEFINED BY type}
+
+AttributeType ::= OBJECT IDENTIFIER
+
+Validity ::= SEQUENCE {
+	notBefore Time,
+	notAfter Time }
+
+UniqueIdentifier  ::=  BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+	algorithm AlgorithmIdentifier,
+	subjectPublicKey BIT STRING }
+
+Time ::= CHOICE {
+	utcTime UTCTime,
+	generalizedTime GeneralizedTime }
+
+Extensions ::= SEQUENCE SIZE(1..MAX) OF Extension
+
+Extension ::= SEQUENCE {
+	extnID	OBJECT IDENTIFIER,
+	critical BOOLEAN DEFAULT FALSE,
+	extnValue OCTET STRING
+-- contains a DER encoding of a value of type &ExtnType
+-- for the extension object identified by extnId --
+}
+
+nullOid OBJECT-TYPE
+	SYNTAX	NULL
+	ACCESS read-write
+	STATUS mandatory
+	::= { 1 2 840 113549 1 1 4 }
+
+nullOid2 OBJECT-TYPE
+	SYNTAX	NULL
+	ACCESS read-write
+	STATUS mandatory
+	::= { 1 2 840 113549 1 1 1 }
+
+nullOid3 OBJECT-TYPE
+	SYNTAX	NULL
+	ACCESS read-write
+	STATUS mandatory
+	::= { 1 2 840 113549 1 1 5 }
+
+printableStringOid OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 3 }
+
+printableStringOid2 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 6 }    
+
+printableStringOid3 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 7 }
+
+printableStringOid4 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 8 }    
+
+printableStringOid5 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 10 }    
+
+printableStringOid6 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 4 11 }
+
+printableStringOid7 OBJECT-TYPE
+	SYNTAX PrintableString
+	ACCESS read-write
+	STATUS mandatory
+	::= { 0 9 2342 19200300 100 1 3 }
+
+
+iA5StringOid OBJECT-TYPE
+	SYNTAX IA5String
+	ACCESS read-write
+	STATUS mandatory
+	::= { 1 2 840 113549 1 9 1 }
+
+octetStringOid OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 29 19 }
+
+octetStringOid2 OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 16 840 1 113730 1 13 }
+
+octetStringOid3 OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 29 14 }
+
+octetStringOid4 OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 29 21 }
+
+octetStringOid5 OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 29 20 }
+
+octetStringOid7 OBJECT-TYPE
+	SYNTAX OCTET STRING
+	ACCESS read-write
+	STATUS mandatory
+	::= { 2 5 29 28 }
+
+END
diff --git a/contrib/slapd-modules/comp_match/certificate.c b/contrib/slapd-modules/comp_match/certificate.c
new file mode 100644
index 0000000..8b58bdb
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/certificate.c
@@ -0,0 +1,3249 @@
+/*
+ *    certificate.c
+ *    "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
+ *    The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "certificate.h"
+
+BDecComponentCertificateTop( void* mem_op, GenBuf* b, void **v, AsnLen* bytesDecoded,int mode) {
+	AsnTag tag;
+	AsnLen elmtLen;
+
+	tag = BDecTag ( b, bytesDecoded );
+	elmtLen = BDecLen ( b, bytesDecoded );
+	if ( elmtLen <= 0 ) return (-1);
+	if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+		return (-1);
+	}
+		
+	return BDecComponentCertificate( mem_op, b, tag, elmtLen, (ComponentCertificate**)v,(AsnLen*)bytesDecoded, mode );
+}
+
+void init_module_AuthenticationFramework() {
+	/* Register Certificate OID and its decoder */
+	InstallOidDecoderMapping( "2.5.4.36", NULL,
+				GDecComponentCertificate,
+				BDecComponentCertificateTop,
+				ExtractingComponentCertificate,
+				MatchingComponentCertificate );
+	InitAnyAuthenticationFramework();
+}
+
+void InitAnyAuthenticationFramework()
+{
+    AsnOid oid0 ={ 9, "\52\206\110\206\367\15\1\1\4" };
+    AsnOid oid1 ={ 9, "\52\206\110\206\367\15\1\1\1" };
+    AsnOid oid2 ={ 9, "\52\206\110\206\367\15\1\1\5" };
+    AsnOid oid3 ={ 3, "\125\4\3" };
+    AsnOid oid4 ={ 3, "\125\4\6" };
+    AsnOid oid5 ={ 3, "\125\4\7" };
+    AsnOid oid6 ={ 3, "\125\4\10" };
+    AsnOid oid7 ={ 3, "\125\4\12" };
+    AsnOid oid8 ={ 3, "\125\4\13" };
+    AsnOid oid9 ={ 10, "\11\222\46\211\223\362\54\144\1\3" };
+    AsnOid oid10 ={ 9, "\52\206\110\206\367\15\1\11\1" };
+    AsnOid oid11 ={ 3, "\125\35\23" };
+    AsnOid oid12 ={ 9, "\140\206\110\1\206\370\102\1\15" };
+    AsnOid oid13 ={ 3, "\125\35\16" };
+    AsnOid oid14 ={ 3, "\125\35\25" };
+    AsnOid oid15 ={ 3, "\125\35\24" };
+    AsnOid oid17 ={ 3, "\125\35\34" };
+
+
+    InstallAnyByComponentOid (nullOid_ANY_ID, &oid0, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (nullOid2_ANY_ID, &oid1, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (nullOid3_ANY_ID, &oid2, sizeof (ComponentNull), (EncodeFcn)BEncAsnNull, (gser_decoder_func*)GDecComponentNull, (ber_tag_decoder_func*)BDecComponentNullTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentNull,(FreeFcn)FreeComponentNull, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid_ANY_ID, &oid3, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid2_ANY_ID, &oid4, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid3_ANY_ID, &oid5, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid4_ANY_ID, &oid6, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid5_ANY_ID, &oid7, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid6_ANY_ID, &oid8, sizeof (ComponentPrintableString), (EncodeFcn)BEncPrintableString, (gser_decoder_func*)GDecComponentPrintableString, (ber_tag_decoder_func*)BDecComponentPrintableStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentPrintableString,(FreeFcn)FreeComponentPrintableString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (printableStringOid7_ANY_ID, &oid9, sizeof (ComponentTeletexString), (EncodeFcn)BEncTeletexString, (gser_decoder_func*)GDecComponentTeletexString, (ber_tag_decoder_func*)BDecComponentTeletexStringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentTeletexString,(FreeFcn)FreeComponentTeletexString, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (iA5StringOid_ANY_ID, &oid10, sizeof (ComponentIA5String), (EncodeFcn)BEncIA5String, (gser_decoder_func*)GDecComponentIA5String, (ber_tag_decoder_func*)BDecComponentIA5StringTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentIA5String,(FreeFcn)FreeComponentIA5String, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid_ANY_ID, &oid11, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid2_ANY_ID, &oid12, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid3_ANY_ID, &oid13, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid4_ANY_ID, &oid14, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid5_ANY_ID, &oid15, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+    InstallAnyByComponentOid (octetStringOid7_ANY_ID, &oid17, sizeof (ComponentOcts), (EncodeFcn)BEncAsnOcts, (gser_decoder_func*)GDecComponentOcts, (ber_tag_decoder_func*)BDecComponentOctsTag, (ExtractFcn)NULL,(MatchFcn)MatchingComponentOcts,(FreeFcn)FreeComponentOcts, (PrintFcn)NULL);
+
+}  /* InitAnyAuthenticationFramework */
+
+int
+MatchingComponentAlgorithmIdentifier ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm, (ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_assert)->algorithm );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (&((ComponentAlgorithmIdentifier*)csi_attr)->algorithm));
+	rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_attr)->parameters, (ComponentAny*)&((ComponentAlgorithmIdentifier*)csi_assert)->parameters);
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentAlgorithmIdentifier */
+
+void*
+ExtractingComponentAlgorithmIdentifier ( void* mem_op, ComponentReference* cr, ComponentAlgorithmIdentifier *comp )
+{
+
+	if ( ( comp->algorithm.identifier.bv_val && strncmp(comp->algorithm.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->algorithm.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->algorithm;
+		else
+		return NULL;
+	}
+	if ( ( comp->parameters.identifier.bv_val && strncmp(comp->parameters.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->parameters.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->parameters;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->parameters;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentAlgorithmIdentifier */
+
+int
+BDecComponentAlgorithmIdentifier PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAlgorithmIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentAlgorithmIdentifier *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->algorithm)->identifier.bv_val = (&k->algorithm)->id_buf;
+		(&k->algorithm)->identifier.bv_len = strlen("algorithm");
+		strcpy( (&k->algorithm)->identifier.bv_val, "algorithm");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+         tagId1 = BufPeekByte (b);
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDecEoc (b, &totalElmtsLen1 );
+            seqDone = TRUE;
+        }
+    }
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)    {
+	rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
+ 	rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->parameters), &totalElmtsLen1, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->parameters)->identifier.bv_val = (&k->parameters)->id_buf;
+		(&k->parameters)->identifier.bv_len = strlen("parameters");
+		strcpy( (&k->parameters)->identifier.bv_val, "parameters");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAlgorithmIdentifier*) CompAlloc( mem_op, sizeof(ComponentAlgorithmIdentifier) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAlgorithmIdentifier ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAlgorithmIdentifier ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAlgorithmIdentifier;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAlgorithmIdentifier;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecAlgorithmIdentifier*/
+
+int
+GDecComponentAlgorithmIdentifier PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAlgorithmIdentifier **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentAlgorithmIdentifier *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "algorithm", strlen("algorithm") ) == 0 ) {
+		rc = 	GDecComponentOid (mem_op, b, (&k->algorithm), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->algorithm)->identifier.bv_val = peek_head;
+	(&k->algorithm)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "parameters", strlen("parameters") ) == 0 ) {
+		rc = 	rc = SetAnyTypeByComponentOid ((&k->parameters), (&k->algorithm));
+	rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->parameters), bytesDecoded, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->parameters)->identifier.bv_val = peek_head;
+	(&k->parameters)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAlgorithmIdentifier*) CompAlloc( mem_op, sizeof(ComponentAlgorithmIdentifier) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAlgorithmIdentifier ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAlgorithmIdentifier ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAlgorithmIdentifier;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAlgorithmIdentifier;
+	return LDAP_SUCCESS;
+}  /* GDecAlgorithmIdentifier*/
+
+
+int
+MatchingComponentTime ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	ComponentTime *v1, *v2;
+
+
+	v1 = (ComponentTime*)csi_attr;
+	v2 = (ComponentTime*)csi_assert;
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	if( (v1->choiceId != v2->choiceId ) )
+		return LDAP_COMPARE_FALSE;
+	switch( v1->choiceId )
+	{
+	   case TIME_UTCTIME :
+		rc = 	MatchingComponentUTCTime ( oid, (ComponentSyntaxInfo*)(v1->a.utcTime), (ComponentSyntaxInfo*)(v2->a.utcTime) );
+		break;
+	   case TIME_GENERALIZEDTIME :
+		rc = 	MatchingComponentGeneralizedTime ( oid, (ComponentSyntaxInfo*)(v1->a.generalizedTime), (ComponentSyntaxInfo*)(v2->a.generalizedTime) );
+		break;
+	default : 
+		 return LDAP_PROTOCOL_ERROR;
+	}
+	return rc;
+}  /* BMatchingComponentTimeContent */
+
+void*
+ExtractingComponentTime ( void* mem_op, ComponentReference* cr, ComponentTime *comp )
+{
+
+
+	if( (comp->choiceId) ==  TIME_UTCTIME &&
+		 (( comp->a.utcTime->identifier.bv_val && strncmp(comp->a.utcTime->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.utcTime->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.utcTime);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentUTCTime ( mem_op, cr, (comp->a.utcTime) );
+		};
+	}
+	if( (comp->choiceId) ==  TIME_GENERALIZEDTIME &&
+		 (( comp->a.generalizedTime->identifier.bv_val && strncmp(comp->a.generalizedTime->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.generalizedTime->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.generalizedTime);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentGeneralizedTime ( mem_op, cr, (comp->a.generalizedTime) );
+		};
+	}
+	return NULL;
+}  /* ExtractingComponentTime */
+
+int
+BDecComponentTime PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTime **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentTime *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    switch (tagId0)
+    {
+       case MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE):
+        (k->choiceId) = TIME_UTCTIME;
+	rc = BDecComponentUTCTime (mem_op, b, tagId0, elmtLen0, (&k->a.utcTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.utcTime)->identifier.bv_val = (k->a.utcTime)->id_buf;
+		(k->a.utcTime)->identifier.bv_len = strlen("utcTime");
+		strcpy( (k->a.utcTime)->identifier.bv_val, "utcTime");
+    break;
+
+       case MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE):
+       case MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE):
+        (k->choiceId) = TIME_GENERALIZEDTIME;
+	rc = BDecComponentGeneralizedTime (mem_op, b, tagId0, elmtLen0, (&k->a.generalizedTime), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.generalizedTime)->identifier.bv_val = (k->a.generalizedTime)->id_buf;
+		(k->a.generalizedTime)->identifier.bv_len = strlen("generalizedTime");
+		strcpy( (k->a.generalizedTime)->identifier.bv_val, "generalizedTime");
+    break;
+
+    default:
+        Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+        return -1;
+        break;
+    } /* end switch */
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTime*) CompAlloc( mem_op, sizeof(ComponentTime) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTime ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTime ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTime;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTime;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecTimeContent */
+
+int
+GDecComponentTime PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTime **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentTime *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head2 != ':'){
+		Asn1Error("Missing : in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( strncmp("utcTime",peek_head, strlen("utcTime")) == 0){
+		(k->choiceId) = TIME_UTCTIME;
+		rc = 	GDecComponentUTCTime (mem_op, b, (&k->a.utcTime), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.utcTime)->identifier.bv_val = peek_head;
+		(k->a.utcTime)->identifier.bv_len = strLen;
+	}
+	else if( strncmp("generalizedTime",peek_head,strlen("generalizedTime")) == 0){
+		(k->choiceId) = TIME_GENERALIZEDTIME;
+		rc = 	GDecComponentGeneralizedTime (mem_op, b, (&k->a.generalizedTime), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.generalizedTime)->identifier.bv_val = peek_head;
+		(k->a.generalizedTime)->identifier.bv_len = strLen;
+	}
+	else {
+		Asn1Error("Undefined Identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTime*) CompAlloc( mem_op, sizeof(ComponentTime) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTime ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTime ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTime;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTime;
+	return LDAP_SUCCESS;
+}  /* GDecTimeContent */
+
+
+int
+MatchingComponentExtension ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentOid ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnID, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnID );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentBool ( oid, (ComponentSyntaxInfo*)((ComponentExtension*)csi_attr)->critical, (ComponentSyntaxInfo*)((ComponentExtension*)csi_assert)->critical );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentOcts ( oid, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_attr)->extnValue, (ComponentSyntaxInfo*)&((ComponentExtension*)csi_assert)->extnValue );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentExtension */
+
+void*
+ExtractingComponentExtension ( void* mem_op, ComponentReference* cr, ComponentExtension *comp )
+{
+
+	if ( ( comp->extnID.identifier.bv_val && strncmp(comp->extnID.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extnID.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->extnID;
+		else
+		return NULL;
+	}
+	if ( ( comp->critical->identifier.bv_val && strncmp(comp->critical->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->critical->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->critical;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentBool ( mem_op, cr, comp->critical );
+		}
+	}
+	if ( ( comp->extnValue.identifier.bv_val && strncmp(comp->extnValue.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extnValue.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->extnValue;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->extnValue;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentExtension */
+
+int
+BDecComponentExtension PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentExtension **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentExtension *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentOid (mem_op, b, tagId1, elmtLen1, (&k->extnID), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->extnID)->identifier.bv_val = (&k->extnID)->id_buf;
+		(&k->extnID)->identifier.bv_len = strlen("extnID");
+		strcpy( (&k->extnID)->identifier.bv_val, "extnID");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BOOLEAN_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentBool (mem_op, b, tagId1, elmtLen1, (&k->critical), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->critical)->identifier.bv_val = (k->critical)->id_buf;
+		(k->critical)->identifier.bv_len = strlen("critical");
+		strcpy( (k->critical)->identifier.bv_val, "critical");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OCTETSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, OCTETSTRING_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentOcts (mem_op, b, tagId1, elmtLen1, (&k->extnValue), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->extnValue)->identifier.bv_val = (&k->extnValue)->id_buf;
+		(&k->extnValue)->identifier.bv_len = strlen("extnValue");
+		strcpy( (&k->extnValue)->identifier.bv_val, "extnValue");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if(!COMPONENTNOT_NULL ((k->critical)))
+	{
+(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
+		(k->critical)->identifier.bv_val = (k->critical)->id_buf;
+		(k->critical)->identifier.bv_len = strlen("critical");
+		strcpy( (k->critical)->identifier.bv_val, "critical");
+	(k->critical)->value = 0;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentExtension*) CompAlloc( mem_op, sizeof(ComponentExtension) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtension ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtension ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtension;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtension;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecExtension*/
+
+int
+GDecComponentExtension PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentExtension **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentExtension *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "extnID", strlen("extnID") ) == 0 ) {
+		rc = 	GDecComponentOid (mem_op, b, (&k->extnID), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->extnID)->identifier.bv_val = peek_head;
+	(&k->extnID)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "critical", strlen("critical") ) == 0 ) {
+		rc = 	GDecComponentBool (mem_op, b, (&k->critical), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->critical)->identifier.bv_val = peek_head;
+	( k->critical)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	else {
+(k->critical) = CompAlloc( mem_op, sizeof(ComponentBool));
+			(k->critical)->value = 0;
+	}
+	if ( strncmp( peek_head, "extnValue", strlen("extnValue") ) == 0 ) {
+		rc = 	GDecComponentOcts (mem_op, b, (&k->extnValue), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->extnValue)->identifier.bv_val = peek_head;
+	(&k->extnValue)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentExtension*) CompAlloc( mem_op, sizeof(ComponentExtension) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtension ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtension ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtension;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtension;
+	return LDAP_SUCCESS;
+}  /* GDecExtension*/
+
+
+int
+MatchingComponentAttributeTypeAndValue ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentAttributeType ( oid, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->type, (ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_assert)->type );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	SetAnyTypeByComponentOid ((ComponentSyntaxInfo*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (&((ComponentAttributeTypeAndValue*)csi_attr)->type));
+	rc = MatchingComponentAnyDefinedBy ( oid, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_attr)->value, (ComponentAny*)&((ComponentAttributeTypeAndValue*)csi_assert)->value);
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentAttributeTypeAndValue */
+
+void*
+ExtractingComponentAttributeTypeAndValue ( void* mem_op, ComponentReference* cr, ComponentAttributeTypeAndValue *comp )
+{
+
+	if ( ( comp->type.identifier.bv_val && strncmp(comp->type.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->type.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->type;
+		else
+		return NULL;
+	}
+	if ( ( comp->value.identifier.bv_val && strncmp(comp->value.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->value.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->value;
+		else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_SELECT ) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return &comp->value;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentAttributeTypeAndValue */
+
+int
+BDecComponentAttributeTypeAndValue PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentAttributeTypeAndValue **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentAttributeTypeAndValue *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, OID_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAttributeType (mem_op, b, tagId1, elmtLen1, (&k->type), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->type)->identifier.bv_val = (&k->type)->id_buf;
+		(&k->type)->identifier.bv_len = strlen("type");
+		strcpy( (&k->type)->identifier.bv_val, "type");
+    }
+    else
+        return -1;
+
+
+
+    {
+	rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
+ 	rc = BDecComponentAnyDefinedBy (mem_op,b, (&k->value), &totalElmtsLen1, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->value)->identifier.bv_val = (&k->value)->id_buf;
+		(&k->value)->identifier.bv_len = strlen("value");
+		strcpy( (&k->value)->identifier.bv_val, "value");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAttributeTypeAndValue*) CompAlloc( mem_op, sizeof(ComponentAttributeTypeAndValue) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAttributeTypeAndValue ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAttributeTypeAndValue ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAttributeTypeAndValue;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAttributeTypeAndValue;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecAttributeTypeAndValue*/
+
+int
+GDecComponentAttributeTypeAndValue PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentAttributeTypeAndValue **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentAttributeTypeAndValue *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "type", strlen("type") ) == 0 ) {
+		rc = 	GDecComponentAttributeType (mem_op, b, (&k->type), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->type)->identifier.bv_val = peek_head;
+	(&k->type)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "value", strlen("value") ) == 0 ) {
+		rc = 	rc = SetAnyTypeByComponentOid ((&k->value), (&k->type));
+	rc = GDecComponentAnyDefinedBy (mem_op, b, (&k->value), bytesDecoded, mode );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->value)->identifier.bv_val = peek_head;
+	(&k->value)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentAttributeTypeAndValue*) CompAlloc( mem_op, sizeof(ComponentAttributeTypeAndValue) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAttributeTypeAndValue ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAttributeTypeAndValue ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentAttributeTypeAndValue;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAttributeTypeAndValue;
+	return LDAP_SUCCESS;
+}  /* GDecAttributeTypeAndValue*/
+
+
+int
+MatchingComponentValidity ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentValidity*)csi_attr)->notBefore, (ComponentSyntaxInfo*)((ComponentValidity*)csi_assert)->notBefore );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentValidity*)csi_attr)->notAfter, (ComponentSyntaxInfo*)((ComponentValidity*)csi_assert)->notAfter );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentValidity */
+
+void*
+ExtractingComponentValidity ( void* mem_op, ComponentReference* cr, ComponentValidity *comp )
+{
+
+	if ( ( comp->notBefore->identifier.bv_val && strncmp(comp->notBefore->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->notBefore->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->notBefore;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTime ( mem_op, cr, comp->notBefore );
+		}
+	}
+	if ( ( comp->notAfter->identifier.bv_val && strncmp(comp->notAfter->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->notAfter->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->notAfter;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTime ( mem_op, cr, comp->notAfter );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentValidity */
+
+int
+BDecComponentValidity PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentValidity **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentValidity *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+     (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+    (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notBefore), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->notBefore)->identifier.bv_val = (k->notBefore)->id_buf;
+		(k->notBefore)->identifier.bv_len = strlen("notBefore");
+		strcpy( (k->notBefore)->identifier.bv_val, "notBefore");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+     (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+    (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->notAfter), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->notAfter)->identifier.bv_val = (k->notAfter)->id_buf;
+		(k->notAfter)->identifier.bv_len = strlen("notAfter");
+		strcpy( (k->notAfter)->identifier.bv_val, "notAfter");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentValidity*) CompAlloc( mem_op, sizeof(ComponentValidity) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentValidity ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentValidity ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentValidity;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentValidity;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecValidity*/
+
+int
+GDecComponentValidity PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentValidity **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentValidity *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "notBefore", strlen("notBefore") ) == 0 ) {
+		rc = 	GDecComponentTime (mem_op, b, (&k->notBefore), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->notBefore)->identifier.bv_val = peek_head;
+	( k->notBefore)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "notAfter", strlen("notAfter") ) == 0 ) {
+		rc = 	GDecComponentTime (mem_op, b, (&k->notAfter), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->notAfter)->identifier.bv_val = peek_head;
+	( k->notAfter)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentValidity*) CompAlloc( mem_op, sizeof(ComponentValidity) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentValidity ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentValidity ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentValidity;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentValidity;
+	return LDAP_SUCCESS;
+}  /* GDecValidity*/
+
+
+int
+MatchingComponentSubjectPublicKeyInfo ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentSubjectPublicKeyInfo*)csi_attr)->algorithm, (ComponentSyntaxInfo*)((ComponentSubjectPublicKeyInfo*)csi_assert)->algorithm );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentSubjectPublicKeyInfo*)csi_attr)->subjectPublicKey, (ComponentSyntaxInfo*)&((ComponentSubjectPublicKeyInfo*)csi_assert)->subjectPublicKey );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentSubjectPublicKeyInfo */
+
+void*
+ExtractingComponentSubjectPublicKeyInfo ( void* mem_op, ComponentReference* cr, ComponentSubjectPublicKeyInfo *comp )
+{
+
+	if ( ( comp->algorithm->identifier.bv_val && strncmp(comp->algorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->algorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->algorithm;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->algorithm );
+		}
+	}
+	if ( ( comp->subjectPublicKey.identifier.bv_val && strncmp(comp->subjectPublicKey.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectPublicKey.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->subjectPublicKey;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->subjectPublicKey;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentSubjectPublicKeyInfo */
+
+int
+BDecComponentSubjectPublicKeyInfo PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentSubjectPublicKeyInfo **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentSubjectPublicKeyInfo *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->algorithm), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->algorithm)->identifier.bv_val = (k->algorithm)->id_buf;
+		(k->algorithm)->identifier.bv_len = strlen("algorithm");
+		strcpy( (k->algorithm)->identifier.bv_val, "algorithm");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKey), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->subjectPublicKey)->identifier.bv_val = (&k->subjectPublicKey)->id_buf;
+		(&k->subjectPublicKey)->identifier.bv_len = strlen("subjectPublicKey");
+		strcpy( (&k->subjectPublicKey)->identifier.bv_val, "subjectPublicKey");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentSubjectPublicKeyInfo*) CompAlloc( mem_op, sizeof(ComponentSubjectPublicKeyInfo) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentSubjectPublicKeyInfo ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentSubjectPublicKeyInfo ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentSubjectPublicKeyInfo;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentSubjectPublicKeyInfo;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecSubjectPublicKeyInfo*/
+
+int
+GDecComponentSubjectPublicKeyInfo PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentSubjectPublicKeyInfo **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentSubjectPublicKeyInfo *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "algorithm", strlen("algorithm") ) == 0 ) {
+		rc = 	GDecComponentAlgorithmIdentifier (mem_op, b, (&k->algorithm), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->algorithm)->identifier.bv_val = peek_head;
+	( k->algorithm)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "subjectPublicKey", strlen("subjectPublicKey") ) == 0 ) {
+		rc = 	GDecComponentBits (mem_op, b, (&k->subjectPublicKey), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->subjectPublicKey)->identifier.bv_val = peek_head;
+	(&k->subjectPublicKey)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentSubjectPublicKeyInfo*) CompAlloc( mem_op, sizeof(ComponentSubjectPublicKeyInfo) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentSubjectPublicKeyInfo ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentSubjectPublicKeyInfo ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentSubjectPublicKeyInfo;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentSubjectPublicKeyInfo;
+	return LDAP_SUCCESS;
+}  /* GDecSubjectPublicKeyInfo*/
+
+
+int
+MatchingComponentExtensions ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	void* component1, *component2;
+	AsnList *v1, *v2, t_list;
+
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	v1 = &((ComponentExtensions*)csi_attr)->comp_list;
+	v2 = &((ComponentExtensions*)csi_assert)->comp_list;
+	FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+	{
+		if( MatchingComponentExtension(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+			return LDAP_COMPARE_FALSE;
+		}
+	} /* end of for */
+
+	AsnListFirst( v1 );
+	AsnListFirst( v2 );
+	if( (!component1 && component2) || (component1 && !component2))
+		return LDAP_COMPARE_FALSE;
+	else
+		return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentExtensionsContent */
+
+void*
+ExtractingComponentExtensions ( void* mem_op, ComponentReference* cr, ComponentExtensions *comp )
+{
+	int count = 0;
+	int total;
+	AsnList *v = &comp->comp_list;
+	ComponentInt *k;
+	ComponentExtension *component;
+
+
+	switch ( cr->cr_curr->ci_type ) {
+	case LDAP_COMPREF_FROM_BEGINNING :
+		count = cr->cr_curr->ci_val.ci_from_beginning;
+		FOR_EACH_LIST_ELMT( component , v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentExtension ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_FROM_END :
+		total = AsnListCount ( v );
+		count = cr->cr_curr->ci_val.ci_from_end;
+		count = total + count +1;
+		FOR_EACH_LIST_ELMT ( component, v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL ) 
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentExtension ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_ALL :
+		return comp;
+	case LDAP_COMPREF_COUNT :
+		k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		k->comp_desc->cd_tag = (-1);
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+		k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+		k->value = AsnListCount(v);
+		return k;
+	default :
+		return NULL;
+	}
+}  /* ExtractingComponentExtensions */
+
+int
+BDecComponentExtensions PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentExtensions **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentExtensions *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit(&k->comp_list,sizeof(ComponentExtension));
+    for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+    {
+        ComponentExtension **tmpVar;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+    {
+        BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+        break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+    }
+    if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+    tmpVar = (ComponentExtension**) CompAsnListAppend (mem_op,&k->comp_list);
+	rc = BDecComponentExtension (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+    }  /* end of tag check if */
+    else  /* wrong tag */
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+    } /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentExtensions*) CompAlloc( mem_op, sizeof(ComponentExtensions) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtensions ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtensions ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtensions;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtensions;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecExtensionsContent */
+
+int
+GDecComponentExtensions PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentExtensions **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentExtensions *k,*t, c_temp;
+
+
+	int ElmtsLen1;
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit( &k->comp_list, sizeof( ComponentExtension ) );
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+		Asn1Error("Error during Reading { in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+	{
+		ComponentExtension **tmpVar;
+		if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		if(*peek_head == '}') break;
+		if( !(*peek_head == '{' || *peek_head ==',') ) {
+			return LDAP_PROTOCOL_ERROR;
+		}
+		tmpVar = (ComponentExtension**) CompAsnListAppend (mem_op, &k->comp_list);
+		if ( tmpVar == NULL ) {
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		rc = 	GDecComponentExtension (mem_op, b, tmpVar, bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	} /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentExtensions*) CompAlloc( mem_op, sizeof(ComponentExtensions) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentExtensions ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentExtensions ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentExtensions;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentExtensions;
+	return LDAP_SUCCESS;
+}  /* GDecExtensionsContent */
+
+
+int
+MatchingComponentRelativeDistinguishedName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	void* component1, *component2;
+	AsnList *v1, *v2, t_list;
+
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	v1 = &((ComponentRelativeDistinguishedName*)csi_attr)->comp_list;
+	v2 = &((ComponentRelativeDistinguishedName*)csi_assert)->comp_list;
+	AsnListInit( &t_list, 0 );
+	if( AsnListCount( v1 ) != AsnListCount( v2 ) )
+		return LDAP_COMPARE_FALSE;
+	FOR_EACH_LIST_ELMT (component1, v1)
+	{
+		FOR_EACH_LIST_ELMT(component2, v2)
+		{
+			if( MatchingComponentAttributeTypeAndValue(oid, (ComponentSyntaxInfo*)component1,(ComponentSyntaxInfo*)component2) == LDAP_COMPARE_TRUE ) {
+			AsnElmtMove( v2, &t_list );
+			   break;
+			}
+		} /* end of inner for */
+	} /* end of outer for */
+
+	if( AsnListCount( v2 ) == 0 )
+		 rc = LDAP_COMPARE_TRUE;
+	else
+		 rc = LDAP_COMPARE_FALSE;
+	AsnListMove( &t_list, v2 );
+	AsnListFirst( v1 );
+	AsnListFirst( v2 );
+	return rc;
+}  /* BMatchingComponentRelativeDistinguishedNameContent */
+
+void*
+ExtractingComponentRelativeDistinguishedName ( void* mem_op, ComponentReference* cr, ComponentRelativeDistinguishedName *comp )
+{
+	int count = 0;
+	int total;
+	AsnList *v = &comp->comp_list;
+	ComponentInt *k;
+	ComponentAttributeTypeAndValue *component;
+
+
+	switch ( cr->cr_curr->ci_type ) {
+	case LDAP_COMPREF_FROM_BEGINNING :
+		count = cr->cr_curr->ci_val.ci_from_beginning;
+		FOR_EACH_LIST_ELMT( component , v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentAttributeTypeAndValue ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_FROM_END :
+		total = AsnListCount ( v );
+		count = cr->cr_curr->ci_val.ci_from_end;
+		count = total + count +1;
+		FOR_EACH_LIST_ELMT ( component, v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentAttributeTypeAndValue ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_ALL :
+		return comp;
+	case LDAP_COMPREF_COUNT :
+		k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		k->comp_desc->cd_tag = (-1);
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+		k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+		k->value = AsnListCount(v);
+		return k;
+	default :
+		return NULL;
+	}
+}  /* ExtractingComponentRelativeDistinguishedName */
+
+int
+BDecComponentRelativeDistinguishedName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentRelativeDistinguishedName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentRelativeDistinguishedName *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit(&k->comp_list,sizeof(ComponentAttributeTypeAndValue));
+    for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+    {
+        ComponentAttributeTypeAndValue **tmpVar;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+    {
+        BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+        break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+    }
+    if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+    tmpVar = (ComponentAttributeTypeAndValue**) CompAsnListAppend (mem_op,&k->comp_list);
+	rc = BDecComponentAttributeTypeAndValue (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+    }  /* end of tag check if */
+    else  /* wrong tag */
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+    } /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentRelativeDistinguishedName*) CompAlloc( mem_op, sizeof(ComponentRelativeDistinguishedName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDN2RFC2253;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRelativeDistinguishedName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = RelativeDistinguishedName;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRelativeDistinguishedName;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecRelativeDistinguishedNameContent */
+
+int
+GDecComponentRelativeDistinguishedName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentRelativeDistinguishedName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentRelativeDistinguishedName *k,*t, c_temp;
+
+
+	int ElmtsLen1;
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit( &k->comp_list, sizeof( ComponentAttributeTypeAndValue ) );
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+		Asn1Error("Error during Reading { in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+	{
+		ComponentAttributeTypeAndValue **tmpVar;
+		if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		if(*peek_head == '}') break;
+		if( !(*peek_head == '{' || *peek_head ==',') ) {
+			return LDAP_PROTOCOL_ERROR;
+		}
+		tmpVar = (ComponentAttributeTypeAndValue**) CompAsnListAppend (mem_op, &k->comp_list);
+		if ( tmpVar == NULL ) {
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		rc = 	GDecComponentAttributeTypeAndValue (mem_op, b, tmpVar, bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	} /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentRelativeDistinguishedName*) CompAlloc( mem_op, sizeof(ComponentRelativeDistinguishedName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRelativeDistinguishedName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRelativeDistinguishedName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRelativeDistinguishedName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = RelativeDistinguishedName;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRelativeDistinguishedName;
+	return LDAP_SUCCESS;
+}  /* GDecRelativeDistinguishedNameContent */
+
+
+int
+MatchingComponentRDNSequence ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	void* component1, *component2;
+	AsnList *v1, *v2, t_list;
+
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	v1 = &((ComponentRDNSequence*)csi_attr)->comp_list;
+	v2 = &((ComponentRDNSequence*)csi_assert)->comp_list;
+	FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+	{
+		if( MatchingComponentRelativeDistinguishedName(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+			return LDAP_COMPARE_FALSE;
+		}
+	} /* end of for */
+
+	AsnListFirst( v1 );
+	AsnListFirst( v2 );
+	if( (!component1 && component2) || (component1 && !component2))
+		return LDAP_COMPARE_FALSE;
+	else
+		return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentRDNSequenceContent */
+
+void*
+ExtractingComponentRDNSequence ( void* mem_op, ComponentReference* cr, ComponentRDNSequence *comp )
+{
+	int count = 0;
+	int total;
+	AsnList *v = &comp->comp_list;
+	ComponentInt *k;
+	ComponentRelativeDistinguishedName *component;
+
+
+	switch ( cr->cr_curr->ci_type ) {
+	case LDAP_COMPREF_FROM_BEGINNING :
+		count = cr->cr_curr->ci_val.ci_from_beginning;
+		FOR_EACH_LIST_ELMT( component , v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentRelativeDistinguishedName ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_FROM_END :
+		total = AsnListCount ( v );
+		count = cr->cr_curr->ci_val.ci_from_end;
+		count = total + count +1;
+		FOR_EACH_LIST_ELMT ( component, v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL ) 
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentRelativeDistinguishedName ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_ALL :
+		return comp;
+	case LDAP_COMPREF_COUNT :
+		k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		k->comp_desc->cd_tag = (-1);
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+		k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+		k->value = AsnListCount(v);
+		return k;
+	default :
+		return NULL;
+	}
+}  /* ExtractingComponentRDNSequence */
+
+int
+BDecComponentRDNSequence PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentRDNSequence **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentRDNSequence *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit(&k->comp_list,sizeof(ComponentRelativeDistinguishedName));
+    for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+    {
+        ComponentRelativeDistinguishedName **tmpVar;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+    {
+        BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+        break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+    }
+    if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SET_TAG_CODE)))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+    tmpVar = (ComponentRelativeDistinguishedName**) CompAsnListAppend (mem_op,&k->comp_list);
+	rc = BDecComponentRelativeDistinguishedName (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+    }  /* end of tag check if */
+    else  /* wrong tag */
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+    } /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentRDNSequence*) CompAlloc( mem_op, sizeof(ComponentRDNSequence) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ldap_encoder = (encoder_func*) ConvertRDNSequence2RFC2253;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRDNSequence;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = RDNSequence;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRDNSequence;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecRDNSequenceContent */
+
+int
+GDecComponentRDNSequence PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentRDNSequence **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentRDNSequence *k,*t, c_temp;
+
+
+	int ElmtsLen1;
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit( &k->comp_list, sizeof( ComponentRelativeDistinguishedName ) );
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+		Asn1Error("Error during Reading { in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+	{
+		ComponentRelativeDistinguishedName **tmpVar;
+		if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		if(*peek_head == '}') break;
+		if( !(*peek_head == '{' || *peek_head ==',') ) {
+			return LDAP_PROTOCOL_ERROR;
+		}
+		tmpVar = (ComponentRelativeDistinguishedName**) CompAsnListAppend (mem_op, &k->comp_list);
+		if ( tmpVar == NULL ) {
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		rc = 	GDecComponentRelativeDistinguishedName (mem_op, b, tmpVar, bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	} /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentRDNSequence*) CompAlloc( mem_op, sizeof(ComponentRDNSequence) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)ConvertRDNSequence2RFC2253;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentRDNSequence ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentRDNSequence ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentRDNSequence;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = RDNSequence ;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentRDNSequence;
+	return LDAP_SUCCESS;
+}  /* GDecRDNSequenceContent */
+
+
+int
+MatchingComponentName ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	ComponentName *v1, *v2;
+
+
+	v1 = (ComponentName*)csi_attr;
+	v2 = (ComponentName*)csi_assert;
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	if( (v1->choiceId != v2->choiceId ) )
+		return LDAP_COMPARE_FALSE;
+	switch( v1->choiceId )
+	{
+	   case NAME_RDNSEQUENCE :
+		rc = 	MatchingComponentRDNSequence ( oid, (ComponentSyntaxInfo*)(v1->a.rdnSequence), (ComponentSyntaxInfo*)(v2->a.rdnSequence) );
+		break;
+	default : 
+		 return LDAP_PROTOCOL_ERROR;
+	}
+	return rc;
+}  /* BMatchingComponentNameContent */
+
+void*
+ExtractingComponentName ( void* mem_op, ComponentReference* cr, ComponentName *comp )
+{
+
+
+	if( (comp->choiceId) ==  NAME_RDNSEQUENCE &&
+		 (( comp->a.rdnSequence->identifier.bv_val && strncmp(comp->a.rdnSequence->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0) ||
+		 ( strncmp(comp->a.rdnSequence->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0))) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return (comp->a.rdnSequence);
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentRDNSequence ( mem_op, cr, (comp->a.rdnSequence) );
+		};
+	}
+	return NULL;
+}  /* ExtractingComponentName */
+
+int
+BDecComponentName PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentName *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    switch (tagId0)
+    {
+       case MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE):
+        (k->choiceId) = NAME_RDNSEQUENCE;
+	rc = BDecComponentRDNSequence (mem_op, b, tagId0, elmtLen0, (&k->a.rdnSequence), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.rdnSequence)->identifier.bv_val = (k->a.rdnSequence)->id_buf;
+		(k->a.rdnSequence)->identifier.bv_len = strlen("rdnSequence");
+		strcpy( (k->a.rdnSequence)->identifier.bv_val, "rdnSequence");
+    break;
+
+    default:
+        Asn1Error ("ERROR - unexpected tag in CHOICE\n");
+        return -1;
+        break;
+    } /* end switch */
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentName*) CompAlloc( mem_op, sizeof(ComponentName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentName;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecNameContent */
+
+int
+GDecComponentName PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentName **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentName *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen2 = LocateNextGSERToken(mem_op,b,&peek_head2,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head2 != ':'){
+		Asn1Error("Missing : in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( strncmp("rdnSequence",peek_head, strlen("rdnSequence")) == 0){
+		(k->choiceId) = NAME_RDNSEQUENCE;
+		rc = 	GDecComponentRDNSequence (mem_op, b, (&k->a.rdnSequence), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->a.rdnSequence)->identifier.bv_val = peek_head;
+		(k->a.rdnSequence)->identifier.bv_len = strLen;
+	}
+	else {
+		Asn1Error("Undefined Identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentName*) CompAlloc( mem_op, sizeof(ComponentName) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentName ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentName ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentName;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentName;
+	return LDAP_SUCCESS;
+}  /* GDecNameContent */
+
+
+int
+MatchingComponentTBSCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentVersion ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->version, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->version );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->serialNumber, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->serialNumber );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->signature, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->signature );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->issuer, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->issuer );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentValidity ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->validity, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->validity );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->subject, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->subject );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentSubjectPublicKeyInfo ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->subjectPublicKeyInfo, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->subjectPublicKeyInfo );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentUniqueIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->issuerUniqueIdentifier, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->issuerUniqueIdentifier );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentUniqueIdentifier ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_attr)->subjectUniqueIdentifier, (ComponentSyntaxInfo*)&((ComponentTBSCertificate*)csi_assert)->subjectUniqueIdentifier );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	if(COMPONENTNOT_NULL( ((ComponentTBSCertificate*)csi_attr)->extensions ) ) {
+	rc =	MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_attr)->extensions, (ComponentSyntaxInfo*)((ComponentTBSCertificate*)csi_assert)->extensions );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentTBSCertificate */
+
+void*
+ExtractingComponentTBSCertificate ( void* mem_op, ComponentReference* cr, ComponentTBSCertificate *comp )
+{
+
+	if ( ( comp->version->identifier.bv_val && strncmp(comp->version->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->version->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->version;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentVersion ( mem_op, cr, comp->version );
+		}
+	}
+	if ( ( comp->serialNumber.identifier.bv_val && strncmp(comp->serialNumber.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->serialNumber.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->serialNumber;
+		else
+		return NULL;
+	}
+	if ( ( comp->signature->identifier.bv_val && strncmp(comp->signature->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->signature;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signature );
+		}
+	}
+	if ( ( comp->issuer->identifier.bv_val && strncmp(comp->issuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->issuer;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentName ( mem_op, cr, comp->issuer );
+		}
+	}
+	if ( ( comp->validity->identifier.bv_val && strncmp(comp->validity->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->validity->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->validity;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentValidity ( mem_op, cr, comp->validity );
+		}
+	}
+	if ( ( comp->subject->identifier.bv_val && strncmp(comp->subject->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subject->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->subject;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentName ( mem_op, cr, comp->subject );
+		}
+	}
+	if ( ( comp->subjectPublicKeyInfo->identifier.bv_val && strncmp(comp->subjectPublicKeyInfo->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectPublicKeyInfo->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->subjectPublicKeyInfo;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentSubjectPublicKeyInfo ( mem_op, cr, comp->subjectPublicKeyInfo );
+		}
+	}
+	if ( ( comp->issuerUniqueIdentifier.identifier.bv_val && strncmp(comp->issuerUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuerUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->issuerUniqueIdentifier;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->issuerUniqueIdentifier;
+	 } else {
+		return NULL;
+		}
+	}
+	if ( ( comp->subjectUniqueIdentifier.identifier.bv_val && strncmp(comp->subjectUniqueIdentifier.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->subjectUniqueIdentifier.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->subjectUniqueIdentifier;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->subjectUniqueIdentifier;
+	 } else {
+		return NULL;
+		}
+	}
+	if ( ( comp->extensions->identifier.bv_val && strncmp(comp->extensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->extensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->extensions;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentExtensions ( mem_op, cr, comp->extensions );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentTBSCertificate */
+
+int
+BDecComponentTBSCertificate PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentTBSCertificate *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+    if (tagId2 != MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentVersion (mem_op, b, tagId2, elmtLen2, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->version)->identifier.bv_val = (k->version)->id_buf;
+		(k->version)->identifier.bv_len = strlen("version");
+		strcpy( (k->version)->identifier.bv_val, "version");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->serialNumber), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->serialNumber)->identifier.bv_val = (&k->serialNumber)->id_buf;
+		(&k->serialNumber)->identifier.bv_len = strlen("serialNumber");
+		strcpy( (&k->serialNumber)->identifier.bv_val, "serialNumber");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->signature)->identifier.bv_val = (k->signature)->id_buf;
+		(k->signature)->identifier.bv_len = strlen("signature");
+		strcpy( (k->signature)->identifier.bv_val, "signature");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->issuer)->identifier.bv_val = (k->issuer)->id_buf;
+		(k->issuer)->identifier.bv_len = strlen("issuer");
+		strcpy( (k->issuer)->identifier.bv_val, "issuer");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentValidity (mem_op, b, tagId1, elmtLen1, (&k->validity), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->validity)->identifier.bv_val = (k->validity)->id_buf;
+		(k->validity)->identifier.bv_len = strlen("validity");
+		strcpy( (k->validity)->identifier.bv_val, "validity");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->subject), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->subject)->identifier.bv_val = (k->subject)->id_buf;
+		(k->subject)->identifier.bv_len = strlen("subject");
+		strcpy( (k->subject)->identifier.bv_val, "subject");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentSubjectPublicKeyInfo (mem_op, b, tagId1, elmtLen1, (&k->subjectPublicKeyInfo), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->subjectPublicKeyInfo)->identifier.bv_val = (k->subjectPublicKeyInfo)->id_buf;
+		(k->subjectPublicKeyInfo)->identifier.bv_len = strlen("subjectPublicKeyInfo");
+		strcpy( (k->subjectPublicKeyInfo)->identifier.bv_val, "subjectPublicKeyInfo");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+    else
+        return -1;
+
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 1)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 1))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->issuerUniqueIdentifier), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->issuerUniqueIdentifier)->identifier.bv_val = (&k->issuerUniqueIdentifier)->id_buf;
+		(&k->issuerUniqueIdentifier)->identifier.bv_len = strlen("issuerUniqueIdentifier");
+		strcpy( (&k->issuerUniqueIdentifier)->identifier.bv_val, "issuerUniqueIdentifier");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, PRIM, 2)) ||
+(tagId1 == MAKE_TAG_ID (CNTX, CONS, 2))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentUniqueIdentifier (mem_op, b, tagId1, elmtLen1, (&k->subjectUniqueIdentifier), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->subjectUniqueIdentifier)->identifier.bv_val = (&k->subjectUniqueIdentifier)->id_buf;
+		(&k->subjectUniqueIdentifier)->identifier.bv_len = strlen("subjectUniqueIdentifier");
+		strcpy( (&k->subjectUniqueIdentifier)->identifier.bv_val, "subjectUniqueIdentifier");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 3))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+    if (tagId2 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->extensions), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->extensions)->identifier.bv_val = (k->extensions)->id_buf;
+		(k->extensions)->identifier.bv_len = strlen("extensions");
+		strcpy( (k->extensions)->identifier.bv_val, "extensions");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if(!COMPONENTNOT_NULL ((k->version)))
+	{
+(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
+		(k->version)->identifier.bv_val = (k->version)->id_buf;
+		(k->version)->identifier.bv_len = strlen("version");
+		strcpy( (k->version)->identifier.bv_val, "version");
+	(k->version)->value = 0;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertificate*) CompAlloc( mem_op, sizeof(ComponentTBSCertificate) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertificate ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertificate ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertificate;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertificate;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecTBSCertificate*/
+
+int
+GDecComponentTBSCertificate PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentTBSCertificate *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "version", strlen("version") ) == 0 ) {
+		rc = 	GDecComponentVersion (mem_op, b, (&k->version), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->version)->identifier.bv_val = peek_head;
+	( k->version)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	else {
+(k->version) = CompAlloc( mem_op, sizeof(ComponentVersion));
+			(k->version)->value = 0;
+	}
+	if ( strncmp( peek_head, "serialNumber", strlen("serialNumber") ) == 0 ) {
+		rc = 	GDecComponentCertificateSerialNumber (mem_op, b, (&k->serialNumber), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->serialNumber)->identifier.bv_val = peek_head;
+	(&k->serialNumber)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+		rc = 	GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signature), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->signature)->identifier.bv_val = peek_head;
+	( k->signature)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "issuer", strlen("issuer") ) == 0 ) {
+		rc = 	GDecComponentName (mem_op, b, (&k->issuer), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->issuer)->identifier.bv_val = peek_head;
+	( k->issuer)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "validity", strlen("validity") ) == 0 ) {
+		rc = 	GDecComponentValidity (mem_op, b, (&k->validity), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->validity)->identifier.bv_val = peek_head;
+	( k->validity)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "subject", strlen("subject") ) == 0 ) {
+		rc = 	GDecComponentName (mem_op, b, (&k->subject), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->subject)->identifier.bv_val = peek_head;
+	( k->subject)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "subjectPublicKeyInfo", strlen("subjectPublicKeyInfo") ) == 0 ) {
+		rc = 	GDecComponentSubjectPublicKeyInfo (mem_op, b, (&k->subjectPublicKeyInfo), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->subjectPublicKeyInfo)->identifier.bv_val = peek_head;
+	( k->subjectPublicKeyInfo)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "issuerUniqueIdentifier", strlen("issuerUniqueIdentifier") ) == 0 ) {
+		rc = 	GDecComponentUniqueIdentifier (mem_op, b, (&k->issuerUniqueIdentifier), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->issuerUniqueIdentifier)->identifier.bv_val = peek_head;
+	(&k->issuerUniqueIdentifier)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "subjectUniqueIdentifier", strlen("subjectUniqueIdentifier") ) == 0 ) {
+		rc = 	GDecComponentUniqueIdentifier (mem_op, b, (&k->subjectUniqueIdentifier), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->subjectUniqueIdentifier)->identifier.bv_val = peek_head;
+	(&k->subjectUniqueIdentifier)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "extensions", strlen("extensions") ) == 0 ) {
+		rc = 	GDecComponentExtensions (mem_op, b, (&k->extensions), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->extensions)->identifier.bv_val = peek_head;
+	( k->extensions)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertificate*) CompAlloc( mem_op, sizeof(ComponentTBSCertificate) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertificate ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertificate ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertificate;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertificate;
+	return LDAP_SUCCESS;
+}  /* GDecTBSCertificate*/
+
+
+int
+MatchingComponentCertificate ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentTBSCertificate ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->toBeSigned, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->toBeSigned );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificate*)csi_assert)->signatureAlgorithm );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentCertificate*)csi_attr)->signature, (ComponentSyntaxInfo*)&((ComponentCertificate*)csi_assert)->signature );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentCertificate */
+
+void*
+ExtractingComponentCertificate ( void* mem_op, ComponentReference* cr, ComponentCertificate *comp )
+{
+
+	if ( ( comp->toBeSigned->identifier.bv_val && strncmp(comp->toBeSigned->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->toBeSigned->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->toBeSigned;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTBSCertificate ( mem_op, cr, comp->toBeSigned );
+		}
+	}
+	if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->signatureAlgorithm;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signatureAlgorithm );
+		}
+	}
+	if ( ( comp->signature.identifier.bv_val && strncmp(comp->signature.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->signature;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->signature;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentCertificate */
+
+int
+BDecComponentCertificate PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentCertificate *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTBSCertificate (mem_op, b, tagId1, elmtLen1, (&k->toBeSigned), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->toBeSigned)->identifier.bv_val = (k->toBeSigned)->id_buf;
+		(k->toBeSigned)->identifier.bv_len = strlen("toBeSigned");
+		strcpy( (k->toBeSigned)->identifier.bv_val, "toBeSigned");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->signatureAlgorithm)->identifier.bv_val = (k->signatureAlgorithm)->id_buf;
+		(k->signatureAlgorithm)->identifier.bv_len = strlen("signatureAlgorithm");
+		strcpy( (k->signatureAlgorithm)->identifier.bv_val, "signatureAlgorithm");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->signature)->identifier.bv_val = (&k->signature)->id_buf;
+		(&k->signature)->identifier.bv_len = strlen("signature");
+		strcpy( (&k->signature)->identifier.bv_val, "signature");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentCertificate*) CompAlloc( mem_op, sizeof(ComponentCertificate) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificate ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificate ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificate;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificate;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecCertificate*/
+
+int
+GDecComponentCertificate PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentCertificate **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentCertificate *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "toBeSigned", strlen("toBeSigned") ) == 0 ) {
+		rc = 	GDecComponentTBSCertificate (mem_op, b, (&k->toBeSigned), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->toBeSigned)->identifier.bv_val = peek_head;
+	( k->toBeSigned)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signatureAlgorithm", strlen("signatureAlgorithm") ) == 0 ) {
+		rc = 	GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signatureAlgorithm), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->signatureAlgorithm)->identifier.bv_val = peek_head;
+	( k->signatureAlgorithm)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+		rc = 	GDecComponentBits (mem_op, b, (&k->signature), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->signature)->identifier.bv_val = peek_head;
+	(&k->signature)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentCertificate*) CompAlloc( mem_op, sizeof(ComponentCertificate) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificate ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificate ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificate;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificate;
+	return LDAP_SUCCESS;
+}  /* GDecCertificate*/
+
+
diff --git a/contrib/slapd-modules/comp_match/certificate.h b/contrib/slapd-modules/comp_match/certificate.h
new file mode 100644
index 0000000..d1df75f
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/certificate.h
@@ -0,0 +1,379 @@
+
+#include "asn-incl.h"
+/*
+ *    certificate.h
+ *    "AuthenticationFramework" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Sat Dec 11 11:22:49 2004
+ *    The generated files are strongly encouraged to be
+ *    compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _certificate_h_
+#define _certificate_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+typedef enum AuthenticationFrameworkAnyId
+{
+    nullOid_ANY_ID = 0,
+    nullOid2_ANY_ID = 1,
+    nullOid3_ANY_ID = 2,
+    printableStringOid_ANY_ID = 3,
+    printableStringOid2_ANY_ID = 4,
+    printableStringOid3_ANY_ID = 5,
+    printableStringOid4_ANY_ID = 6,
+    printableStringOid5_ANY_ID = 7,
+    printableStringOid6_ANY_ID = 8,
+    printableStringOid7_ANY_ID = 9,
+    iA5StringOid_ANY_ID = 10,
+    octetStringOid_ANY_ID = 11,
+    octetStringOid2_ANY_ID = 12,
+    octetStringOid3_ANY_ID = 13,
+    octetStringOid4_ANY_ID = 14,
+    octetStringOid5_ANY_ID = 15,
+    octetStringOid7_ANY_ID = 17} AuthenticationFrameworkAnyId;
+
+void InitAnyAuthenticationFramework();
+
+
+#define V1 0
+#define V2 1
+#define V3 2
+
+typedef ComponentInt ComponentVersion; /* INTEGER { V1 (0), V2 (1), V3 (2) }  */
+
+#define MatchingComponentVersion MatchingComponentInt
+
+#define ExtractingComponentVersion ExtractingComponentInt
+
+#define BDecComponentVersion BDecComponentInt
+
+#define GDecComponentVersion GDecComponentInt
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef ComponentOid ComponentAttributeType; /* OBJECT IDENTIFIER */
+
+#define MatchingComponentAttributeType MatchingComponentOid
+
+#define ExtractingComponentAttributeType ExtractingComponentOid
+
+#define BDecComponentAttributeType BDecComponentOid
+
+#define GDecComponentAttributeType GDecComponentOid
+
+
+typedef ComponentBits ComponentUniqueIdentifier; /* BIT STRING */
+
+#define MatchingComponentUniqueIdentifier MatchingComponentBits
+
+#define ExtractingComponentUniqueIdentifier ExtractingComponentBits
+
+#define BDecComponentUniqueIdentifier BDecComponentBits
+
+#define GDecComponentUniqueIdentifier GDecComponentBits
+
+
+typedef struct AlgorithmIdentifier /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid algorithm; /* OBJECT IDENTIFIER */
+	ComponentAnyDefinedBy parameters; /* ANY DEFINED BY algorithm OPTIONAL */
+} ComponentAlgorithmIdentifier;
+
+int MatchingComponentAlgorithmIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAlgorithmIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAlgorithmIdentifier *comp ));
+
+
+int BDecComponentAlgorithmIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAlgorithmIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Time /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum TimeChoiceId
+    {
+        TIME_UTCTIME,
+        TIME_GENERALIZEDTIME
+    } choiceId;
+    union TimeChoiceUnion
+    {
+	ComponentUTCTime* utcTime; /* < unknown type id ?! > */
+	ComponentGeneralizedTime* generalizedTime; /* < unknown type id ?! > */
+    } a;
+} ComponentTime;
+
+int MatchingComponentTime PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTime PROTO (( void* mem_op, ComponentReference *cr, ComponentTime *comp ));
+
+
+int BDecComponentTime PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTime PROTO (( void* mem_op, GenBuf * b, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Extension /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid extnID; /* OBJECT IDENTIFIER */
+	ComponentBool* critical; /* BOOLEAN DEFAULT FALSE */
+	ComponentOcts extnValue; /* OCTET STRING */
+} ComponentExtension;
+
+int MatchingComponentExtension PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtension PROTO (( void* mem_op, ComponentReference *cr, ComponentExtension *comp ));
+
+
+int BDecComponentExtension PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtension PROTO (( void* mem_op, GenBuf * b, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentAttributeType type; /* AttributeType */
+	ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Validity /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentTime* notBefore; /* Time */
+	ComponentTime* notAfter; /* Time */
+} ComponentValidity;
+
+int MatchingComponentValidity PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentValidity PROTO (( void* mem_op, ComponentReference *cr, ComponentValidity *comp ));
+
+
+int BDecComponentValidity PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentValidity PROTO (( void* mem_op, GenBuf * b, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct SubjectPublicKeyInfo /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentAlgorithmIdentifier* algorithm; /* AlgorithmIdentifier */
+	ComponentBits subjectPublicKey; /* BIT STRING */
+} ComponentSubjectPublicKeyInfo;
+
+int MatchingComponentSubjectPublicKeyInfo PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentSubjectPublicKeyInfo PROTO (( void* mem_op, ComponentReference *cr, ComponentSubjectPublicKeyInfo *comp ));
+
+
+int BDecComponentSubjectPublicKeyInfo PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentSubjectPublicKeyInfo PROTO (( void* mem_op, GenBuf * b, ComponentSubjectPublicKeyInfo **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentExtensions; /* SEQUENCE SIZE 1..MAX OF Extension */
+
+int MatchingComponentExtensions PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtensions PROTO (( void* mem_op, ComponentReference *cr, ComponentExtensions *comp ));
+
+
+int BDecComponentExtensions PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtensions PROTO (( void* mem_op, GenBuf * b, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum NameChoiceId
+    {
+        NAME_RDNSEQUENCE
+    } choiceId;
+    union NameChoiceUnion
+    {
+	ComponentRDNSequence* rdnSequence; /* RDNSequence */
+    } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertificate /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentVersion* version; /* [0] Version DEFAULT v1 */
+	ComponentCertificateSerialNumber serialNumber; /* CertificateSerialNumber */
+	ComponentAlgorithmIdentifier* signature; /* AlgorithmIdentifier */
+	ComponentName* issuer; /* Name */
+	ComponentValidity* validity; /* Validity */
+	ComponentName* subject; /* Name */
+	ComponentSubjectPublicKeyInfo* subjectPublicKeyInfo; /* SubjectPublicKeyInfo */
+	ComponentUniqueIdentifier issuerUniqueIdentifier; /* [1] IMPLICIT UniqueIdentifier OPTIONAL */
+	ComponentUniqueIdentifier subjectUniqueIdentifier; /* [2] IMPLICIT UniqueIdentifier OPTIONAL */
+	ComponentExtensions* extensions; /* [3] Extensions OPTIONAL */
+} ComponentTBSCertificate;
+
+int MatchingComponentTBSCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertificate PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertificate *comp ));
+
+
+int BDecComponentTBSCertificate PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertificate PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Certificate /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentTBSCertificate* toBeSigned; /* TBSCertificate */
+	ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
+	ComponentBits signature; /* BIT STRING */
+} ComponentCertificate;
+
+int MatchingComponentCertificate PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentCertificate PROTO (( void* mem_op, ComponentReference *cr, ComponentCertificate *comp ));
+
+
+int BDecComponentCertificate PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentCertificate PROTO (( void* mem_op, GenBuf * b, ComponentCertificate **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of certificate.h */
diff --git a/contrib/slapd-modules/comp_match/componentlib.c b/contrib/slapd-modules/comp_match/componentlib.c
new file mode 100644
index 0000000..6f5460a
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/componentlib.c
@@ -0,0 +1,2370 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18	03:20:00	slim@OpenLDAP.org
+ */
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+#include "component.h"
+
+#include "componentlib.h"
+#include "asn.h"
+#include <asn-gser.h>
+#include <stdlib.h>
+
+#include <string.h>
+
+#ifndef SLAPD_COMP_MATCH
+#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
+#endif
+
+#ifdef SLAPD_COMP_MATCH
+/*
+ * Matching function : BIT STRING
+ */
+int
+MatchingComponentBits ( char* oid, ComponentSyntaxInfo *csi_attr,
+			ComponentSyntaxInfo *csi_assert )
+{
+	int rc;
+        MatchingRule* mr;
+        ComponentBits *a, *b;
+                                                                          
+        if ( oid ) {
+                mr = retrieve_matching_rule(oid, (AsnTypeId)csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = ((ComponentBits*)csi_attr);
+        b = ((ComponentBits*)csi_assert);
+	rc = ( a->value.bitLen == b->value.bitLen && 
+		strncmp( a->value.bits,b->value.bits,a->value.bitLen ) == 0 );
+        return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * Free function: BIT STRING
+ */
+void
+FreeComponentBits ( ComponentBits* v ) {
+	FreeAsnBits( &v->value );
+}
+
+/*
+ * GSER Encoder : BIT STRING
+ */
+int
+GEncComponentBits ( GenBuf *b, ComponentBits *in )
+{
+	GAsnBits bits = {0};
+
+	bits.value = in->value;
+	if ( !in )
+		return (-1);
+	return GEncAsnBitsContent ( b, &bits);
+}
+
+
+/*
+ * GSER Decoder : BIT STRING
+ */
+int
+GDecComponentBits ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentBits* k, **k2;
+	GAsnBits result;
+
+        k = (ComponentBits*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBits**) v;
+                *k2 = (ComponentBits*) CompAlloc( mem_op, sizeof( ComponentBits ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+        
+	if ( GDecAsnBitsContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree( mem_op,  k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_BITSTRING);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : BIT STRING
+ */
+int
+BDecComponentBitsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentBits ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBits ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentBits* k, **k2;
+	AsnBits result;
+                                                                          
+        k = (ComponentBits*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBits**) v;
+                *k2 = (ComponentBits*) CompAlloc( mem_op, sizeof( ComponentBits ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+        
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnBits ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnBitsContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+
+	if ( rc < 0 ) {
+		if ( k ) CompFree( mem_op,  k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_BITSTRING);
+ 
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER BMPString Encoder
+ */
+int
+GEncComponentBMPString ( GenBuf *b, ComponentBMPString *in )
+{
+	GBMPString t = {0};
+
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncBMPStringContent ( b, &t );
+}
+
+/*
+ * Component GSER BMPString Decoder
+ */
+int
+GDecComponentBMPString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode)
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentBMPString* k, **k2;
+	GBMPString result;
+                                                                          
+        k = (ComponentBMPString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBMPString**) v;
+                *k2 = (ComponentBMPString*) CompAlloc( mem_op, sizeof( ComponentBMPString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+        *bytesDecoded = 0;
+
+	if ( GDecBMPStringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_BMP_STR);
+ 
+	return LDAP_SUCCESS;
+
+}
+
+/*
+ * Component BER BMPString Decoder
+ */
+int
+BDecComponentBMPStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentBMPString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBMPString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentBMPString* k, **k2;
+	BMPString result;
+                                                                          
+        k = (ComponentBMPString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBMPString**) v;
+                *k2 = (ComponentBMPString*) CompAlloc( mem_op, sizeof( ComponentBMPString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecBMPString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecBMPStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+
+	if ( rc < 0 ) {
+		if ( k ) CompFree( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_BMP_STR);
+ 
+	return LDAP_SUCCESS;
+
+}
+
+/*
+ * Component GSER Encoder : UTF8 String
+ */
+int
+GEncComponentUTF8String ( GenBuf *b, ComponentUTF8String *in )
+{
+	GUTF8String t = {0};
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncUTF8StringContent ( b, &t );
+}
+
+/*
+ * Component GSER Decoder :  UTF8 String
+ */
+int
+GDecComponentUTF8String ( void* mem_op, GenBuf *b, void *v,
+				AsnLen *bytesDecoded, int mode) {
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentUTF8String* k, **k2;
+	GUTF8String result;
+                                                                          
+        k = (ComponentUTF8String*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentUTF8String**) v;
+                *k2 = (ComponentUTF8String*)CompAlloc( mem_op, sizeof( ComponentUTF8String ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+        *bytesDecoded = 0;
+
+	if ( GDecUTF8StringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree( mem_op,  k );
+		return LDAP_DECODING_ERROR;
+	}
+	
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_UTF8_STR);
+ 
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : UTF8String
+ */
+int
+BDecComponentUTF8StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentUTF8String ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentUTF8String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len,
+				void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentUTF8String* k, **k2;
+	UTF8String result;
+                                                                          
+        k = (ComponentUTF8String*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentUTF8String**) v;
+                *k2 = (ComponentUTF8String*) CompAlloc( mem_op, sizeof( ComponentUTF8String ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecUTF8String ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecUTF8StringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree( mem_op,  k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_UTF8_STR);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER Encoder :  Teletex String
+ */
+int
+GEncComponentTeletexString ( GenBuf *b, ComponentTeletexString *in )
+{
+	GTeletexString t = {0};
+
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncTeletexStringContent ( b, &t );
+}
+
+/*
+ * Component GSER Decoder :  Teletex String
+ */
+int
+GDecComponentTeletexString  ( void* mem_op, GenBuf *b, void *v,
+					AsnLen *bytesDecoded, int mode) {
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentTeletexString* k, **k2;
+	GTeletexString result;
+                                                                          
+        k = (ComponentTeletexString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentTeletexString**) v;
+                *k2 = (ComponentTeletexString*)CompAlloc( mem_op, sizeof( ComponentTeletexString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+        *bytesDecoded = 0;
+
+	if ( GDecTeletexStringContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree( mem_op,  k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_VIDEOTEX_STR);
+ 
+	return LDAP_SUCCESS;
+}
+
+
+/*
+ * Matching function : BOOLEAN
+ */
+int
+MatchingComponentBool(char* oid, ComponentSyntaxInfo* csi_attr,
+                        ComponentSyntaxInfo* csi_assert )
+{
+        MatchingRule* mr;
+        ComponentBool *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+
+        a = ((ComponentBool*)csi_attr);
+        b = ((ComponentBool*)csi_assert);
+
+        return (a->value == b->value) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : BOOLEAN
+ */
+int
+GEncComponentBool ( GenBuf *b, ComponentBool *in )
+{
+	GAsnBool t = {0};
+
+	if ( !in )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnBoolContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : BOOLEAN
+ */
+int
+GDecComponentBool ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        ComponentBool* k, **k2;
+	GAsnBool result;
+                                                                          
+        k = (ComponentBool*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBool**) v;
+                *k2 = (ComponentBool*) CompAlloc( mem_op, sizeof( ComponentBool ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnBoolContent( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_BOOLEAN);
+ 
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : BOOLEAN
+ */
+int
+BDecComponentBoolTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentBool ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        ComponentBool* k, **k2;
+	AsnBool result;
+                                                                          
+        k = (ComponentBool*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentBool**) v;
+                *k2 = (ComponentBool*) CompAlloc( mem_op, sizeof( ComponentBool ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnBool ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnBoolContent( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_BOOLEAN);
+
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : ENUMERATE
+ */
+int
+MatchingComponentEnum ( char* oid, ComponentSyntaxInfo *csi_attr,
+			ComponentSyntaxInfo *csi_assert )
+{
+        int rc;
+        MatchingRule* mr;
+        ComponentEnum *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = ((ComponentEnum*)csi_attr);
+        b = ((ComponentEnum*)csi_assert);
+        rc = (a->value == b->value);
+                                                                          
+        return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : ENUMERATE
+ */
+int
+GEncComponentEnum ( GenBuf *b, ComponentEnum *in )
+{
+	GAsnEnum t = {0};
+
+	if ( !in )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnEnumContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : ENUMERATE
+ */
+int
+GDecComponentEnum ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentEnum* k, **k2;
+	GAsnEnum result;
+                                                                          
+        k = (ComponentEnum*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentEnum**) v;
+                *k2 = (ComponentEnum*) CompAlloc( mem_op, sizeof( ComponentEnum ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnEnumContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value_identifier.bv_val = result.value_identifier;
+	k->value_identifier.bv_len = result.len;
+
+	k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
+	k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
+	k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
+	k->comp_desc->cd_free = (comp_free_func*)NULL;
+	k->comp_desc->cd_extract_i = NULL;
+	k->comp_desc->cd_type = ASN_BASIC;
+	k->comp_desc->cd_type_id = BASICTYPE_ENUMERATED;
+	k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEnum;
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : ENUMERATE
+ */
+int
+BDecComponentEnumTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentEnum ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentEnum* k, **k2;
+	AsnEnum result;
+                                                                          
+        k = (ComponentEnum*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentEnum**) v;
+                *k2 = (ComponentEnum*) CompAlloc( mem_op, sizeof( ComponentEnum ) );
+		if ( k ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnEnum ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnEnumContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+
+        k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k  ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentEnum;
+        k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentEnum;
+        k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentEnum;
+	k->comp_desc->cd_free = (comp_free_func*)NULL;
+        k->comp_desc->cd_extract_i = NULL;
+        k->comp_desc->cd_type = ASN_BASIC;
+        k->comp_desc->cd_type_id = BASICTYPE_ENUMERATED;
+        k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentEnum;
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component GSER Encoder : IA5String
+ */
+int
+GEncComponentIA5Stirng ( GenBuf *b, ComponentIA5String* in )
+{
+	GIA5String t = {0};
+	t.value = in->value;
+	if ( !in || in->value.octetLen <= 0 ) return (-1);
+	return GEncIA5StringContent( b, &t );
+}
+
+/*
+ * Component BER Decoder : IA5String
+ */
+int
+BDecComponentIA5StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentIA5String ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentIA5String* k, **k2;
+	IA5String result;
+                                                                          
+        k = (ComponentIA5String*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentIA5String**) v;
+                *k2 = (ComponentIA5String*) CompAlloc( mem_op, sizeof( ComponentIA5String ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecIA5String ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecIA5StringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+
+	k->value = result;
+
+        k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentIA5String;
+        k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentIA5String;
+        k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentIA5String;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentIA5String;
+        k->comp_desc->cd_extract_i = NULL;
+        k->comp_desc->cd_type = ASN_BASIC;
+        k->comp_desc->cd_type_id = BASICTYPE_IA5_STR;
+        k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentIA5String;
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : INTEGER
+ */
+int
+MatchingComponentInt(char* oid, ComponentSyntaxInfo* csi_attr,
+                        ComponentSyntaxInfo* csi_assert )
+{
+        MatchingRule* mr;
+        ComponentInt *a, *b;
+                                                                          
+        if( oid ) {
+                /* check if this ASN type's matching rule is overridden */
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                /* if existing function is overridden, call the overriding
+function*/
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = ((ComponentInt*)csi_attr);
+        b = ((ComponentInt*)csi_assert);
+                                                                          
+        return ( a->value == b->value ) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : INTEGER
+ */
+int
+GEncComponentInt ( GenBuf *b, ComponentInt* in )
+{
+	GAsnInt t = {0};
+
+	if ( !in )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnIntContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : INTEGER 
+ */
+int
+GDecComponentInt( void* mem_op, GenBuf * b, void *v, AsnLen *bytesDecoded, int mode)
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentInt* k, **k2;
+	GAsnInt result;
+                                                                          
+        k = (ComponentInt*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentInt**) v;
+                *k2 = (ComponentInt*) CompAlloc( mem_op, sizeof( ComponentInt ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnIntContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_INTEGER );
+
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : INTEGER 
+ */
+int
+BDecComponentIntTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentInt ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentInt* k, **k2;
+	AsnInt result;
+                                                                          
+        k = (ComponentInt*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentInt**) v;
+                *k2 = (ComponentInt*) CompAlloc( mem_op, sizeof( ComponentInt ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnInt ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnIntContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	k->value = result;
+
+	k->comp_desc = get_component_description (BASICTYPE_INTEGER );
+        
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : NULL
+ */
+int
+MatchingComponentNull ( char *oid, ComponentSyntaxInfo *csi_attr,
+			ComponentSyntaxInfo *csi_assert )
+{
+        MatchingRule* mr;
+        ComponentNull *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = ((ComponentNull*)csi_attr);
+        b = ((ComponentNull*)csi_assert);
+                                                                          
+        return (a->value == b->value) ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : NULL
+ */
+int
+GEncComponentNull ( GenBuf *b, ComponentNull *in )
+{
+	GAsnNull t = {0};
+
+	if ( !in )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnNullContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : NULL
+ */
+int
+GDecComponentNull ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentNull* k, **k2;
+	GAsnNull result;
+                                                                          
+        k = (ComponentNull*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentNull**) v;
+                *k2 = (ComponentNull*) CompAlloc( mem_op, sizeof( ComponentNull ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnNullContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+
+	k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
+	k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
+	k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
+	k->comp_desc->cd_extract_i = NULL;
+	k->comp_desc->cd_type = ASN_BASIC;
+	k->comp_desc->cd_type_id = BASICTYPE_NULL;
+	k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNull;
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : NULL
+ */
+int
+BDecComponentNullTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+	return BDecComponentNull ( mem_op, b, 0, 0, v,bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentNull* k, **k2;
+	AsnNull result;
+
+        k = (ComponentNull*) v;
+                                                                         
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentNull**) v;
+                *k2 = (ComponentNull*) CompAlloc( mem_op, sizeof( ComponentNull ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnNull ( mem_op, b, &result, bytesDecoded );
+	}
+	else {
+		rc = BDecAsnNullContent ( mem_op, b, tagId, len, &result, bytesDecoded);
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+	k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNull;
+	k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNull;
+	k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNull;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentNull;
+	k->comp_desc->cd_extract_i = NULL;
+	k->comp_desc->cd_type = ASN_BASIC;
+	k->comp_desc->cd_type_id = BASICTYPE_NULL;
+	k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNull;
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : NumericString
+ */
+int
+BDecComponentNumericStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentNumericString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentNumericString* k, **k2;
+	NumericString result;
+
+        k = (ComponentNumericString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentNumericString**) v;
+                *k2 = (ComponentNumericString*) CompAlloc( mem_op, sizeof( ComponentNumericString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecNumericString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecNumericStringContent ( mem_op, b, tagId, len, &result, bytesDecoded);
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+        k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentNumericString;
+        k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentNumericString;
+        k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentNumericString;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentNumericString;
+        k->comp_desc->cd_extract_i = NULL;
+        k->comp_desc->cd_type = ASN_BASIC;
+        k->comp_desc->cd_type_id = BASICTYPE_NUMERIC_STR;
+        k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentNumericString;
+
+	return LDAP_SUCCESS;
+}
+
+
+/*
+ * Free function : OCTET STRING
+ */
+void
+FreeComponentOcts ( ComponentOcts* v) {
+	FreeAsnOcts( &v->value );
+}
+
+/*
+ * Matching function : OCTET STRING
+ */
+int
+MatchingComponentOcts ( char* oid, ComponentSyntaxInfo* csi_attr,
+			ComponentSyntaxInfo* csi_assert )
+{
+        int rc;
+        MatchingRule* mr;
+        ComponentOcts *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = (ComponentOcts*) csi_attr;
+        b = (ComponentOcts*) csi_assert;
+	/* Assume that both of OCTET string has end of string character */
+	if ( (a->value.octetLen == b->value.octetLen) &&
+		strncmp ( a->value.octs, b->value.octs, a->value.octetLen ) == 0 )
+        	return LDAP_COMPARE_TRUE;
+	else
+		return LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : OCTET STRING
+ */
+int
+GEncComponentOcts ( GenBuf* b, ComponentOcts *in )
+{
+	GAsnOcts t = {0};
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+
+	t.value = in->value;
+	return GEncAsnOctsContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : OCTET STRING
+ */
+int
+GDecComponentOcts ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char *peek_head, *data;
+        int i, j, strLen;
+        void* component_values;
+        ComponentOcts* k, **k2;
+	GAsnOcts result;
+                                                                          
+        k = (ComponentOcts*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentOcts**) v;
+                *k2 = (ComponentOcts*) CompAlloc( mem_op, sizeof( ComponentOcts ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnOctsContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+
+	k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
+	k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
+	k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
+	k->comp_desc->cd_extract_i = NULL;
+	k->comp_desc->cd_type = ASN_BASIC;
+	k->comp_desc->cd_type_id = BASICTYPE_OCTETSTRING;
+	k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOcts;
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : OCTET STRING
+ */
+int
+BDecComponentOctsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentOcts ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentOcts ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char *peek_head, *data;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentOcts* k, **k2;
+	AsnOcts result;
+                                                                          
+        k = (ComponentOcts*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentOcts**) v;
+                *k2 = (ComponentOcts*) CompAlloc( mem_op, sizeof( ComponentOcts ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnOcts ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnOctsContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+        k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !k->comp_desc )  {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentOcts;
+        k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentOcts;
+        k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentOcts;
+	k->comp_desc->cd_free = (comp_free_func*)FreeComponentOcts;
+        k->comp_desc->cd_extract_i = NULL;
+        k->comp_desc->cd_type = ASN_BASIC;
+        k->comp_desc->cd_type_id = BASICTYPE_OCTETSTRING;
+        k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentOcts;
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : OBJECT IDENTIFIER
+ */
+int
+MatchingComponentOid ( char *oid, ComponentSyntaxInfo *csi_attr ,
+			ComponentSyntaxInfo *csi_assert )
+{
+        int rc;
+        MatchingRule* mr;
+        ComponentOid *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+
+        a = (ComponentOid*)csi_attr;
+        b = (ComponentOid*)csi_assert;
+	if ( a->value.octetLen != b->value.octetLen )
+		return LDAP_COMPARE_FALSE;
+        rc = ( strncmp( a->value.octs, b->value.octs, a->value.octetLen ) == 0 );
+                                                                          
+        return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : OID
+ */
+GEncComponentOid ( GenBuf *b, ComponentOid *in )
+{
+	GAsnOid t = {0};
+
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnOidContent( b, (GAsnOcts*)&t );
+}
+
+/*
+ * GSER Decoder : OID
+ */
+int
+GDecAsnDescOidContent ( void* mem_op, GenBuf *b, GAsnOid *result, AsnLen *bytesDecoded ){
+	AttributeType *ad_type;
+	struct berval name;
+	char* peek_head;
+	int strLen;
+
+	strLen = LocateNextGSERToken ( mem_op, b, &peek_head, GSER_NO_COPY );
+	name.bv_val = peek_head;
+	name.bv_len = strLen;
+
+	ad_type = at_bvfind( &name );
+
+	if ( !ad_type )
+		return LDAP_DECODING_ERROR;
+
+	peek_head = ad_type->sat_atype.at_oid;
+	strLen = strlen ( peek_head );
+
+	result->value.octs = (char*)EncodeComponentOid ( mem_op, peek_head , &strLen );
+	result->value.octetLen = strLen;
+	return LDAP_SUCCESS;
+}
+
+int
+IsNumericOid ( char* peek_head , int strLen ) {
+	int i;
+	int num_dot;
+	for ( i = 0, num_dot = 0 ; i < strLen ; i++ ) {
+		if ( peek_head[i] == '.' ) num_dot++;
+		else if ( peek_head[i] > '9' || peek_head[i] < '0' )
+			return (-1);
+	}
+	if ( num_dot )
+		return (1);
+	else
+		return (-1);
+}
+
+int
+GDecComponentOid ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentOid* k, **k2;
+	GAsnOid result;
+                                                                          
+        k = (ComponentOid*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentOid**) v;
+                *k2 = (ComponentOid*) CompAlloc( mem_op, sizeof( ComponentOid ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	strLen = LocateNextGSERToken ( mem_op, b, &peek_head, GSER_PEEK );
+	if ( IsNumericOid ( peek_head , strLen ) >= 1 ) {
+		/* numeric-oid */
+		if ( GDecAsnOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+			if ( k ) CompFree ( mem_op, k );
+			return LDAP_DECODING_ERROR;
+		}
+	}
+	else {
+		/*descr*/
+		if ( GDecAsnDescOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ){
+			if ( k ) CompFree ( mem_op, k );
+			return LDAP_DECODING_ERROR;
+		}
+	}
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_OID);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : OID
+ */
+int
+BDecComponentOidTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentOid ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v,
+			AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentOid* k, **k2;
+	AsnOid result;
+                                                                          
+        k = (ComponentOid*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentOid**) v;
+                *k2 = (ComponentOid*) CompAlloc( mem_op, sizeof( ComponentOid ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnOid ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnOidContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+	k->comp_desc = get_component_description (BASICTYPE_OID);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : PrintableString
+ */
+
+int
+BDecComponentPrintableStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+	return BDecComponentPrintableString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentPrintableString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentPrintableString* k, **k2;
+	AsnOid result;
+                                                                          
+        k = (ComponentPrintableString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentPrintableString**) v;
+                *k2 = (ComponentPrintableString*) CompAlloc( mem_op, sizeof( ComponentPrintableString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ) {
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecPrintableString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecPrintableStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+	k->comp_desc = get_component_description (BASICTYPE_PRINTABLE_STR);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : TeletexString
+ */
+
+int
+BDecComponentTeletexStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+	return BDecComponentTeletexString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentTeletexString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentTeletexString* k, **k2;
+	AsnOid result;
+                                                                          
+        k = (ComponentTeletexString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentTeletexString**) v;
+                *k2 = (ComponentTeletexString*) CompAlloc( mem_op, sizeof( ComponentTeletexString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ) {
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecTeletexString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecTeletexStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+
+	k->comp_desc = get_component_description (BASICTYPE_T61_STR);
+
+	return LDAP_SUCCESS;
+}
+
+
+/*
+ * Matching function : Real
+ */
+int
+MatchingComponentReal (char* oid, ComponentSyntaxInfo *csi_attr,
+			ComponentSyntaxInfo *csi_assert )
+{
+        int rc;
+        MatchingRule* mr;
+        ComponentReal *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+        a = (ComponentReal*)csi_attr;
+        b = (ComponentReal*)csi_assert;
+        rc = (a->value == b->value);
+                                                                          
+        return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : Real
+ */
+int
+GEncComponentReal ( GenBuf *b, ComponentReal *in )
+{
+	GAsnReal t = {0};
+	if ( !in )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnRealContent ( b, &t );
+}
+
+/*
+ * GSER Decoder : Real
+ */
+int
+GDecComponentReal ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentReal* k, **k2;
+	GAsnReal result;
+                                                                          
+        k = (ComponentReal*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentReal**) v;
+                *k2 = (ComponentReal*) CompAlloc( mem_op, sizeof( ComponentReal ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( GDecAsnRealContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_REAL);
+
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : Real
+ */
+int
+BDecComponentRealTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentReal ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentReal ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentReal* k, **k2;
+	AsnReal result;
+                                                                          
+        k = (ComponentReal*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentReal**) v;
+                *k2 = (ComponentReal*) CompAlloc( mem_op, sizeof( ComponentReal ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnReal ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnRealContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_REAL);
+
+        return LDAP_SUCCESS;
+}
+
+/*
+ * Matching function : Relative OID
+ */
+int
+MatchingComponentRelativeOid ( char* oid, ComponentSyntaxInfo *csi_attr,
+					ComponentSyntaxInfo *csi_assert )
+{
+        int rc;
+        MatchingRule* mr;
+        ComponentRelativeOid *a, *b;
+                                                                          
+        if( oid ) {
+                mr = retrieve_matching_rule(oid, csi_attr->csi_comp_desc->cd_type_id );
+                if ( mr )
+                        return component_value_match( mr, csi_attr , csi_assert );
+        }
+
+        a = (ComponentRelativeOid*)csi_attr;
+        b = (ComponentRelativeOid*)csi_assert;
+
+	if ( a->value.octetLen != b->value.octetLen )
+		return LDAP_COMPARE_FALSE;
+        rc = ( strncmp( a->value.octs, b->value.octs, a->value.octetLen ) == 0 );
+                                                                          
+        return rc ? LDAP_COMPARE_TRUE:LDAP_COMPARE_FALSE;
+}
+
+/*
+ * GSER Encoder : RELATIVE_OID.
+ */
+int
+GEncComponentRelativeOid ( GenBuf *b, ComponentRelativeOid *in )
+{
+	GAsnRelativeOid t = {0};
+
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncAsnRelativeOidContent ( b , (GAsnOcts*)&t );
+}
+
+/*
+ * GSER Decoder : RELATIVE_OID.
+ */
+int
+GDecComponentRelativeOid ( void* mem_op, GenBuf *b,void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen;
+        void* component_values;
+        ComponentRelativeOid* k, **k2;
+	GAsnRelativeOid result;
+                                                                          
+        k = (ComponentRelativeOid*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentRelativeOid**) v;
+                *k2 = (ComponentRelativeOid*) CompAlloc( mem_op, sizeof( ComponentRelativeOid ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( GDecAsnRelativeOidContent ( mem_op, b, &result, bytesDecoded ) < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result.value;
+	k->comp_desc = get_component_description (BASICTYPE_OID);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : RELATIVE_OID.
+ */
+int
+BDecComponentRelativeOidTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentRelativeOid ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentRelativeOid* k, **k2;
+	AsnRelativeOid result;
+                                                                          
+        k = (ComponentRelativeOid*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentRelativeOid**) v;
+                *k2 = (ComponentRelativeOid*) CompAlloc( mem_op, sizeof( ComponentRelativeOid ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecAsnRelativeOid ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecAsnRelativeOidContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_OID);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * GSER Encoder : UniversalString
+ */
+int
+GEncComponentUniversalString ( GenBuf *b, ComponentUniversalString *in )
+{
+	GUniversalString t = {0};
+	if ( !in || in->value.octetLen <= 0 )
+		return (-1);
+	t.value = in->value;
+	return GEncUniversalStringContent( b, &t );
+}
+
+/*
+ * GSER Decoder : UniversalString
+ */
+static int
+UTF8toUniversalString( char* octs, int len){
+	/* Need to be Implemented */
+	return LDAP_SUCCESS;
+}
+
+int
+GDecComponentUniversalString ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode )
+{
+	if ( GDecComponentUTF8String ( mem_op, b, v, bytesDecoded, mode) < 0 )
+	UTF8toUniversalString( ((ComponentUniversalString*)v)->value.octs, ((ComponentUniversalString*)v)->value.octetLen );
+		return LDAP_DECODING_ERROR;
+}
+
+/*
+ * Component BER Decoder : UniverseString
+ */
+int
+BDecComponentUniversalStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentUniversalString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentUniversalString* k, **k2;
+	UniversalString result;
+
+        k = (ComponentUniversalString*) v;
+
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentUniversalString**) v;
+                *k2 = (ComponentUniversalString*) CompAlloc( mem_op, sizeof( ComponentUniversalString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecUniversalString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecUniversalStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	if ( rc < 0 ) {
+		if ( k ) CompFree ( mem_op, k );
+		return LDAP_DECODING_ERROR;
+	}
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_UNIVERSAL_STR);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Component BER Decoder : VisibleString
+ */
+int
+BDecComponentVisibleStringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode ) {
+	return BDecComponentVisibleString ( mem_op, b, 0, 0, v, bytesDecoded, mode|CALL_TAG_DECODER );
+}
+
+int
+BDecComponentVisibleString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode )
+{
+        char* peek_head;
+        int i, strLen, rc;
+        void* component_values;
+        ComponentVisibleString* k, **k2;
+	VisibleString result;
+                                                                          
+        k = (ComponentVisibleString*) v;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentVisibleString**) v;
+                *k2 = (ComponentVisibleString*) CompAlloc( mem_op, sizeof( ComponentVisibleString ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ( mode & CALL_TAG_DECODER ){
+		mode = mode & CALL_CONTENT_DECODER;
+		rc = BDecVisibleString ( mem_op, b, &result, bytesDecoded );
+	} else {
+		rc = BDecVisibleStringContent ( mem_op, b, tagId, len, &result, bytesDecoded );
+	}
+	k->value = result;
+	k->comp_desc = get_component_description (BASICTYPE_VISIBLE_STR);
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * Routines for handling an ANY DEFINED Type
+ */
+
+/* Check if the <select> type CR and the OID of the given ANY type */
+int
+CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo* cai, struct berval* select ) {
+	int strLen;
+	AttributeType* ad_type;
+	char* oid;
+	char* result;
+
+	if ( IsNumericOid ( select->bv_val , select->bv_len ) ) {
+		oid = select->bv_val;
+		strLen = select->bv_len;
+	} else {
+		ad_type = at_bvfind( select );
+
+		if ( !ad_type )
+			return LDAP_DECODING_ERROR;
+
+		oid = ad_type->sat_atype.at_oid;
+		strLen = strlen ( oid );
+	}
+	result = EncodeComponentOid ( mem_op, oid , &strLen );
+	if ( !result || strLen <= 0 ) return (-1);
+
+	if ( cai->oid.octetLen == strLen &&
+		strncmp ( cai->oid.octs, result, strLen ) == 0 )
+		return (1);
+	else
+		return (-1);
+}
+
+int
+SetAnyTypeByComponentOid ( ComponentAny *v, ComponentOid *id ) {
+	Hash hash;
+	void *anyInfo;
+
+	/* use encoded oid as hash string */
+	hash = MakeHash (id->value.octs, id->value.octetLen);
+	if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+		v->cai = (ComponentAnyInfo*) anyInfo;
+	else
+		v->cai = NULL;
+
+	if ( !v->cai ) {
+	/*
+	 * If not found, the data considered as octet chunk
+	 * Yet-to-be-Implemented
+	 */
+	}
+	return LDAP_SUCCESS;
+}
+
+void
+SetAnyTypeByComponentInt( ComponentAny *v, ComponentInt id) {
+	Hash hash;
+	void *anyInfo;
+
+	hash = MakeHash ((char*)&id, sizeof (id));
+	if (CheckForAndReturnValue (anyIntHashTblG, hash, &anyInfo))
+		v->cai = (ComponentAnyInfo*) anyInfo;
+	else
+		v->cai = NULL;
+}
+
+int
+GEncComponentAny ( GenBuf *b, ComponentAny *in )
+{
+	if ( in->cai != NULL  && in->cai->Encode != NULL )
+		return in->cai->Encode(b, &in->value );
+	else
+		return (-1);
+}
+
+int
+BEncComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode)
+{
+        ComponentAny *k, **k2;
+                                                                          
+        k = (ComponentAny*) result;
+
+	if ( !k ) return (-1);
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentAny**) result;
+                *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ((result->cai != NULL) && (result->cai->BER_Decode != NULL)) {
+		result->value = (void*) CompAlloc ( mem_op, result->cai->size );
+		if ( !result->value ) return 0;
+		result->cai->BER_Decode ( mem_op, b, result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_1);
+
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		if ( !k->comp_desc )  {
+			if ( k ) CompFree ( mem_op, k );
+			return LDAP_DECODING_ERROR;
+		}
+		k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+		k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+		k->comp_desc->cd_extract_i = NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_ANY;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+		return LDAP_SUCCESS;
+	}
+	else {
+		Asn1Error ("ERROR - Component ANY Decode routine is NULL\n");
+		return 0;
+	}
+}
+
+int
+BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
+	int rc;
+        ComponentAny *k, **k2;
+                                                                          
+        k = (ComponentAny*) result;
+
+	if ( !k ) return (-1);
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentAny**) result;
+                *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	
+	if ((result->cai != NULL) && (result->cai->BER_Decode != NULL)) {
+		result->cai->BER_Decode ( mem_op, b, (ComponentSyntaxInfo*)&result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_0 );
+
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		if ( !k->comp_desc )  {
+			if ( k ) CompFree ( mem_op, k );
+			return LDAP_DECODING_ERROR;
+		}
+		k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+		k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+		k->comp_desc->cd_extract_i = NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_ANY;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+		return LDAP_SUCCESS;
+	}
+	else {
+		Asn1Error ("ERROR - Component ANY Decode routine is NULL\n");
+		return 0;
+	}
+}
+
+int
+GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode) {
+        ComponentAny *k, **k2;
+                                                                          
+        k = (ComponentAny*) result;
+                                                                          
+        if ( mode & DEC_ALLOC_MODE_0 ) {
+                k2 = (ComponentAny**) result;
+                *k2 = (ComponentAny*) CompAlloc( mem_op, sizeof( ComponentAny ) );
+		if ( !*k2 ) return LDAP_DECODING_ERROR;
+                k = *k2;
+        }
+	if ((result->cai != NULL) && (result->cai->GSER_Decode != NULL)) {
+		result->value = (void*) CompAlloc ( mem_op, result->cai->size );
+		if ( !result->value ) return 0;
+		result->cai->GSER_Decode ( mem_op, b, result->value, (int*)bytesDecoded, DEC_ALLOC_MODE_1);
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		if ( !k->comp_desc )  {
+			if ( k ) CompFree ( mem_op, k );
+			return LDAP_DECODING_ERROR;
+		}
+		k->comp_desc->cd_gser_encoder = (encoder_func*)GEncComponentAny;
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentAny;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentAny;
+		k->comp_desc->cd_free = (comp_free_func*)FreeComponentAny;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_extract_i = NULL;
+		k->comp_desc->cd_type_id = BASICTYPE_ANY;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentAny;
+		return LDAP_SUCCESS;
+	}
+	else {
+		Asn1Error ("ERROR - ANY Decode routine is NULL\n");
+		return 0;
+	}
+}
+
+int
+MatchingComponentAny (char* oid, ComponentAny *result, ComponentAny *result2) {
+	void *comp1, *comp2;
+
+	if ( result->comp_desc->cd_type_id == BASICTYPE_ANY )
+		comp1 = result->value;
+	else
+		comp1 = result;
+
+	if ( result2->comp_desc->cd_type_id == BASICTYPE_ANY )
+		comp2 = result2->value;
+	else
+		comp2 = result2;
+		
+	if ((result->cai != NULL) && (result->cai->Match != NULL)) {
+		if ( result->comp_desc->cd_type_id == BASICTYPE_ANY )
+			return result->cai->Match(oid, comp1, comp2 );
+		else if ( result2->comp_desc->cd_type_id == BASICTYPE_ANY )
+			return result2->cai->Match(oid, comp1, comp2);
+		else 
+			return LDAP_INVALID_SYNTAX;
+	}
+	else {
+		Asn1Error ("ERROR - ANY Matching routine is NULL\n");
+		return LDAP_INVALID_SYNTAX;
+	}
+}
+
+void*
+ExtractingComponentAny ( void* mem_op, ComponentReference* cr,  ComponentAny *result ) {
+	if ((result->cai != NULL) && (result->cai->Extract != NULL)) {
+		return (void*) result->cai->Extract( mem_op, cr , result->value );
+	}
+	else {
+		Asn1Error ("ERROR - ANY Extracting routine is NULL\n");
+		return (void*)NULL;
+	}
+}
+
+void
+FreeComponentAny (ComponentAny* any) {
+	if ( any->cai != NULL && any->cai->Free != NULL ) {
+		any->cai->Free( any->value );
+		free ( ((ComponentSyntaxInfo*)any->value)->csi_comp_desc );
+		free ( any->value );
+	}
+	else
+		Asn1Error ("ERROR - ANY Free routine is NULL\n");
+}
+
+void
+InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size,
+			EncodeFcn encode, gser_decoder_func* G_decode,
+			ber_tag_decoder_func* B_decode, ExtractFcn extract,
+			MatchFcn match, FreeFcn free,
+			PrintFcn print)
+{
+	ComponentAnyInfo *a;
+	Hash h;
+
+	a = (ComponentAnyInfo*) malloc(sizeof (ComponentAnyInfo));
+	a->anyId = anyId;
+	a->oid.octs = NULL;
+	a->oid.octetLen = 0;
+	a->intId = intId;
+	a->size = size;
+	a->Encode = encode;
+	a->GSER_Decode = G_decode;
+	a->BER_Decode = B_decode;
+	a->Match = match;
+	a->Extract = extract;
+	a->Free = free;
+	a->Print = print;
+
+	if (anyIntHashTblG == NULL)
+		anyIntHashTblG = InitHash();
+
+	h = MakeHash ((char*)&intId, sizeof (intId));
+
+	if(anyIntHashTblG != NULL)
+		Insert(anyIntHashTblG, a, h);
+}
+
+
+/*
+ * OID and its corresponding decoder can be registered with this func.
+ * If contained types constrained by <select> are used,
+ * their OID and decoder MUST be registered, otherwise it will return no entry.
+ * An open type(ANY type) also need be registered.
+ */
+void
+InstallOidDecoderMapping ( char* ch_oid, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match ) {
+	AsnOid oid;
+	int strLen;
+	void* mem_op;
+
+	strLen = strlen( ch_oid );
+	if( strLen <= 0 ) return;
+	mem_op = comp_nibble_memory_allocator ( 128, 16 );
+	oid.octs = EncodeComponentOid ( mem_op, ch_oid, &strLen );
+	oid.octetLen = strLen;
+	if( strLen <= 0 ) return;
+	
+
+	InstallAnyByComponentOid ( 0, &oid, 0, encode, G_decode, B_decode,
+						extract, match, NULL, NULL);
+	comp_nibble_memory_free(mem_op);
+}
+
+/*
+ * Look up Oid-decoder mapping table by berval have either
+ * oid or description
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyBV( struct berval* in ) {
+	if ( IsNumericOid ( in->bv_val, in->bv_len ) )
+		return RetrieveOidDecoderMappingbyOid( in->bv_val, in->bv_len );
+	else
+		return RetrieveOidDecoderMappingbyDesc( in->bv_val, in->bv_len );
+}
+
+/*
+ * Look up Oid-decoder mapping table by dotted OID
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len ) {
+	Hash hash;
+	void *anyInfo;
+	AsnOid oid;
+	int strLen;
+	void* mem_op;
+
+	mem_op = comp_nibble_memory_allocator ( 128, 16 );
+	oid.octs = EncodeComponentOid ( mem_op, ch_oid, &oid_len);
+	oid.octetLen = oid_len;
+	if( oid_len <= 0 ) {
+		comp_nibble_memory_free( mem_op );
+		return NULL;
+	}
+	
+	/* use encoded oid as hash string */
+	hash = MakeHash ( oid.octs, oid.octetLen);
+	comp_nibble_memory_free( mem_op );
+	if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+		return (OidDecoderMapping*) anyInfo;
+	else
+		return (OidDecoderMapping*) NULL;
+
+}
+
+/*
+ * Look up Oid-decoder mapping table by description
+ */
+OidDecoderMapping*
+RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len ) {
+	Hash hash;
+	void *anyInfo;
+	AsnOid oid;
+	AttributeType* ad_type;
+	struct berval bv;
+	void* mem_op;
+
+	bv.bv_val = desc;
+	bv.bv_len = desc_len;
+	ad_type = at_bvfind( &bv );
+
+	oid.octs = ad_type->sat_atype.at_oid;
+	oid.octetLen = strlen ( oid.octs );
+
+	if ( !ad_type )
+		return (OidDecoderMapping*) NULL;
+
+	mem_op = comp_nibble_memory_allocator ( 128, 16 );
+
+	oid.octs = EncodeComponentOid ( mem_op, oid.octs , (int*)&oid.octetLen );
+	if( oid.octetLen <= 0 ) {
+		comp_nibble_memory_free( mem_op );
+		return (OidDecoderMapping*) NULL;
+	}
+	
+	/* use encoded oid as hash string */
+	hash = MakeHash ( oid.octs, oid.octetLen);
+	comp_nibble_memory_free( mem_op );
+	if (CheckForAndReturnValue (anyOidHashTblG, hash, &anyInfo))
+		return (OidDecoderMapping*) anyInfo;
+	else
+		return (OidDecoderMapping*) NULL;
+
+}
+void
+InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size,
+			EncodeFcn encode, gser_decoder_func* G_decode,
+			ber_tag_decoder_func* B_decode, ExtractFcn extract,
+			 MatchFcn match, FreeFcn free, PrintFcn print)
+{
+	ComponentAnyInfo *a;
+	Hash h;
+
+	a = (ComponentAnyInfo*) malloc (sizeof (ComponentAnyInfo));
+	a->anyId = anyId;
+	if ( oid ) {
+		a->oid.octs = malloc( oid->octetLen );
+		memcpy ( a->oid.octs, oid->octs, oid->octetLen );
+		a->oid.octetLen = oid->octetLen;
+	}
+	a->size = size;
+	a->Encode = encode;
+	a->GSER_Decode = G_decode;
+	a->BER_Decode = B_decode;
+	a->Match = match;
+	a->Extract = extract;
+	a->Free = free;
+	a->Print = print;
+
+	h = MakeHash (oid->octs, oid->octetLen);
+
+	if (anyOidHashTblG == NULL)
+		anyOidHashTblG = InitHash();
+
+	if(anyOidHashTblG != NULL)
+		Insert(anyOidHashTblG, a, h);
+}
+
+int
+BDecComponentTop  (
+ber_decoder_func *decoder _AND_
+void* mem_op _AND_
+GenBuf *b _AND_
+AsnTag tag _AND_
+AsnLen elmtLen _AND_
+void **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode) {
+	tag = BDecTag ( b, bytesDecoded );
+	elmtLen = BDecLen ( b, bytesDecoded );
+	if ( elmtLen <= 0 ) return (-1);
+	if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+		return (-1);
+	}
+		
+	return (*decoder)( mem_op, b, tag, elmtLen, (ComponentSyntaxInfo*)v,(int*)bytesDecoded, mode );
+}
+
+/*
+ * ASN.1 specification of a distinguished name
+ * DistinguishedName ::= RDNSequence
+ * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+ * RelativeDistinguishedName ::= SET SIZE(1..MAX) OF AttributeTypeandValue
+ * AttributeTypeandValue ::= SEQUENCE {
+ * 	type	AttributeType
+ *	value	AttributeValue
+ * }
+ * When dnMatch/rdnMatch is used in a component assertion value
+ * the component in DistinguishedName/RelativeDistinguishedName
+ * need to be converted to the LDAP encodings in RFC2253
+ * in order to be matched against the assertion value
+ * If allComponentMatch is used, the assertion value may be
+ * decoded into the Internal Representation(Component Tree)
+ * by the corresponding GSER or BER decoder
+ * Following routine converts a component tree(DistinguishedName) into
+ * LDAP encodings in RFC2253
+ * Example)
+ * IR : ComponentRDNSequence
+ * GSER : { { type cn, value sang },{ type o, value ibm}, {type c, value us} }
+ * LDAP Encodings : cn=sang,o=ibm,c=us 
+ */
+
+increment_bv_mem_by_size ( struct berval* in, int size ) {
+	int new_size = in->bv_len + size;
+	in->bv_val = realloc( in->bv_val, new_size );
+	in->bv_len = new_size;
+}
+
+int
+ConvertBER2Desc( char* in, int size, struct berval* out, int* pos ) {
+	int desc_size;
+	char* desc_ptr;
+	unsigned int firstArcNum;
+	unsigned int arcNum;
+	int i, rc, start_pos = *pos;
+	char buf[MAX_OID_LEN];
+	AttributeType *at;
+	struct berval bv_name;
+
+	/*convert BER oid to desc*/
+	for ( i = 0, arcNum = 0; (i < size) && (in[i] & 0x80 ); i++ )
+		arcNum = (arcNum << 7) + (in[i] & 0x7f);
+	arcNum = (arcNum << 7) + (in[i] & 0x7f);
+	i++;
+	firstArcNum = (unsigned short)(arcNum/40);
+	if ( firstArcNum > 2 )
+		firstArcNum = 2;
+	
+	arcNum = arcNum - (firstArcNum * 40 );
+
+	rc = intToAscii ( arcNum, buf );
+
+	/*check if the buffer can store the first/second arc and two dots*/
+	if ( out->bv_len < *pos + 2 + 1 + rc )
+		increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+
+	if ( firstArcNum == 1)
+		out->bv_val[*pos] = '1';
+	else
+		out->bv_val[*pos] = '2';
+	(*pos)++;
+	out->bv_val[*pos] = '.';
+	(*pos)++;
+
+	memcpy( out->bv_val + *pos, buf, rc );
+	*pos += rc;
+	out->bv_val[*pos] = '.';
+	(*pos)++;
+
+	for ( ; i < size ; ) {
+		for ( arcNum=0; (i < size) && (in[i] & 0x80) ; i++ )
+			arcNum = (arcNum << 7) + (in[i] & 0x7f);
+		arcNum = (arcNum << 7) + (in[i] & 0x7f);
+		i++;
+
+		rc = intToAscii ( arcNum, buf );
+
+		if ( out->bv_len < *pos + rc + 1 )
+			increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+
+		memcpy( out->bv_val + *pos, buf, rc );
+		*pos += rc;
+		out->bv_val[*pos] = '.';
+		(*pos)++;
+	}
+	(*pos)--;/*remove the last '.'*/
+
+	/*
+	 * lookup OID database to locate desc
+	 * then overwrite OID with desc in *out
+	 * If failed to look up desc, OID form is used
+	 */
+	bv_name.bv_val = out->bv_val + start_pos;
+	bv_name.bv_len = *pos - start_pos;
+	at = at_bvfind( &bv_name );
+	if ( !at )
+		return LDAP_SUCCESS;
+	desc_size = at->sat_cname.bv_len;
+	memcpy( out->bv_val + start_pos, at->sat_cname.bv_val, desc_size );
+	*pos = start_pos + desc_size;
+	return LDAP_SUCCESS;
+}
+
+int
+ConvertComponentAttributeTypeAndValue2RFC2253 ( irAttributeTypeAndValue* in, struct berval* out, int *pos ) {
+	int rc;
+	int value_size = ((ComponentUTF8String*)in->value.value)->value.octetLen;
+	char* value_ptr =  ((ComponentUTF8String*)in->value.value)->value.octs;
+
+	rc = ConvertBER2Desc( in->type.value.octs, in->type.value.octetLen, out, pos );
+	if ( rc != LDAP_SUCCESS ) return rc;
+	if ( out->bv_len < *pos + 1/*for '='*/  )
+		increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+	/*Between type and value, put '='*/
+	out->bv_val[*pos] = '=';
+	(*pos)++;
+
+	/*Assume it is string*/		
+	if ( out->bv_len < *pos + value_size )
+		increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+	memcpy( out->bv_val + *pos, value_ptr, value_size );
+	out->bv_len += value_size;
+	*pos += value_size;
+	
+	return LDAP_SUCCESS;
+}
+
+int
+ConvertRelativeDistinguishedName2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out , int* pos) {
+	irAttributeTypeAndValue* attr_typeNvalue;
+	int rc;
+
+
+	FOR_EACH_LIST_ELMT( attr_typeNvalue, &in->comp_list)
+	{
+		rc = ConvertComponentAttributeTypeAndValue2RFC2253( attr_typeNvalue, out, pos );
+		if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
+
+		if ( out->bv_len < *pos + 1/*for '+'*/  )
+			increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+		/*between multivalued RDNs, put comma*/
+		out->bv_val[(*pos)++] = '+';
+	}
+	(*pos)--;/*remove the last '+'*/
+	return LDAP_SUCCESS;
+}
+
+int 
+ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out ) {
+	int rc, pos = 0;
+	out->bv_val = (char*)malloc( INITIAL_DN_SIZE );
+	out->bv_len = INITIAL_DN_SIZE;
+
+	rc = ConvertRelativeDistinguishedName2RFC2253 ( in, out , &pos);
+	if ( rc != LDAP_SUCCESS ) return rc;
+	out->bv_val[pos] = '\0';
+	out->bv_len = pos;
+	return LDAP_SUCCESS;
+}
+
+int
+ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out ) {
+	irRelativeDistinguishedName* rdn_seq;
+	AsnList* seq = &in->comp_list;
+	int pos = 0, rc ;
+
+	out->bv_val = (char*)malloc( INITIAL_DN_SIZE );
+	out->bv_len = INITIAL_DN_SIZE;
+
+	FOR_EACH_LIST_ELMT( rdn_seq, seq )
+	{
+		rc = ConvertRelativeDistinguishedName2RFC2253( rdn_seq, out, &pos );
+		if ( rc != LDAP_SUCCESS ) return LDAP_INVALID_SYNTAX;
+
+		if ( out->bv_len < pos + 1/*for ','*/ )
+			increment_bv_mem_by_size ( out, INCREMENT_SIZE );
+		/*Between RDN, put comma*/
+		out->bv_val[pos++] = ',';
+	}
+	pos--;/*remove the last '+'*/
+	out->bv_val[pos] = '\0';
+	out->bv_len =pos;
+	return LDAP_SUCCESS;
+}
+
+#endif
diff --git a/contrib/slapd-modules/comp_match/componentlib.h b/contrib/slapd-modules/comp_match/componentlib.h
new file mode 100644
index 0000000..1ebd11e
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/componentlib.h
@@ -0,0 +1,593 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18	03:20:00	slim@OpenLDAP.org
+ */
+
+#ifndef _H_COMPONENT_MODULE
+#define _H_COMPONENT_MODULE
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include <slap.h>
+#include <component.h>
+
+#include <asn-incl.h>
+#include "asn.h"
+#include <asn-gser.h>
+#include <string.h>
+
+#define MAX_IDENTIFIER_LEN	32
+#define COMPONENTNOT_NULL(ptr)  ((ptr) != NULL)
+
+typedef struct slap_component_type {
+        /*
+         * Don't change the order of following fields
+         * They are identical the first 9 fields of
+         * AttributeType
+         */
+        LDAPAttributeType               ct_atype;
+        struct berval                   ct_cname;
+        struct slap_attribute_type      *ct_sup;
+        struct slap_attribute_type      **ct_subtypes;
+        MatchingRule                    *ct_equality;
+        MatchingRule                    *ct_approx;
+        MatchingRule                    *ct_ordering;
+        MatchingRule                    *ct_substr;
+        Syntax                          *ct_syntax;
+} ComponentType;
+
+
+/*
+ * BIT STRING
+ */
+typedef struct ComponentBits {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnBits value;
+} ComponentBits;
+
+#define GASNBITS_PRESENT(abits) ((abits)->value.bits != NULL)
+#define COMPONENTBITS_PRESENT(abits) ((abits)->value.bits != NULL)
+int GEncComponentBits (GenBuf *b, ComponentBits* bits);
+int GDecComponentBits (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBits (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentBits (char* oid, ComponentSyntaxInfo *bits1 , ComponentSyntaxInfo* bits2);
+#define ExtractingComponentBits( mem_op, cr,data ) NULL
+
+/*
+ * BMP String
+ */
+typedef struct ComponentBMPString {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	BMPString value;
+} ComponentBMPString;
+
+int GEncComponentBMPString (GenBuf *b, ComponentBMPString* bmp);
+int GDecComponentBMPString (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBMPString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentBMPString MatchingComponentOcts
+#define ExtractingComponentBMPString( mem_op, cr, data ) NULL
+#define FreeComponentBMPString FreeComponentOcts
+
+/*
+ * BOOLEAN
+ */
+typedef struct ComponentBool {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnBool value;
+} ComponentBool;
+
+int GEncComponentBool (GenBuf *b, ComponentBool * bool );
+int GDecComponentBool ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentBool ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentBool (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentBool( mem_op, cr, data ) NULL
+#define FreeComponentBool(v) NULL
+
+/*
+ * ENUMERATED
+ */
+typedef struct ComponentEnum {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnEnum value;
+	struct berval value_identifier;/*Why this value is defined here?*/
+} ComponentEnum;
+
+int GEncComponentEnum (GenBuf *b, ComponentEnum* comp_enum);
+int GDecComponentEnum ( void* mem_op, GenBuf *a, void *result, AsnLen *bytesDecoded,int mode);
+int BDecComponentEnum ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentEnum (char *oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo * b);
+#define ExtractingComponentEnum( mem_op, cr, data ) NULL
+#define FreeComponentEnum FreeComponentInt
+
+/*
+ * IA5 String
+ */
+typedef struct ComponentIA5String {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	IA5String value;
+} ComponentIA5String;
+
+#define GEncComponentIA5String GEncComponentUTF8String
+#define GDecComponentIA5String GDecComponentUTF8String
+int
+BDecComponentIA5StringTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentIA5String ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentIA5String MatchingComponentOcts
+#define ExtractingComponentIA5String(mem_op, cr,data)	NULL
+#define FreeComponentIA5String FreeComponentOcts
+
+
+/*
+ * INTEGER
+ */
+typedef struct ComponentInt {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	int value;
+} ComponentInt;
+
+#define GNOT_NULL(ptr) ((ptr) != NULL)
+int GEncComponentInt (GenBuf *b, ComponentInt *comp_int);
+int GDecComponentInt ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode );
+int BDecComponentInt ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentInt (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentInt(mem_op, cr,data)	NULL
+#define FreeComponentInt(v) NULL
+
+/*
+ * LIST Data Structure for C_LIST
+ */
+typedef struct ComponentList {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnList comp_list;
+} ComponentList;
+
+/*
+ * NULL
+ */
+typedef struct ComponentNull {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnNull value;
+} ComponentNull;
+
+int GEncComponentNull (GenBuf *b, ComponentNull* comp_null);
+int GDecComponentNull ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentNull ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentNullTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int MatchingComponentNull (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentNull(mem_op, cr, data)	NULL
+#define FreeComponentNull NULL
+
+/*
+ * Numeric String
+ */
+typedef struct ComponentNumericString {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	NumericString value;
+} ComponentNumericString;
+
+#define GEncComponentNumericString GEncComponentUTF8String
+#define GDecComponentNumericString GDecComponentUTF8String
+int BDecComponentNumericString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentNumericString MatchingComponentOcts
+#define ExtractingComponentNumericString(mem_op, cr,data)	NULL
+#define FreeComponentNumericString FreeComponentOcts
+
+/*
+ * OCTETS STRING
+ */
+typedef struct ComponentOcts {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnOcts value;
+} ComponentOcts;
+
+#define GASNOCTS_PRESENT(aocts) ((aocts)->value.octs != NULL)
+int GEncComponentOcts (GenBuf *b, ComponentOcts *octs);
+int GDecComponentOcts (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentOctsTag ( void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentOcts (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentOcts (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentOcts(mem_op,cr,data)	NULL
+void FreeComponentOcts( ComponentOcts* octs );
+
+/*
+ * OID (Object Identifier)
+ */
+typedef struct ComponentOid {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnOid value;
+} ComponentOid;
+
+#define GASNOID_PRESENT(aoid) ASNOCTS_PRESENT(aoid)
+int GEncComponentOid (GenBuf *b, ComponentOid *oid);
+int GDecComponentOid (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentOid (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentOid(mem_op, cr, data)	NULL
+#define FreeComponentOid FreeComponentOcts
+
+/*
+ * Printable String
+ */
+typedef struct ComponentPrintableString{
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	PrintableString value;
+} ComponentPrintableString;
+#define GEncComponentPrintableString GEncComponentUTF8String
+#define GDecComponentPrintableString GDecComponentUTF8String
+int BDecComponentPrintableString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentPrintableStringTag (void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+#define MatchingComponentPrintableString MatchingComponentOcts
+#define ExtractingComponentPrintableString(mem_op, cr, data)	NULL
+#define FreeComponentPrintableString FreeComponentOcts
+
+/*
+ * REAL
+ */
+typedef struct ComponentReal{
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnReal value;
+} ComponentReal;
+
+int GEncComponentReal (GenBuf *b, ComponentReal* comp_real);
+int GDecComponentReal (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentReal (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentReal (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentReal( mem_op, cr, data )	NULL
+#define FreeComponentReal(v) NULL
+
+/*
+ * Relative OID
+ */
+
+typedef struct ComponentRelativeOid {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	AsnRelativeOid value;
+} ComponentRelativeOid;
+
+int GEncComponentRelativeOid (GenBuf *b, ComponentRelativeOid *r_oid);
+int GDecComponentRelativeOid ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentRelativeOid ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentRelativeOid (char* oid, ComponentSyntaxInfo *a, ComponentSyntaxInfo *b);
+#define ExtractingComponentRelativeOid( mem_op, cr, data ) NULL
+#define FreeComponentRelativeOid FreeComponentOid
+
+/*
+ * Teletex String
+ */
+typedef struct ComponentTeletexString {
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	TeletexString value;
+} ComponentTeletexString;
+
+int GEncComponentTeletexString (GenBuf *b, ComponentTeletexString * tel_str);
+int GDecComponentTeletexString ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode );
+int BDecComponentTeletexStringTag (void* mem_op, GenBuf *b, void *v, AsnLen *bytesDecoded, int mode );
+int BDecComponentTeletexString( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *v, AsnLen *bytesDecoded, int mode );
+#define MatchingComponentTeletexString MatchingComponentOcts
+#define ExtractingComponentTeletexString(mem_op,cr,data)
+#define FreeComponentTeletexString FreeComponentOcts
+
+
+/*
+ * Universal String
+ */
+typedef struct ComponentUniversalString{
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	UniversalString value;
+} ComponentUniversalString;
+
+int GEncComponentUniversalString (GenBuf *b, ComponentUniversalString* uni_str);
+int GDecComponentUniversalString ( void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentUniversalString ( void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentUniversalString MatchingComponentOcts
+#define ExtractingComponentUniversalString(mem_op,cr,data)
+#define FreeComponentUniversalString FreeComponentOcts
+
+/*
+ * UTF8 String
+ */
+typedef struct ComponentUTF8String{
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	UTF8String value;
+} ComponentUTF8String;
+
+int GEncComponentUTF8String (GenBuf *b, ComponentUTF8String * utf_str);
+int GDecComponentUTF8String (void* mem_op, GenBuf *b, void *result, AsnLen *bytesDecoded, int mode);
+int BDecComponentUTF8String (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentUTF8String MatchingComponentOcts
+#define ExtractingComponentUTF8String(mem_op,cr,data)
+#define FreeComponentUTF8String FreeComponentOcts
+
+/*
+ * Visible String
+ */
+typedef struct ComponentVisibleString{
+	void* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	VisibleString value;
+} ComponentVisibleString;
+
+#define GEncComponentVisibleString GEncComponentUTF8String
+#define GDecComponentVisibleString GDecComponentUTF8String
+int BDecComponentVisibleString (void* mem_op, GenBuf *b, AsnTag tagId, AsnLen len, void *result, AsnLen *bytesDecoded, int mode);
+#define MatchingComponentVisibleString MatchingComponentOcts
+#define ExtractingComponentVisibleString(mem_op,cr,data)
+#define FreeComponentVisibleString FreeComponentOcts
+
+/*
+ * ANY and ANY DEFINED BY
+ */
+
+typedef int (*MatchFcn) (char*, void*, void*);
+typedef void* (*ExtractFcn) (void*, ComponentReference*, void * );
+
+typedef struct ComponentAnyInfo
+{
+	int		anyId;
+	AsnOid		oid;
+	ComponentInt	intId;
+	unsigned int	size;
+	EncodeFcn	Encode;
+	gser_decoder_func* GSER_Decode;
+	ber_tag_decoder_func* BER_Decode;
+	ExtractFcn	Extract;
+	MatchFcn	Match;
+	FreeFcn		Free;
+	PrintFcn	Print;
+} ComponentAnyInfo;
+
+typedef struct ComponentAnyInfo OidDecoderMapping ;
+
+typedef struct ComponentAny{
+	void*		syntax;
+	ComponentDesc	*comp_desc;
+	struct berval	identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentAnyInfo	*cai;
+	void		*value;
+} ComponentAny;
+
+typedef ComponentAny ComponentAnyDefinedBy;
+
+#define BDecComponentAnyDefinedBy BDecComponentAny
+#define GDecComponentAnyDefinedBy GDecComponentAny
+#define MatchingComponentAnyDefinedBy MatchingComponentAny
+#define FreeComponentAnyDefinedBy FreeComponentAny
+
+int GEncComponentAny (GenBuf *b, ComponentAny *comp_any);
+int BDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
+int GDecComponentAny ( void* mem_op, GenBuf *b, ComponentAny *result, AsnLen *bytesDecoded, int mode);
+int MatchingComponentAny (char* oid, ComponentAny *a, ComponentAny *b);
+void FreeComponentAny ( ComponentAny*);
+
+void InstallAnyByComponentInt (int anyId, ComponentInt intId, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
+
+void InstallAnyByComponentOid (int anyId, AsnOid *oid, unsigned int size, EncodeFcn encode, gser_decoder_func* G_decode, ber_tag_decoder_func* B_decode, ExtractFcn extract, MatchFcn match, FreeFcn free, PrintFcn print);
+
+int CheckSelectTypeCorrect ( void* mem_op, ComponentAnyInfo *v, struct berval* select );
+
+OidDecoderMapping* RetrieveOidDecoderMappingbyBV( struct berval* in );
+OidDecoderMapping* RetrieveOidDecoderMappingbyOid( char* ch_oid, int oid_len );
+OidDecoderMapping* RetrieveOidDecoderMappingbyDesc( char* desc, int desc_len );
+/*
+ * UTCTime
+ */
+typedef ComponentVisibleString ComponentUTCTime;
+#define GEncComponentUTCTime GEncComponentUTF8String 
+#define GDecComponentUTCTime GDecComponentVisibleString
+#define BDecComponentUTCTime BDecComponentOcts
+#define MatchingComponentUTCTime MatchingComponentOcts
+#define ExtractingComponentUTCTime(mem_op,cr,data) NULL
+#define FreeComponentUTCTime FreeComponentOcts
+
+/*
+ * GeneralizedTime
+ */
+typedef ComponentVisibleString ComponentGeneralizedTime;
+int GEncComponentGeneralizedTime (GenBuf *b, ComponentGeneralizedTime *gen_time);
+#define GDecComponentGeneralizedTime GDecComponentVisibleString
+#define BDecComponentGeneralizedTime BDecComponentOcts
+#define MatchingComponentGeneralizedTime MatchingComponentOcts
+#define ExtractingComponentGeneralizedTime(mem_op,cr,data) NULL
+#define FreeComponentGeneralizedTime FreeComponentOcts
+
+typedef int converter_func LDAP_P ((
+	struct berval* in ));
+
+typedef struct asntype_to_syntax {
+	AsnTypeId	ats_typeId;
+	/* Syntax Descriptor */
+	char		*ats_syn_name;
+	/* Syntax OID */
+	char		*ats_syn_oid;
+	Syntax		*ats_syn;
+} AsnTypetoSyntax;
+
+typedef struct asntype_to_comp_matchingrule {
+	AsnTypeId	atc_typeId;
+	char*	atc_equality;
+	char*	atc_approx;
+	char*	atc_ordering;
+	char*	atc_substr;
+} AsnTypetoCompMatchingRule;
+
+typedef struct asntype_to_comp_desc {
+	AsnTypeId	atcd_typeId;
+	ComponentDesc	atcd_cd;
+} AsnTypetoCompDesc;
+
+typedef struct asntype_to_comp_type {
+	AsnTypeId	ac_asn_id;
+	ComponentType   ac_comp_type;
+} AsnTypetoCompType;
+
+/* refined matching purpose */
+typedef struct asntype_to_matchingrule {
+	AsnTypeId	atmr_typeId;
+	char*		atmr_mr_name;
+	/*Implicitly corresponding LDAP syntax OID*/
+	char*		atmr_syn_oid;
+	MatchingRule	*atmr_mr;
+} AsnTypetoMatchingRule;
+
+typedef struct asntype_to_matchingrule_table {
+	char*	atmr_oid;
+	struct asntype_to_matchingrule atmr_table[ASNTYPE_END];
+	struct asntype_to_matchingrule_table* atmr_table_next;
+} AsnTypetoMatchingRuleTable;
+
+#define MAX_OID_LEN 256
+#define MAX_OD_ENTRY 8
+
+/*
+ * Object Identifier and corresponding Syntax Decoder Table
+ */
+typedef struct OID_Decoder_entry {
+        char            oe_oid[MAX_OID_LEN];
+        gser_decoder_func*   oe_gser_decoder;
+        ber_decoder_func*   oe_ber_decoder;
+	converter_func* oe_converter;
+        struct OID_Decoder_entry*       oe_next;
+        struct OID_Decoder_entry*       oe_prev;
+} OD_entry;
+
+void
+m_convert_asn_to_ldap ( ComponentSyntaxInfo* csi, struct berval* bv);
+int
+m_convert_assert_to_comp ( gser_decoder_func* decoder, struct berval* bv,
+                        ComponentSyntaxInfo** csi, int len, int mode );
+void*
+m_convert_attr_to_comp ( Attribute* a, struct berval* bv );
+
+/*
+ * Decoder Modes
+ * Different operation is required to handle Decoding(2), Extracted Component
+ * decoding(0), ANY DEFINED TYPe(2)
+ * b0 : Component Alloc(yes)
+ *	Constructed type : Component Alloc (Yes)
+ *	Primitive type : Component Alloc (Yes)
+ * 	set to mode 2 in inner decoders
+ * b1 : Component Alloc (No)
+ *	Constructed type : Component Alloc (No)
+ *	Primitive type : Component Alloc (No)
+ *	set to mode 2 in inner decoders
+ * b2 : Default Mode
+ *	Constructed type : Component Alloc (Yes)
+ *	Primitive type : Component Alloc (No)
+ * in addition to above modes, the 4th bit has special meaning,
+ * b4 : if the 4th bit is clear, DecxxxContent is called
+ * b4 : if the 4th bit is set, Decxxx is called, then it is cleared.
+ */
+#define DEC_ALLOC_MODE_0	0x01
+#define DEC_ALLOC_MODE_1	0x02
+#define DEC_ALLOC_MODE_2	0x04
+#define CALL_TAG_DECODER	0x08
+#define CALL_CONTENT_DECODER	~0x08
+
+#define OID_ALL_COMP_MATCH "1.2.36.79672281.1.13.6"
+#define OID_COMP_FILTER_MATCH "1.2.36.79672281.1.13.2"
+#define MAX_LDAP_STR_LEN 128
+
+MatchingRule*
+retrieve_matching_rule( char* mr_oid, AsnTypeId type );
+
+#define INITIAL_DN_SIZE 128
+#define INITIAL_ATTR_SIZE 256
+#define INCREMENT_SIZE 32
+/*
+ * The following are for conversion from ASN.1 RDN and DN to
+ * LDAP encodings
+ */
+#define MAX_ALIASING_ENTRY 128
+int increment_bv_mem ( struct berval* in );
+int intToAscii ( int value, char* buf );
+typedef ComponentList irRDNSequence;
+typedef ComponentList irRelativeDistinguishedName;
+typedef ComponentOid irAttributeType;
+typedef struct comp_irAttributeTypeAndValue /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	irAttributeType type; /* AttributeType */
+	ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} irAttributeTypeAndValue;
+#define RDN_MATCH_OID "1.2.36.79672281.1.13.3"
+#define DN_MATCH_OID "2.5.13.1"
+
+extern AsnTypetoSyntax asn_to_syntax_mapping_tbl[];
+extern AsnTypetoCompMatchingRule asntype_to_compMR_mapping_tbl[];
+extern AsnTypetoCompType asntype_to_compType_mapping_tbl[];
+extern AsnTypetoCompDesc asntype_to_compdesc_mapping_tbl[];
+
+int ConvertRDN2RFC2253 ( irRelativeDistinguishedName* in, struct berval *out );
+int ConvertRDNSequence2RFC2253( irRDNSequence *in, struct berval* out );
+	
+void* comp_nibble_memory_allocator ( int init_mem, int inc_mem );
+
+ComponentDesc* get_ComponentDesc( int id );
+#endif
diff --git a/contrib/slapd-modules/comp_match/crl.c b/contrib/slapd-modules/comp_match/crl.c
new file mode 100644
index 0000000..abd82cd
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/crl.c
@@ -0,0 +1,1294 @@
+/*
+ *    crl.c
+ *    "CertificateRevokationList" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Fri Jan 21 11:25:24 2005
+ *    The generated files are supposed to be compiled as a module for OpenLDAP Software
+ */
+
+#include "crl.h"
+
+BDecComponentCertificateListTop( void* mem_op, GenBuf* b, void *v, AsnLen* bytesDecoded,int mode) {
+	AsnTag tag;
+	AsnLen elmtLen;
+
+	tag = BDecTag ( b, bytesDecoded );
+	elmtLen = BDecLen ( b, bytesDecoded );
+	if ( elmtLen <= 0 ) return (-1);
+	if ( tag != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE) ) {
+		return (-1);
+	}
+		
+	return BDecComponentCertificateList( mem_op, b, tag, elmtLen, ( ComponentCertificateList**)v, (AsnLen*)bytesDecoded, mode );
+}
+
+
+void init_module_CertificateRevokationList() {
+	InstallOidDecoderMapping( "2.5.4.39", NULL,
+		GDecComponentCertificateList,
+		BDecComponentCertificateListTop,
+		ExtractingComponentCertificateList,
+		MatchingComponentCertificateList);
+}
+
+int
+MatchingComponentTBSCertListSeqOfSeq ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentCertificateSerialNumber ( oid, (ComponentSyntaxInfo*)&((ComponentTBSCertListSeqOfSeq*)csi_attr)->userCertificate, (ComponentSyntaxInfo*)&((ComponentTBSCertListSeqOfSeq*)csi_assert)->userCertificate );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_attr)->revocationDate, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_assert)->revocationDate );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	if(COMPONENTNOT_NULL( ((ComponentTBSCertListSeqOfSeq*)csi_attr)->crlEntryExtensions ) ) {
+	rc =	MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_attr)->crlEntryExtensions, (ComponentSyntaxInfo*)((ComponentTBSCertListSeqOfSeq*)csi_assert)->crlEntryExtensions );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentTBSCertListSeqOfSeq */
+
+void*
+ExtractingComponentTBSCertListSeqOfSeq ( void* mem_op, ComponentReference* cr, ComponentTBSCertListSeqOfSeq *comp )
+{
+
+	if ( ( comp->userCertificate.identifier.bv_val && strncmp(comp->userCertificate.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->userCertificate.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->userCertificate;
+		else
+		return NULL;
+	}
+	if ( ( comp->revocationDate->identifier.bv_val && strncmp(comp->revocationDate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->revocationDate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->revocationDate;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTime ( mem_op, cr, comp->revocationDate );
+		}
+	}
+	if ( ( comp->crlEntryExtensions->identifier.bv_val && strncmp(comp->crlEntryExtensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->crlEntryExtensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->crlEntryExtensions;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentExtensions ( mem_op, cr, comp->crlEntryExtensions );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentTBSCertListSeqOfSeq */
+
+int
+BDecComponentTBSCertListSeqOfSeq PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertListSeqOfSeq **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentTBSCertListSeqOfSeq *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentCertificateSerialNumber (mem_op, b, tagId1, elmtLen1, (&k->userCertificate), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->userCertificate)->identifier.bv_val = (&k->userCertificate)->id_buf;
+		(&k->userCertificate)->identifier.bv_len = strlen("userCertificate");
+		strcpy( (&k->userCertificate)->identifier.bv_val, "userCertificate");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+     (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+    (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->revocationDate), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->revocationDate)->identifier.bv_val = (k->revocationDate)->id_buf;
+		(k->revocationDate)->identifier.bv_len = strlen("revocationDate");
+		strcpy( (k->revocationDate)->identifier.bv_val, "revocationDate");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+    else
+        return -1;
+
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentExtensions (mem_op, b, tagId1, elmtLen1, (&k->crlEntryExtensions), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->crlEntryExtensions)->identifier.bv_val = (k->crlEntryExtensions)->id_buf;
+		(k->crlEntryExtensions)->identifier.bv_len = strlen("crlEntryExtensions");
+		strcpy( (k->crlEntryExtensions)->identifier.bv_val, "crlEntryExtensions");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertListSeqOfSeq*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOfSeq) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOfSeq ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOfSeq ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOfSeq;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOfSeq;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecTBSCertListSeqOfSeq*/
+
+int
+GDecComponentTBSCertListSeqOfSeq PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertListSeqOfSeq **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentTBSCertListSeqOfSeq *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "userCertificate", strlen("userCertificate") ) == 0 ) {
+		rc = 	GDecComponentCertificateSerialNumber (mem_op, b, (&k->userCertificate), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->userCertificate)->identifier.bv_val = peek_head;
+	(&k->userCertificate)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "revocationDate", strlen("revocationDate") ) == 0 ) {
+		rc = 	GDecComponentTime (mem_op, b, (&k->revocationDate), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->revocationDate)->identifier.bv_val = peek_head;
+	( k->revocationDate)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "crlEntryExtensions", strlen("crlEntryExtensions") ) == 0 ) {
+		rc = 	GDecComponentExtensions (mem_op, b, (&k->crlEntryExtensions), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->crlEntryExtensions)->identifier.bv_val = peek_head;
+	( k->crlEntryExtensions)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertListSeqOfSeq*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOfSeq) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOfSeq ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOfSeq ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOfSeq;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOfSeq;
+	return LDAP_SUCCESS;
+}  /* GDecTBSCertListSeqOfSeq*/
+
+
+int
+MatchingComponentTBSCertListSeqOf ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+	void* component1, *component2;
+	AsnList *v1, *v2, t_list;
+
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	v1 = &((ComponentTBSCertListSeqOf*)csi_attr)->comp_list;
+	v2 = &((ComponentTBSCertListSeqOf*)csi_assert)->comp_list;
+	FOR_EACH_LIST_PAIR_ELMT(component1, component2, v1, v2)
+	{
+		if( MatchingComponentTBSCertListSeqOfSeq(oid, (ComponentSyntaxInfo*)component1, (ComponentSyntaxInfo*)component2) == LDAP_COMPARE_FALSE) {
+			return LDAP_COMPARE_FALSE;
+		}
+	} /* end of for */
+
+	AsnListFirst( v1 );
+	AsnListFirst( v2 );
+	if( (!component1 && component2) || (component1 && !component2))
+		return LDAP_COMPARE_FALSE;
+	else
+		return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentTBSCertListSeqOfContent */
+
+void*
+ExtractingComponentTBSCertListSeqOf ( void* mem_op, ComponentReference* cr, ComponentTBSCertListSeqOf *comp )
+{
+	int count = 0;
+	int total;
+	AsnList *v = &comp->comp_list;
+	ComponentInt *k;
+	ComponentTBSCertListSeqOfSeq *component;
+
+
+	switch ( cr->cr_curr->ci_type ) {
+	case LDAP_COMPREF_FROM_BEGINNING :
+		count = cr->cr_curr->ci_val.ci_from_beginning;
+		FOR_EACH_LIST_ELMT( component , v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL )
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentTBSCertListSeqOfSeq ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_FROM_END :
+		total = AsnListCount ( v );
+		count = cr->cr_curr->ci_val.ci_from_end;
+		count = total + count +1;
+		FOR_EACH_LIST_ELMT ( component, v ) {
+			if( --count == 0 ) {
+				if( cr->cr_curr->ci_next == NULL ) 
+					return component;
+				else {
+					cr->cr_curr = cr->cr_curr->ci_next;
+					return 	ExtractingComponentTBSCertListSeqOfSeq ( mem_op, cr, component );
+				}
+			}
+		}
+		break;
+	case LDAP_COMPREF_ALL :
+		return comp;
+	case LDAP_COMPREF_COUNT :
+		k = (ComponentInt*)CompAlloc( mem_op, sizeof(ComponentInt));
+		k->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+		k->comp_desc->cd_tag = (-1);
+		k->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentInt;
+		k->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentInt;
+		k->comp_desc->cd_extract_i = (extract_component_from_id_func*)NULL;
+		k->comp_desc->cd_type = ASN_BASIC;
+		k->comp_desc->cd_type_id = BASICTYPE_INTEGER;
+		k->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentInt;
+		k->value = AsnListCount(v);
+		return k;
+	default :
+		return NULL;
+	}
+}  /* ExtractingComponentTBSCertListSeqOf */
+
+int
+BDecComponentTBSCertListSeqOf PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertListSeqOf **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentTBSCertListSeqOf *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit(&k->comp_list,sizeof(ComponentTBSCertListSeqOfSeq));
+    for (totalElmtsLen1 = 0; (totalElmtsLen1 < elmtLen0) || (elmtLen0 == INDEFINITE_LEN);)
+    {
+        ComponentTBSCertListSeqOfSeq **tmpVar;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if ((tagId1 == EOC_TAG_ID) && (elmtLen0 == INDEFINITE_LEN))
+    {
+        BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+        break; /* got EOC so can exit this SET OF/SEQ OF's for loop*/
+    }
+    if ((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE)))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+    tmpVar = (ComponentTBSCertListSeqOfSeq**) CompAsnListAppend (mem_op,&k->comp_list);
+	rc = BDecComponentTBSCertListSeqOfSeq (mem_op, b, tagId1, elmtLen1, tmpVar, &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+    }  /* end of tag check if */
+    else  /* wrong tag */
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+    } /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertListSeqOf*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOf) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOf ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOf ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOf;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOf;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecTBSCertListSeqOfContent */
+
+int
+GDecComponentTBSCertListSeqOf PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertListSeqOf **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentTBSCertListSeqOf *k,*t, c_temp;
+
+
+	int ElmtsLen1;
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	AsnListInit( &k->comp_list, sizeof( ComponentTBSCertListSeqOfSeq ) );
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_PEEK)) ){
+		Asn1Error("Error during Reading { in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	for (ElmtsLen1 = 0; ElmtsLen1 >= INDEFINITE_LEN; ElmtsLen1++)
+	{
+		ComponentTBSCertListSeqOfSeq **tmpVar;
+		if( !(strLen = LocateNextGSERToken(mem_op,b, &peek_head, GSER_NO_COPY)) ){
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		if(*peek_head == '}') break;
+		if( !(*peek_head == '{' || *peek_head ==',') ) {
+			return LDAP_PROTOCOL_ERROR;
+		}
+		tmpVar = (ComponentTBSCertListSeqOfSeq**) CompAsnListAppend (mem_op, &k->comp_list);
+		if ( tmpVar == NULL ) {
+			Asn1Error("Error during Reading{ in encoding");
+			return LDAP_PROTOCOL_ERROR;
+		}
+		rc = 	GDecComponentTBSCertListSeqOfSeq (mem_op, b, tmpVar, bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	} /* end of for */
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertListSeqOf*) CompAlloc( mem_op, sizeof(ComponentTBSCertListSeqOf) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertListSeqOf ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertListSeqOf ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertListSeqOf;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertListSeqOf;
+	return LDAP_SUCCESS;
+}  /* GDecTBSCertListSeqOfContent */
+
+int
+MatchingComponentTBSCertList ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->version ) ) {
+	rc =	MatchingComponentVersion ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->version, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->version );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	rc =	MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->signature, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->signature );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentName ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->issuer, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->issuer );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->thisUpdate, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->thisUpdate );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->nextUpdate ) ) {
+	rc =	MatchingComponentTime ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->nextUpdate, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->nextUpdate );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	rc =	MatchingComponentTBSCertListSeqOf ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->revokedCertificates, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->revokedCertificates );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	if(COMPONENTNOT_NULL( ((ComponentTBSCertList*)csi_attr)->crlExtensions ) ) {
+	rc =	MatchingComponentExtensions ( oid, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_attr)->crlExtensions, (ComponentSyntaxInfo*)((ComponentTBSCertList*)csi_assert)->crlExtensions );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	}
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentTBSCertList */
+
+void*
+ExtractingComponentTBSCertList ( void* mem_op, ComponentReference* cr, ComponentTBSCertList *comp )
+{
+
+	if ( ( comp->version->identifier.bv_val && strncmp(comp->version->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->version->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->version;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentVersion ( mem_op, cr, comp->version );
+		}
+	}
+	if ( ( comp->signature->identifier.bv_val && strncmp(comp->signature->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->signature;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signature );
+		}
+	}
+	if ( ( comp->issuer->identifier.bv_val && strncmp(comp->issuer->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->issuer->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->issuer;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentName ( mem_op, cr, comp->issuer );
+		}
+	}
+	if ( ( comp->thisUpdate->identifier.bv_val && strncmp(comp->thisUpdate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->thisUpdate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->thisUpdate;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTime ( mem_op, cr, comp->thisUpdate );
+		}
+	}
+	if ( ( comp->nextUpdate->identifier.bv_val && strncmp(comp->nextUpdate->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->nextUpdate->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->nextUpdate;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTime ( mem_op, cr, comp->nextUpdate );
+		}
+	}
+	if ( ( comp->revokedCertificates->identifier.bv_val && strncmp(comp->revokedCertificates->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->revokedCertificates->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->revokedCertificates;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTBSCertListSeqOf ( mem_op, cr, comp->revokedCertificates );
+		}
+	}
+	if ( ( comp->crlExtensions->identifier.bv_val && strncmp(comp->crlExtensions->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->crlExtensions->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->crlExtensions;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentExtensions ( mem_op, cr, comp->crlExtensions );
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentTBSCertList */
+
+int
+BDecComponentTBSCertList PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentTBSCertList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	AsnLen totalElmtsLen2 = 0;
+	AsnLen elmtLen2;
+	AsnTag tagId2;
+	int old_mode = mode;
+	int rc;
+	ComponentTBSCertList *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, INTEGER_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentVersion (mem_op, b, tagId1, elmtLen1, (&k->version), &totalElmtsLen1, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->version)->identifier.bv_val = (k->version)->id_buf;
+		(k->version)->identifier.bv_len = strlen("version");
+		strcpy( (k->version)->identifier.bv_val, "version");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->signature)->identifier.bv_val = (k->signature)->id_buf;
+		(k->signature)->identifier.bv_len = strlen("signature");
+		strcpy( (k->signature)->identifier.bv_val, "signature");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentName (mem_op, b, tagId1, elmtLen1, (&k->issuer), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->issuer)->identifier.bv_val = (k->issuer)->id_buf;
+		(k->issuer)->identifier.bv_len = strlen("issuer");
+		strcpy( (k->issuer)->identifier.bv_val, "issuer");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+     (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+    (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->thisUpdate), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->thisUpdate)->identifier.bv_val = (k->thisUpdate)->id_buf;
+		(k->thisUpdate)->identifier.bv_len = strlen("thisUpdate");
+		strcpy( (k->thisUpdate)->identifier.bv_val, "thisUpdate");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, UTCTIME_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, UTCTIME_TAG_CODE)) ||
+     (tagId1 ==MAKE_TAG_ID (UNIV, PRIM, GENERALIZEDTIME_TAG_CODE))||
+    (tagId1 == MAKE_TAG_ID (UNIV, CONS, GENERALIZEDTIME_TAG_CODE))))
+    {
+        elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTime (mem_op, b, tagId1, elmtLen1, (&k->nextUpdate), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->nextUpdate)->identifier.bv_val = (k->nextUpdate)->id_buf;
+		(k->nextUpdate)->identifier.bv_len = strlen("nextUpdate");
+		strcpy( (k->nextUpdate)->identifier.bv_val, "nextUpdate");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTBSCertListSeqOf (mem_op, b, tagId1, elmtLen1, (&k->revokedCertificates), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->revokedCertificates)->identifier.bv_val = (k->revokedCertificates)->id_buf;
+		(k->revokedCertificates)->identifier.bv_len = strlen("revokedCertificates");
+		strcpy( (k->revokedCertificates)->identifier.bv_val, "revokedCertificates");
+    if ((elmtLen0 != INDEFINITE_LEN) && (totalElmtsLen1 == elmtLen0))
+        seqDone = TRUE;
+    else
+    {
+        tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+         if ((elmtLen0 == INDEFINITE_LEN) && (tagId1 == EOC_TAG_ID))
+        {
+            BDEC_2ND_EOC_OCTET (b, &totalElmtsLen1 )
+            seqDone = TRUE;
+        }
+    }
+    }
+    else
+        return -1;
+
+
+
+    if ((!seqDone) && ((tagId1 == MAKE_TAG_ID (CNTX, CONS, 0))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+        tagId2 = BDecTag (b, &totalElmtsLen1 );
+
+    if (tagId2 != MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))
+    {
+         Asn1Error ("Unexpected Tag\n");
+         return -1;
+    }
+
+    elmtLen2 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentExtensions (mem_op, b, tagId2, elmtLen2, (&k->crlExtensions), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->crlExtensions)->identifier.bv_val = (k->crlExtensions)->id_buf;
+		(k->crlExtensions)->identifier.bv_len = strlen("crlExtensions");
+		strcpy( (k->crlExtensions)->identifier.bv_val, "crlExtensions");
+	if (elmtLen1 == INDEFINITE_LEN)
+        BDecEoc (b, &totalElmtsLen1 );
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertList*) CompAlloc( mem_op, sizeof(ComponentTBSCertList) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertList ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertList ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertList;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertList;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecTBSCertList*/
+
+int
+GDecComponentTBSCertList PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentTBSCertList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentTBSCertList *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "version", strlen("version") ) == 0 ) {
+		rc = 	GDecComponentVersion (mem_op, b, (&k->version), bytesDecoded, DEC_ALLOC_MODE_0 );
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->version)->identifier.bv_val = peek_head;
+	( k->version)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+		rc = 	GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signature), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->signature)->identifier.bv_val = peek_head;
+	( k->signature)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "issuer", strlen("issuer") ) == 0 ) {
+		rc = 	GDecComponentName (mem_op, b, (&k->issuer), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->issuer)->identifier.bv_val = peek_head;
+	( k->issuer)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "thisUpdate", strlen("thisUpdate") ) == 0 ) {
+		rc = 	GDecComponentTime (mem_op, b, (&k->thisUpdate), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->thisUpdate)->identifier.bv_val = peek_head;
+	( k->thisUpdate)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "nextUpdate", strlen("nextUpdate") ) == 0 ) {
+		rc = 	GDecComponentTime (mem_op, b, (&k->nextUpdate), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->nextUpdate)->identifier.bv_val = peek_head;
+	( k->nextUpdate)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "revokedCertificates", strlen("revokedCertificates") ) == 0 ) {
+		rc = 	GDecComponentTBSCertListSeqOf (mem_op, b, (&k->revokedCertificates), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->revokedCertificates)->identifier.bv_val = peek_head;
+	( k->revokedCertificates)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "crlExtensions", strlen("crlExtensions") ) == 0 ) {
+		rc = 	GDecComponentExtensions (mem_op, b, (&k->crlExtensions), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->crlExtensions)->identifier.bv_val = peek_head;
+	( k->crlExtensions)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentTBSCertList*) CompAlloc( mem_op, sizeof(ComponentTBSCertList) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentTBSCertList ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentTBSCertList ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentTBSCertList;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentTBSCertList;
+	return LDAP_SUCCESS;
+}  /* GDecTBSCertList*/
+
+
+int
+MatchingComponentCertificateList ( char* oid, ComponentSyntaxInfo* csi_attr, ComponentSyntaxInfo* csi_assert ) {
+	int rc;
+	MatchingRule* mr;
+
+	if ( oid ) {
+		mr = retrieve_matching_rule( oid, csi_attr->csi_comp_desc->cd_type_id);
+		if ( mr ) return component_value_match( mr, csi_attr, csi_assert );
+	}
+
+	rc = 1;
+	rc =	MatchingComponentTBSCertList ( oid, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_attr)->tbsCertList, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_assert)->tbsCertList );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentAlgorithmIdentifier ( oid, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_attr)->signatureAlgorithm, (ComponentSyntaxInfo*)((ComponentCertificateList*)csi_assert)->signatureAlgorithm );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	rc =	MatchingComponentBits ( oid, (ComponentSyntaxInfo*)&((ComponentCertificateList*)csi_attr)->signature, (ComponentSyntaxInfo*)&((ComponentCertificateList*)csi_assert)->signature );
+	if ( rc != LDAP_COMPARE_TRUE )
+		return rc;
+	return LDAP_COMPARE_TRUE;
+}  /* BMatchingComponentCertificateList */
+
+void*
+ExtractingComponentCertificateList ( void* mem_op, ComponentReference* cr, ComponentCertificateList *comp )
+{
+
+	if ( ( comp->tbsCertList->identifier.bv_val && strncmp(comp->tbsCertList->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->tbsCertList->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->tbsCertList;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentTBSCertList ( mem_op, cr, comp->tbsCertList );
+		}
+	}
+	if ( ( comp->signatureAlgorithm->identifier.bv_val && strncmp(comp->signatureAlgorithm->identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signatureAlgorithm->id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+			return comp->signatureAlgorithm;
+		else {
+			cr->cr_curr = cr->cr_curr->ci_next;
+			return 	ExtractingComponentAlgorithmIdentifier ( mem_op, cr, comp->signatureAlgorithm );
+		}
+	}
+	if ( ( comp->signature.identifier.bv_val && strncmp(comp->signature.identifier.bv_val, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) || ( strncmp(comp->signature.id_buf, cr->cr_curr->ci_val.ci_identifier.bv_val,cr->cr_curr->ci_val.ci_identifier.bv_len) == 0 ) ) {
+		if ( cr->cr_curr->ci_next == NULL )
+		return &comp->signature;
+	else if ( cr->cr_curr->ci_next->ci_type == LDAP_COMPREF_CONTENT) {
+			cr->cr_curr = cr->cr_curr->ci_next;
+		return &comp->signature;
+	 } else {
+		return NULL;
+		}
+	}
+	return NULL;
+}  /* ExtractingComponentCertificateList */
+
+int
+BDecComponentCertificateList PARAMS ((b, tagId0, elmtLen0, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+AsnTag tagId0 _AND_
+AsnLen elmtLen0 _AND_
+ComponentCertificateList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	int seqDone = FALSE;
+	AsnLen totalElmtsLen1 = 0;
+	AsnLen elmtLen1;
+	AsnTag tagId1;
+	int mandatoryElmtCount1 = 0;
+	int old_mode = mode;
+	int rc;
+	ComponentCertificateList *k, *t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+    tagId1 = BDecTag (b, &totalElmtsLen1 );
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentTBSCertList (mem_op, b, tagId1, elmtLen1, (&k->tbsCertList), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->tbsCertList)->identifier.bv_val = (k->tbsCertList)->id_buf;
+		(k->tbsCertList)->identifier.bv_len = strlen("tbsCertList");
+		strcpy( (k->tbsCertList)->identifier.bv_val, "tbsCertList");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, CONS, SEQ_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentAlgorithmIdentifier (mem_op, b, tagId1, elmtLen1, (&k->signatureAlgorithm), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(k->signatureAlgorithm)->identifier.bv_val = (k->signatureAlgorithm)->id_buf;
+		(k->signatureAlgorithm)->identifier.bv_len = strlen("signatureAlgorithm");
+		strcpy( (k->signatureAlgorithm)->identifier.bv_val, "signatureAlgorithm");
+    tagId1 = BDecTag (b, &totalElmtsLen1);
+    }
+    else
+        return -1;
+
+
+
+    if (((tagId1 == MAKE_TAG_ID (UNIV, PRIM, BITSTRING_TAG_CODE)) ||
+(tagId1 == MAKE_TAG_ID (UNIV, CONS, BITSTRING_TAG_CODE))))
+    {
+    elmtLen1 = BDecLen (b, &totalElmtsLen1 );
+	rc = BDecComponentBits (mem_op, b, tagId1, elmtLen1, (&k->signature), &totalElmtsLen1, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		(&k->signature)->identifier.bv_val = (&k->signature)->id_buf;
+		(&k->signature)->identifier.bv_len = strlen("signature");
+		strcpy( (&k->signature)->identifier.bv_val, "signature");
+        seqDone = TRUE;
+        if (elmtLen0 == INDEFINITE_LEN)
+            BDecEoc (b, &totalElmtsLen1 );
+        else if (totalElmtsLen1 != elmtLen0)
+        return -1;
+
+    }
+    else
+        return -1;
+
+
+
+    if (!seqDone)
+        return -1;
+
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentCertificateList*) CompAlloc( mem_op, sizeof(ComponentCertificateList) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificateList ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificateList ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificateList;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificateList;
+    (*bytesDecoded) += totalElmtsLen1;
+	return LDAP_SUCCESS;
+}  /* BDecCertificateList*/
+
+int
+GDecComponentCertificateList PARAMS (( mem_op,b, v, bytesDecoded, mode),
+void* mem_op _AND_
+GenBuf * b _AND_
+ComponentCertificateList **v _AND_
+AsnLen *bytesDecoded _AND_
+int mode)
+{
+	char* peek_head,*peek_head2;
+	int i, strLen,strLen2, rc, old_mode = mode;
+	ComponentCertificateList *k,*t, c_temp;
+
+
+	if ( !(mode & DEC_ALLOC_MODE_1) ) {
+		memset(&c_temp,0,sizeof(c_temp));
+		 k = &c_temp;
+	} else
+		 k = t = *v;
+	mode = DEC_ALLOC_MODE_2;
+	*bytesDecoded = 0;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '{'){
+		Asn1Error("Missing { in encoded data");
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if ( strncmp( peek_head, "tbsCertList", strlen("tbsCertList") ) == 0 ) {
+		rc = 	GDecComponentTBSCertList (mem_op, b, (&k->tbsCertList), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->tbsCertList)->identifier.bv_val = peek_head;
+	( k->tbsCertList)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signatureAlgorithm", strlen("signatureAlgorithm") ) == 0 ) {
+		rc = 	GDecComponentAlgorithmIdentifier (mem_op, b, (&k->signatureAlgorithm), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	( k->signatureAlgorithm)->identifier.bv_val = peek_head;
+	( k->signatureAlgorithm)->identifier.bv_len = strLen;
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+		Asn1Error("Error during Reading , ");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != ','){
+		Asn1Error("Missing , in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ){
+	  Asn1Error("Error during Reading identifier");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	}
+	if ( strncmp( peek_head, "signature", strlen("signature") ) == 0 ) {
+		rc = 	GDecComponentBits (mem_op, b, (&k->signature), bytesDecoded, mode);
+		if ( rc != LDAP_SUCCESS ) return rc;
+	(&k->signature)->identifier.bv_val = peek_head;
+	(&k->signature)->identifier.bv_len = strLen;
+	}
+	if( !(strLen = LocateNextGSERToken(mem_op,b,&peek_head,GSER_NO_COPY)) ) {
+		Asn1Error("Error during Reading } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if(*peek_head != '}'){
+		Asn1Error("Missing } in encoding");
+		return LDAP_PROTOCOL_ERROR;
+	}
+	if( !(old_mode & DEC_ALLOC_MODE_1) ) {
+	*v = t = (ComponentCertificateList*) CompAlloc( mem_op, sizeof(ComponentCertificateList) );
+	if ( !t ) return -1;
+	*t = *k;
+	}
+	t->syntax = (Syntax*)NULL;
+	t->comp_desc = CompAlloc( mem_op, sizeof( ComponentDesc ) );
+	if ( !t->comp_desc ) {
+		free ( t );
+		return -1;
+	}
+	t->comp_desc->cd_ldap_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_ber_encoder = (encoder_func*)NULL;
+	t->comp_desc->cd_gser_decoder = (gser_decoder_func*)GDecComponentCertificateList ;
+	t->comp_desc->cd_ber_decoder = (ber_decoder_func*)BDecComponentCertificateList ;
+	t->comp_desc->cd_free = (comp_free_func*)NULL;
+	t->comp_desc->cd_extract_i = (extract_component_from_id_func*)ExtractingComponentCertificateList;
+	t->comp_desc->cd_type = ASN_COMPOSITE;
+	t->comp_desc->cd_type_id = COMPOSITE_ASN1_TYPE;
+	t->comp_desc->cd_all_match = (allcomponent_matching_func*)MatchingComponentCertificateList;
+	return LDAP_SUCCESS;
+}  /* GDecCertificateList*/
diff --git a/contrib/slapd-modules/comp_match/crl.h b/contrib/slapd-modules/comp_match/crl.h
new file mode 100644
index 0000000..f2b4a24
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/crl.h
@@ -0,0 +1,359 @@
+
+#include "asn-incl.h"
+/*
+ *    crl.h
+ *    "CertificateRevokationList" ASN.1 module encode/decode/extracting/matching/free C src.
+ *    This file was generated by modified eSMACC compiler Fri Jan 21 11:25:24 2005
+ *    The generated files are strongly encouraged to be
+ *    compiled as a module for OpenLDAP Software
+ */
+
+#ifndef _crl_h_
+#define _crl_h_
+
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#ifdef _WIN32
+#pragma warning( disable : 4101 )
+#endif
+#include "componentlib.h"
+
+#define V1 0
+#define V2 1
+#define V3 2
+
+typedef ComponentInt ComponentVersion; /* INTEGER { V1 (0), V2 (1), V3 (2) }  */
+
+#define MatchingComponentVersion MatchingComponentInt
+
+#define ExtractingComponentVersion ExtractingComponentInt
+
+#define BDecComponentVersion BDecComponentInt
+
+#define GDecComponentVersion GDecComponentInt
+
+
+typedef ComponentInt ComponentCertificateSerialNumber; /* INTEGER */
+
+#define MatchingComponentCertificateSerialNumber MatchingComponentInt
+
+#define ExtractingComponentCertificateSerialNumber ExtractingComponentInt
+
+#define BDecComponentCertificateSerialNumber BDecComponentInt
+
+#define GDecComponentCertificateSerialNumber GDecComponentInt
+
+
+typedef ComponentOid ComponentAttributeType; /* OBJECT IDENTIFIER */
+
+#define MatchingComponentAttributeType MatchingComponentOid
+
+#define ExtractingComponentAttributeType ExtractingComponentOid
+
+#define BDecComponentAttributeType BDecComponentOid
+
+#define GDecComponentAttributeType GDecComponentOid
+
+
+typedef struct AlgorithmIdentifier /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid algorithm; /* OBJECT IDENTIFIER */
+	ComponentAnyDefinedBy parameters; /* ANY DEFINED BY algorithm OPTIONAL */
+} ComponentAlgorithmIdentifier;
+
+int MatchingComponentAlgorithmIdentifier PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAlgorithmIdentifier PROTO (( void* mem_op, ComponentReference *cr, ComponentAlgorithmIdentifier *comp ));
+
+
+int BDecComponentAlgorithmIdentifier PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAlgorithmIdentifier PROTO (( void* mem_op, GenBuf * b, ComponentAlgorithmIdentifier **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Time /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum TimeChoiceId
+    {
+        TIME_UTCTIME,
+        TIME_GENERALIZEDTIME
+    } choiceId;
+    union TimeChoiceUnion
+    {
+	ComponentUTCTime* utcTime; /* < unknown type id ?! > */
+	ComponentGeneralizedTime* generalizedTime; /* < unknown type id ?! > */
+    } a;
+} ComponentTime;
+
+int MatchingComponentTime PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTime PROTO (( void* mem_op, ComponentReference *cr, ComponentTime *comp ));
+
+
+int BDecComponentTime PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTime PROTO (( void* mem_op, GenBuf * b, ComponentTime **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Extension /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentOid extnID; /* OBJECT IDENTIFIER */
+	ComponentBool* critical; /* BOOLEAN DEFAULT FALSE */
+	ComponentOcts extnValue; /* OCTET STRING */
+} ComponentExtension;
+
+int MatchingComponentExtension PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtension PROTO (( void* mem_op, ComponentReference *cr, ComponentExtension *comp ));
+
+
+int BDecComponentExtension PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtension PROTO (( void* mem_op, GenBuf * b, ComponentExtension **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct AttributeTypeAndValue /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentAttributeType type; /* AttributeType */
+	ComponentAnyDefinedBy value; /* ANY DEFINED BY type */
+} ComponentAttributeTypeAndValue;
+
+int MatchingComponentAttributeTypeAndValue PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentAttributeTypeAndValue PROTO (( void* mem_op, ComponentReference *cr, ComponentAttributeTypeAndValue *comp ));
+
+
+int BDecComponentAttributeTypeAndValue PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentAttributeTypeAndValue PROTO (( void* mem_op, GenBuf * b, ComponentAttributeTypeAndValue **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentExtensions; /* SEQUENCE SIZE 1..MAX OF Extension */
+
+int MatchingComponentExtensions PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentExtensions PROTO (( void* mem_op, ComponentReference *cr, ComponentExtensions *comp ));
+
+
+int BDecComponentExtensions PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentExtensions PROTO (( void* mem_op, GenBuf * b, ComponentExtensions **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertListSeqOfSeq /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentCertificateSerialNumber userCertificate; /* CertificateSerialNumber */
+	ComponentTime* revocationDate; /* Time */
+	ComponentExtensions* crlEntryExtensions; /* Extensions OPTIONAL */
+} ComponentTBSCertListSeqOfSeq;
+
+int MatchingComponentTBSCertListSeqOfSeq PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertListSeqOfSeq PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertListSeqOfSeq *comp ));
+
+
+int BDecComponentTBSCertListSeqOfSeq PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertListSeqOfSeq **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertListSeqOfSeq PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertListSeqOfSeq **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentTBSCertListSeqOf; /* SEQUENCE OF TBSCertListSeqOfSeq */
+
+int MatchingComponentTBSCertListSeqOf PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertListSeqOf PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertListSeqOf *comp ));
+
+
+int BDecComponentTBSCertListSeqOf PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertListSeqOf **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertListSeqOf PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertListSeqOf **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRelativeDistinguishedName; /* SET OF AttributeTypeAndValue */
+
+int MatchingComponentRelativeDistinguishedName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRelativeDistinguishedName PROTO (( void* mem_op, ComponentReference *cr, ComponentRelativeDistinguishedName *comp ));
+
+
+int BDecComponentRelativeDistinguishedName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRelativeDistinguishedName PROTO (( void* mem_op, GenBuf * b, ComponentRelativeDistinguishedName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef ComponentList ComponentRDNSequence; /* SEQUENCE OF RelativeDistinguishedName */
+
+int MatchingComponentRDNSequence PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentRDNSequence PROTO (( void* mem_op, ComponentReference *cr, ComponentRDNSequence *comp ));
+
+
+int BDecComponentRDNSequence PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentRDNSequence PROTO (( void* mem_op, GenBuf * b, ComponentRDNSequence **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Name /* CHOICE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+    enum NameChoiceId
+    {
+        NAME_RDNSEQUENCE
+    } choiceId;
+    union NameChoiceUnion
+    {
+	ComponentRDNSequence* rdnSequence; /* RDNSequence */
+    } a;
+} ComponentName;
+
+int MatchingComponentName PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentName PROTO (( void* mem_op, ComponentReference *cr, ComponentName *comp ));
+
+
+int BDecComponentName PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentName PROTO (( void* mem_op, GenBuf * b, ComponentName **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct TBSCertList /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentVersion* version; /* Version OPTIONAL */
+	ComponentAlgorithmIdentifier* signature; /* AlgorithmIdentifier */
+	ComponentName* issuer; /* Name */
+	ComponentTime* thisUpdate; /* Time */
+	ComponentTime* nextUpdate; /* Time OPTIONAL */
+	ComponentTBSCertListSeqOf* revokedCertificates; /* TBSCertListSeqOf */
+	ComponentExtensions* crlExtensions; /* [0] EXPLICIT Extensions OPTIONAL */
+} ComponentTBSCertList;
+
+int MatchingComponentTBSCertList PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentTBSCertList PROTO (( void* mem_op, ComponentReference *cr, ComponentTBSCertList *comp ));
+
+
+int BDecComponentTBSCertList PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentTBSCertList **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentTBSCertList PROTO (( void* mem_op, GenBuf * b, ComponentTBSCertList **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct CertificateList /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentTBSCertList* tbsCertList; /* TBSCertList */
+	ComponentAlgorithmIdentifier* signatureAlgorithm; /* AlgorithmIdentifier */
+	ComponentBits signature; /* BIT STRING */
+} ComponentCertificateList;
+
+int MatchingComponentCertificateList PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentCertificateList PROTO (( void* mem_op, ComponentReference *cr, ComponentCertificateList *comp ));
+
+
+int BDecComponentCertificateList PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentCertificateList **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentCertificateList PROTO (( void* mem_op, GenBuf * b, ComponentCertificateList **v, AsnLen *bytesDecoded, int mode));
+
+
+
+typedef struct Validity /* SEQUENCE */
+{
+	Syntax* syntax;
+	ComponentDesc* comp_desc;
+	struct berval identifier;
+	char id_buf[MAX_IDENTIFIER_LEN];
+	ComponentTime* notBefore; /* Time */
+	ComponentTime* notAfter; /* Time */
+} ComponentValidity;
+
+int MatchingComponentValidity PROTO (( char *oid, ComponentSyntaxInfo *, ComponentSyntaxInfo *v2 ));
+
+
+void* ExtractingComponentValidity PROTO (( void* mem_op, ComponentReference *cr, ComponentValidity *comp ));
+
+
+int BDecComponentValidity PROTO ((void* mem_op, GenBuf * b, AsnTag tagId0, AsnLen elmtLen0, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+int GDecComponentValidity PROTO (( void* mem_op, GenBuf * b, ComponentValidity **v, AsnLen *bytesDecoded, int mode));
+
+
+
+/* ========== Object Declarations ========== */
+
+
+/* ========== Object Set Declarations ========== */
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#endif /* conditional include of crl.h */
diff --git a/contrib/slapd-modules/comp_match/init.c b/contrib/slapd-modules/comp_match/init.c
new file mode 100644
index 0000000..c3ab83c
--- /dev/null
+++ b/contrib/slapd-modules/comp_match/init.c
@@ -0,0 +1,839 @@
+/* Copyright 2004 IBM Corporation
+ * All rights reserved.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ */
+/* ACKNOWLEDGEMENTS
+ * This work originally developed by Sang Seok Lim
+ * 2004/06/18	03:20:00	slim@OpenLDAP.org
+ */
+
+#include "portable.h"
+#include <ac/string.h>
+#include <ac/socket.h>
+#include <ldap_pvt.h>
+#include "lutil.h"
+#include <ldap.h>
+#include "slap.h"
+#include "component.h"
+
+#include "componentlib.h"
+#include "asn.h"
+#include <asn-gser.h>
+
+#include <string.h>
+
+#ifndef SLAPD_COMP_MATCH
+#define SLAPD_COMP_MATCH SLAPD_MOD_DYNAMIC
+#endif
+
+/*
+ * Attribute and MatchingRule aliasing table
+ */
+AttributeAliasing aa_table [ MAX_ALIASING_ENTRY ];
+MatchingRuleAliasing mra_table [ MAX_ALIASING_ENTRY ];
+
+OD_entry* gOD_table = NULL;
+AsnTypetoMatchingRuleTable* gATMR_table = NULL;
+
+int
+load_derived_matching_rule ( char* cfg_path ){
+}
+
+AttributeAliasing*
+comp_is_aliased_attribute( void *in  )
+{
+	AttributeAliasing* curr_aa;
+	int i;
+	AttributeDescription *ad = (AttributeDescription*)in;
+
+	for ( i = 0; aa_table[i].aa_aliasing_ad && i < MAX_ALIASING_ENTRY; i++ ) {
+		if ( strncmp(aa_table[i].aa_aliasing_ad->ad_cname.bv_val , ad->ad_cname.bv_val, ad->ad_cname.bv_len) == 0 )
+			return &aa_table[i];
+	}
+	return NULL;
+}
+
+static int
+add_aa_entry( int index, char* aliasing_at_name, char* aliased_at_name, char* mr_name, char* component_filter )
+{
+	char text[1][128];
+	int rc;
+	struct berval type;
+
+	/* get and store aliasing AttributeDescription */
+	type.bv_val = aliasing_at_name;
+	type.bv_len = strlen ( aliasing_at_name );
+	rc = slap_bv2ad ( &type, &aa_table[index].aa_aliasing_ad,(const char**)text );
+	if ( rc != LDAP_SUCCESS ) return rc;
+
+	/* get and store aliased AttributeDescription */
+	type.bv_val = aliased_at_name;
+	type.bv_len = strlen ( aliased_at_name );
+	rc = slap_bv2ad ( &type, &aa_table[index].aa_aliased_ad,(const char**)text );
+	if ( rc != LDAP_SUCCESS ) return rc;
+
+	/* get and store componentFilterMatch */
+	type.bv_val = mr_name;
+	type.bv_len = strlen ( mr_name);
+	aa_table[index].aa_mr = mr_bvfind ( &type );
+
+	/* get and store a component filter */
+	type.bv_val = component_filter;
+	type.bv_len = strlen ( component_filter );
+	rc = get_comp_filter( NULL, &type, &aa_table[index].aa_cf,(const char**)text);
+
+	aa_table[index].aa_cf_str = component_filter;
+
+	return rc;
+}
+
+/*
+ * Initialize attribute aliasing table when this module is loaded
+ * add_aa_entry ( index for the global table,
+ *                name of the aliasing attribute,
+ *                component filter with filling value parts "xxx"
+ *              )
+ * "xxx" will be replaced with effective values later.
+ * See RFC3687 to understand the content of a component filter.
+ */
+char* pre_processed_comp_filter[] = {
+/*1*/"item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx }",
+/*2*/"item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }",
+/*3*/"and:{ item:{ component \"toBeSigned.serialNumber\", rule integerMatch, value xxx }, item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value xxx } }"
+};
+
+static int
+init_attribute_aliasing_table ()
+{
+	int rc;
+	int index = 0 ;
+
+	rc = add_aa_entry ( index, "x509CertificateIssuer", "userCertificate","componentFilterMatch", pre_processed_comp_filter[index] );
+	if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+	index++;
+
+	rc = add_aa_entry ( index, "x509CertificateSerial","userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
+	if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+	index++;
+
+	rc = add_aa_entry ( index, "x509CertificateSerialAndIssuer", "userCertificate", "componentFilterMatch", pre_processed_comp_filter[index] );
+	if ( rc != LDAP_SUCCESS ) return LDAP_PARAM_ERROR;
+	index++;
+
+	return LDAP_SUCCESS;
+}
+
+void
+init_component_description_table () {
+	AsnTypeId id;
+	struct berval mr;
+	AsnTypetoSyntax* asn_to_syn;
+	Syntax* syn;
+
+	for ( id = BASICTYPE_BOOLEAN; id != ASNTYPE_END ; id++ ) {
+		asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_subtypes = NULL;
+		asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax =  NULL;
+
+		/* Equality Matching Rule */
+		if ( asntype_to_compMR_mapping_tbl[id].atc_equality ) {
+			mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_equality;
+			mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_equality);
+			asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_equality = mr_bvfind( &mr );
+		}
+		/* Approx Matching Rule */
+		if ( asntype_to_compMR_mapping_tbl[id].atc_approx ) {
+			mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_approx;
+			mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_approx);
+			asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_approx = mr_bvfind( &mr );
+		}
+
+		/* Ordering Matching Rule */
+		if ( asntype_to_compMR_mapping_tbl[id].atc_ordering ) {
+			mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_ordering;
+			mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_ordering);
+			asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_ordering= mr_bvfind( &mr );
+		}
+
+		/* Substr Matching Rule */
+		if ( asntype_to_compMR_mapping_tbl[id].atc_substr ) {
+			mr.bv_val = asntype_to_compMR_mapping_tbl[id].atc_substr;
+			mr.bv_len = strlen(asntype_to_compMR_mapping_tbl[id].atc_substr);
+			asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_substr = mr_bvfind( &mr );
+		}
+		/* Syntax */
+
+		asn_to_syn = &asn_to_syntax_mapping_tbl[ id ];
+		if ( asn_to_syn->ats_syn_oid )
+			syn = syn_find ( asn_to_syn->ats_syn_oid );
+		else 
+			syn = NULL;
+		asntype_to_compType_mapping_tbl[id].ac_comp_type.ct_syntax = syn;
+
+		/* Initialize Component Descriptions of primitive ASN.1 types */
+		asntype_to_compdesc_mapping_tbl[id].atcd_cd.cd_comp_type = (AttributeType*)&asntype_to_compType_mapping_tbl[id].ac_comp_type;
+	}
+}
+
+MatchingRule*
+retrieve_matching_rule( char* mr_oid, AsnTypeId type ) {
+	char* tmp;
+	struct berval mr_name = BER_BVNULL;
+	AsnTypetoMatchingRuleTable* atmr;
+
+	for ( atmr = gATMR_table ; atmr ; atmr = atmr->atmr_table_next ) {
+		if ( strcmp( atmr->atmr_oid, mr_oid ) == 0 ) {
+			tmp = atmr->atmr_table[type].atmr_mr_name;
+			if ( tmp ) {
+				mr_name.bv_val = tmp;
+				mr_name.bv_len = strlen( tmp );
+				return mr_bvfind ( &mr_name );
+			}
+		}
+	}
+	return (MatchingRule*)NULL;
+}
+
+void* 
+comp_convert_attr_to_comp LDAP_P (( Attribute* a, Syntax *syn, struct berval* bv ))
+{
+	char* peek_head;
+        int mode, bytesDecoded, size, rc;
+        void* component;
+	char* oid = a->a_desc->ad_type->sat_atype.at_oid ;
+        GenBuf* b = NULL;
+        ExpBuf* buf = NULL;
+	OidDecoderMapping* odm;
+	
+	/* look for the decoder registered for the given attribute */
+	odm = RetrieveOidDecoderMappingbyOid( oid, strlen(oid) );
+
+	if ( !odm || (!odm->BER_Decode && !odm->GSER_Decode) )
+		return (void*)NULL;
+
+	buf = ExpBufAllocBuf();
+	ExpBuftoGenBuf( buf, &b );
+	ExpBufInstallDataInBuf ( buf, bv->bv_val, bv->bv_len );
+	BufResetInReadMode( b );
+
+	mode = DEC_ALLOC_MODE_2;
+	/*
+	 * How can we decide which decoder will be called, GSER or BER?
+	 * Currently BER decoder is called for a certificate.
+	 * The flag of Attribute will say something about it in the future
+	 */
+	if ( syn && slap_syntax_is_ber ( syn ) ) {
+#if 0
+		rc =BDecComponentTop(odm->BER_Decode, a->a_comp_data->cd_mem_op, b, 0,0, &component,&bytesDecoded,mode ) ;
+#endif
+		rc = odm->BER_Decode ( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo*)&component, &bytesDecoded, mode );
+	}
+	else {
+		rc = odm->GSER_Decode( a->a_comp_data->cd_mem_op, b, (ComponentSyntaxInfo**)component, &bytesDecoded, mode);
+	}
+
+	ExpBufFreeBuf( buf );
+	GenBufFreeBuf( b );
+	if ( rc == -1 ) {
+#if 0
+		ShutdownNibbleMemLocal ( a->a_comp_data->cd_mem_op );
+		free ( a->a_comp_data );
+		a->a_comp_data = NULL;
+#endif
+		return (void*)NULL;
+	}
+	else {
+		return component;
+	}
+}
+
+#include <nibble-alloc.h>
+void
+comp_free_component ( void* mem_op ) {
+	ShutdownNibbleMemLocal( (NibbleMem*)mem_op );
+	return;
+}
+
+void
+comp_convert_assert_to_comp (
+	void* mem_op,
+	ComponentSyntaxInfo *csi_attr,
+	struct berval* bv,
+	ComponentSyntaxInfo** csi, int* len, int mode )
+{
+	int rc;
+	GenBuf* genBuf;
+	ExpBuf* buf;
+	gser_decoder_func *decoder = csi_attr->csi_comp_desc->cd_gser_decoder;
+
+	buf = ExpBufAllocBuf();
+	ExpBuftoGenBuf( buf, &genBuf );
+	ExpBufInstallDataInBuf ( buf, bv->bv_val, bv->bv_len );
+	BufResetInReadMode( genBuf );
+
+	if ( csi_attr->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
+		decoder = ((ComponentAny*)csi_attr)->cai->GSER_Decode;
+
+	rc = (*decoder)( mem_op, genBuf, csi, len, mode );
+	ExpBufFreeBuf ( buf );
+	GenBufFreeBuf( genBuf );
+}
+
+int intToAscii( int value, char* buf ) {
+	int minus=0,i,temp;
+	int total_num_digits;
+
+	if ( value == 0 ){
+		buf[0] = '0';
+		return 1;
+	}
+
+	if ( value < 0 ){
+		minus = 1;
+		value = value*(-1);
+		buf[0] = '-';
+	}
+	
+	/* How many digits */
+	for ( temp = value, total_num_digits=0 ; temp ; total_num_digits++ )
+		temp = temp/10;
+
+	total_num_digits += minus;
+
+	for ( i = minus ; value ; i++ ) {
+		buf[ total_num_digits - i - 1 ]= (char)(value%10 + '0');
+		value = value/10;
+	}
+	return i;
+}
+
+int
+comp_convert_asn_to_ldap ( MatchingRule* mr, ComponentSyntaxInfo* csi, struct berval* bv, int *allocated )
+{
+	int rc;
+	struct berval prettied;
+	Syntax* syn;
+
+	AsnTypetoSyntax* asn_to_syn =
+		&asn_to_syntax_mapping_tbl[csi->csi_comp_desc->cd_type_id];
+	if ( asn_to_syn->ats_syn_oid )
+		csi->csi_syntax = syn_find ( asn_to_syn->ats_syn_oid );
+	else 
+		csi->csi_syntax = NULL;
+
+
+        switch ( csi->csi_comp_desc->cd_type_id ) {
+          case BASICTYPE_BOOLEAN :
+		bv->bv_val = (char*)malloc( 5 );
+		*allocated = 1;
+		bv->bv_len = 5;
+		if ( ((ComponentBool*)csi)->value > 0 ) {
+			strcpy ( bv->bv_val , "TRUE" );
+			bv->bv_len = 4;
+		}
+		else {
+			strcpy ( bv->bv_val , "FALSE" );
+			bv->bv_len = 5;
+		}
+                break ;
+          case BASICTYPE_NULL :
+                bv->bv_len = 0;
+                break;
+          case BASICTYPE_INTEGER :
+		bv->bv_val = (char*)malloc( INITIAL_ATTR_SIZE );
+		*allocated = 1;
+		bv->bv_len = INITIAL_ATTR_SIZE;
+		bv->bv_len = intToAscii(((ComponentInt*)csi)->value, bv->bv_val );
+		if ( bv->bv_len <= 0 )
+			return LDAP_INVALID_SYNTAX;
+                break;
+          case BASICTYPE_REAL :
+		return LDAP_INVALID_SYNTAX;
+          case BASICTYPE_ENUMERATED :
+		bv->bv_val = (char*)malloc( INITIAL_ATTR_SIZE );
+		*allocated = 1;
+		bv->bv_len = INITIAL_ATTR_SIZE;
+		bv->bv_len = intToAscii(((ComponentEnum*)csi)->value, bv->bv_val );
+		if ( bv->bv_len <= 0 )
+			return LDAP_INVALID_SYNTAX;
+                break;
+          case BASICTYPE_OID :
+          case BASICTYPE_OCTETSTRING :
+          case BASICTYPE_BITSTRING :
+          case BASICTYPE_NUMERIC_STR :
+          case BASICTYPE_PRINTABLE_STR :
+          case BASICTYPE_UNIVERSAL_STR :
+          case BASICTYPE_IA5_STR :
+          case BASICTYPE_BMP_STR :
+          case BASICTYPE_UTF8_STR :
+          case BASICTYPE_UTCTIME :
+          case BASICTYPE_GENERALIZEDTIME :
+          case BASICTYPE_GRAPHIC_STR :
+          case BASICTYPE_VISIBLE_STR :
+          case BASICTYPE_GENERAL_STR :
+          case BASICTYPE_OBJECTDESCRIPTOR :
+          case BASICTYPE_VIDEOTEX_STR :
+          case BASICTYPE_T61_STR :
+          case BASICTYPE_OCTETCONTAINING :
+          case BASICTYPE_BITCONTAINING :
+          case BASICTYPE_RELATIVE_OID :
+		bv->bv_val = ((ComponentOcts*)csi)->value.octs;
+		bv->bv_len = ((ComponentOcts*)csi)->value.octetLen;
+                break;
+	  case BASICTYPE_ANY :
+		csi = ((ComponentAny*)csi)->value;
+		if ( csi->csi_comp_desc->cd_type != ASN_BASIC ||
+			csi->csi_comp_desc->cd_type_id == BASICTYPE_ANY )
+			return LDAP_INVALID_SYNTAX;
+		return comp_convert_asn_to_ldap( mr, csi, bv, allocated );
+          case COMPOSITE_ASN1_TYPE :
+		break;
+          case RDNSequence :
+		/*dnMatch*/
+		if( strncmp( mr->smr_mrule.mr_oid, DN_MATCH_OID, strlen(DN_MATCH_OID) ) != 0 )
+			return LDAP_INVALID_SYNTAX;
+		*allocated = 1;
+		rc = ConvertRDNSequence2RFC2253( (irRDNSequence*)csi, bv );
+		if ( rc != LDAP_SUCCESS ) return rc;
+		break;
+          case RelativeDistinguishedName :
+		/*rdnMatch*/
+		if( strncmp( mr->smr_mrule.mr_oid, RDN_MATCH_OID, strlen(RDN_MATCH_OID) ) != 0 )
+			return LDAP_INVALID_SYNTAX;
+		*allocated = 1;
+		rc = ConvertRDN2RFC2253((irRelativeDistinguishedName*)csi,bv);
+		if ( rc != LDAP_SUCCESS ) return rc;
+		break;
+          case TelephoneNumber :
+          case FacsimileTelephoneNumber__telephoneNumber :
+		break;
+          case DirectoryString :
+		return LDAP_INVALID_SYNTAX;
+          case ASN_COMP_CERTIFICATE :
+          case ASNTYPE_END :
+		break;
+          default :
+                /*Only ASN Basic Type can be converted into LDAP string*/
+		return LDAP_INVALID_SYNTAX;
+        }
+
+	if ( csi->csi_syntax ) {
+		if ( csi->csi_syntax->ssyn_validate ) {
+ 			rc = csi->csi_syntax->ssyn_validate(csi->csi_syntax, bv);
+			if ( rc != LDAP_SUCCESS )
+				return LDAP_INVALID_SYNTAX;
+		}
+		if ( csi->csi_syntax->ssyn_pretty ) {
+			rc = csi->csi_syntax->ssyn_pretty(csi->csi_syntax, bv, &prettied , NULL );
+			if ( rc != LDAP_SUCCESS )
+				return LDAP_INVALID_SYNTAX;
+#if 0
+			free ( bv->bv_val );/*potential memory leak?*/
+#endif
+			bv->bv_val = prettied.bv_val;
+			bv->bv_len = prettied.bv_len;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
+/*
+ * If <all> type component referenced is used
+ * more than one component will be tested
+ */
+#define IS_TERMINAL_COMPREF(cr) (cr->cr_curr->ci_next == NULL)
+int
+comp_test_all_components (
+	void* attr_mem_op,
+	void* assert_mem_op,
+	ComponentSyntaxInfo *csi_attr,
+	ComponentAssertion* ca )
+{
+	int rc;
+	ComponentSyntaxInfo *csi_temp = NULL, *csi_assert = NULL, *comp_elmt = NULL;
+	ComponentReference *cr = ca->ca_comp_ref;
+	struct berval *ca_val = &ca->ca_ma_value;
+
+	switch ( cr->cr_curr->ci_type ) {
+	    case LDAP_COMPREF_ALL:
+		if ( IS_TERMINAL_COMPREF(cr) ) {
+			FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
+			{
+				rc = comp_test_one_component( attr_mem_op, assert_mem_op, comp_elmt, ca );
+				if ( rc == LDAP_COMPARE_TRUE ) {
+					break;
+				}
+			}
+		} else {
+			ComponentId *start_compid = ca->ca_comp_ref->cr_curr->ci_next;
+			FOR_EACH_LIST_ELMT( comp_elmt, &((ComponentList*)csi_attr)->comp_list )
+			{
+				cr->cr_curr = start_compid;
+				rc = comp_test_components ( attr_mem_op, assert_mem_op, comp_elmt, ca );
+				if ( rc != LDAP_COMPARE_FALSE ) {
+					break;
+				}
+#if 0				
+				if ( rc == LDAP_COMPARE_TRUE ) {
+					break;
+				}
+#endif
+			}
+		}
+		break;
+	    case LDAP_COMPREF_CONTENT:
+	    case LDAP_COMPREF_SELECT:
+	    case LDAP_COMPREF_DEFINED:
+	    case LDAP_COMPREF_UNDEFINED:
+	    case LDAP_COMPREF_IDENTIFIER:
+	    case LDAP_COMPREF_FROM_BEGINNING:
+	    case LDAP_COMPREF_FROM_END:
+	    case LDAP_COMPREF_COUNT:
+		rc = LDAP_OPERATIONS_ERROR;
+		break;
+	    default:
+		rc = LDAP_OPERATIONS_ERROR;
+	}
+	return rc;
+}
+
+void
+eat_bv_whsp ( struct berval* in )
+{
+	char* end = in->bv_val + in->bv_len;
+        for ( ; ( *in->bv_val == ' ' ) && ( in->bv_val < end ) ; ) {
+                in->bv_val++;
+        }
+}
+
+/*
+ * Perform matching one referenced component against assertion
+ * If the matching rule in a component filter is allComponentsMatch
+ * or its derivatives the extracted component's ASN.1 specification
+ * is applied to the assertion value as its syntax
+ * Otherwise, the matching rule's syntax is applied to the assertion value
+ * By RFC 3687
+ */
+int
+comp_test_one_component (
+	void* attr_mem_op,
+	void* assert_mem_op,
+	ComponentSyntaxInfo *csi_attr,
+	ComponentAssertion *ca )
+{
+	int len, rc;
+	ComponentSyntaxInfo *csi_assert = NULL;
+	char* oid = NULL;
+	MatchingRule* mr = ca->ca_ma_rule;
+
+	if ( mr->smr_usage & SLAP_MR_COMPONENT ) {
+		/* If allComponentsMatch or its derivatives */
+		if ( !ca->ca_comp_data.cd_tree ) {
+			comp_convert_assert_to_comp( assert_mem_op, csi_attr, &ca->ca_ma_value, &csi_assert, &len, DEC_ALLOC_MODE_0 );
+			ca->ca_comp_data.cd_tree = (void*)csi_assert;
+		} else {
+			csi_assert = ca->ca_comp_data.cd_tree;
+		}
+
+		if ( !csi_assert )
+			return LDAP_PROTOCOL_ERROR;
+
+		if ( strcmp( mr->smr_mrule.mr_oid, OID_ALL_COMP_MATCH ) != 0 )
+                {
+                        /* allComponentMatch's derivatives */
+			oid =  mr->smr_mrule.mr_oid;
+                }
+                        return csi_attr->csi_comp_desc->cd_all_match(
+                               			 oid, csi_attr, csi_assert );
+
+	} else {
+		/* LDAP existing matching rules */
+		struct berval attr_bv = BER_BVNULL;
+		struct berval n_attr_bv = BER_BVNULL;
+		struct berval* assert_bv = &ca->ca_ma_value;
+		int allocated = 0;
+		/*Attribute is converted to compatible LDAP encodings*/
+		if ( comp_convert_asn_to_ldap( mr, csi_attr, &attr_bv, &allocated ) != LDAP_SUCCESS )
+			return LDAP_INAPPROPRIATE_MATCHING;
+		/* extracted component value is not normalized */
+		if ( ca->ca_ma_rule->smr_normalize ) {
+			rc = ca->ca_ma_rule->smr_normalize (
+				SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+				NULL, ca->ca_ma_rule,
+				&attr_bv, &n_attr_bv, NULL );
+			if ( rc != LDAP_SUCCESS )
+				return rc;
+			if ( allocated && attr_bv.bv_val )
+				free (attr_bv.bv_val);
+		} else {
+			n_attr_bv = attr_bv;
+		}
+#if 0
+		/*Assertion value is validated by MR's syntax*/
+		if ( !ca->ca_comp_data.cd_tree ) {
+			ca->ca_comp_data.cd_tree = assert_bv;
+		}
+		else {
+			assert_bv = ca->ca_comp_data.cd_tree;
+		}
+#endif
+		if ( !n_attr_bv.bv_val )
+			return LDAP_COMPARE_FALSE;
+		rc = csi_value_match( mr, &n_attr_bv, assert_bv );
+		if ( n_attr_bv.bv_val )
+			free ( n_attr_bv.bv_val );
+		return rc;
+	}
+}
+
+int
+comp_test_components( void* attr_nm, void* assert_nm, ComponentSyntaxInfo* csi_attr, ComponentAssertion* ca) {
+	char* peek_head;
+	int mode, bytesDecoded = 0, rc;
+	GenBuf* b;
+	ExpBuf* buf;
+	OidDecoderMapping* odm;
+	struct berval bv;
+	char oid[MAX_OID_LEN];
+	void* contained_comp, *anytype_comp;
+	ComponentReference* cr = ca->ca_comp_ref;
+
+	if ( !cr )
+		return comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+	/* Extracting the component referenced by ca->ca_comp_ref */
+	csi_attr = (ComponentSyntaxInfo*)csi_attr->csi_comp_desc->cd_extract_i( attr_nm, cr, csi_attr );
+	if ( !csi_attr ) return LDAP_INVALID_SYNTAX;
+	/* perform matching, considering the type of a Component Reference(CR)*/
+	switch( cr->cr_curr->ci_type ) {
+	   case LDAP_COMPREF_IDENTIFIER:
+	   case LDAP_COMPREF_FROM_BEGINNING:
+	   case LDAP_COMPREF_FROM_END:
+	   case LDAP_COMPREF_COUNT:
+		/*
+		 * Exactly one component is referenced
+		 * Fast Path for matching for this case
+		 */
+		rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+		break;
+	   case LDAP_COMPREF_ALL:
+		/*
+		 * If <all> type CR is used
+		 * more than one component will be tested
+		 */
+		rc = comp_test_all_components ( attr_nm, assert_nm, csi_attr, ca );
+		break;
+
+	   case LDAP_COMPREF_CONTENT:
+		/*
+		 * <content> type CR is used
+		 * check if it is followed by <select> type CR.
+		 * 1) If so, look up the corresponding decoder  in the mapping
+		 * table(OID to decoder) by <select>
+		 * and then decode the OCTET/BIT STRING with the decoder
+		 * Finally, extract the target component with the remaining CR.
+		 * 2) If not, just return the current component, It SHOULD not be
+		 * extracted further, because the component MUST be BIT/OCTET
+                 * string.
+                 */
+
+		cr->cr_curr = cr->cr_curr->ci_next;
+		if ( !cr->cr_curr ) {
+			/* case 2) in above description */
+			rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+			break;
+		}
+
+		if ( cr->cr_curr->ci_type == LDAP_COMPREF_SELECT ) {
+			/* Look up OID mapping table */	
+			odm = RetrieveOidDecoderMappingbyBV( &cr->cr_curr->ci_val.ci_select_value );
+			
+			if ( !odm || !odm->BER_Decode )
+				return  LDAP_PROTOCOL_ERROR;
+
+			/* current component MUST be either BIT or OCTET STRING */
+			if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
+				bv.bv_val = ((ComponentBits*)csi_attr)->value.bits;
+				bv.bv_len = ((ComponentBits*)csi_attr)->value.bitLen;
+			}
+			else if ( csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_BITSTRING ) {
+				bv.bv_val = ((ComponentOcts*)csi_attr)->value.octs;
+				bv.bv_len = ((ComponentOcts*)csi_attr)->value.octetLen;
+			}
+			else
+				return LDAP_PROTOCOL_ERROR;
+
+			buf = ExpBufAllocBuf();
+			ExpBuftoGenBuf( buf, &b );
+			ExpBufInstallDataInBuf ( buf, bv.bv_val, bv.bv_len );
+			BufResetInReadMode( b );
+			mode = DEC_ALLOC_MODE_2;
+
+			/* Try to decode with BER/DER decoder */
+			rc = odm->BER_Decode ( attr_nm, b, (ComponentSyntaxInfo*)&contained_comp, &bytesDecoded, mode );
+
+			ExpBufFreeBuf( buf );
+			GenBufFreeBuf( b );
+
+			if ( rc != LDAP_SUCCESS ) return LDAP_PROTOCOL_ERROR;
+
+			/* xxx.content.(x.xy.xyz).rfc822Name */
+			/* In the aboe Ex. move CR to the right to (x.xy.xyz)*/
+			cr->cr_curr = cr->cr_curr->ci_next;
+			if (!cr->cr_curr )
+				rc = comp_test_one_component ( attr_nm, assert_nm, csi_attr, ca );
+			else
+				rc = comp_test_components( attr_nm, assert_nm, contained_comp, ca );
+		}
+		else {
+			/* Invalid Component reference */
+			rc = LDAP_PROTOCOL_ERROR;
+		}
+		break;
+	   case LDAP_COMPREF_SELECT:
+		if (csi_attr->csi_comp_desc->cd_type_id != BASICTYPE_ANY )
+			return LDAP_INVALID_SYNTAX;
+		rc = CheckSelectTypeCorrect( attr_nm, ((ComponentAny*)csi_attr)->cai, &cr->cr_curr->ci_val.ci_select_value );
+		if ( rc < 0 ) return LDAP_INVALID_SYNTAX;
+
+		/* point to the real component, not any type component */
+		csi_attr = ((ComponentAny*)csi_attr)->value;
+		cr->cr_curr = cr->cr_curr->ci_next;
+		if ( cr->cr_curr )
+			rc =  comp_test_components( attr_nm, assert_nm, csi_attr, ca);
+		else
+			rc =  comp_test_one_component( attr_nm, assert_nm, csi_attr, ca);
+		break;
+	   default:
+		rc = LDAP_INVALID_SYNTAX;
+	}
+	return rc;
+}
+
+
+void*
+comp_nibble_memory_allocator ( int init_mem, int inc_mem ) {
+	void* nm;
+	nm = (void*)InitNibbleMemLocal( (unsigned long)init_mem, (unsigned long)inc_mem );
+	if ( !nm ) return NULL;
+	else return (void*)nm;
+}
+
+void
+comp_nibble_memory_free ( void* nm ) {
+	ShutdownNibbleMemLocal( nm );
+}
+
+void*
+comp_get_component_description ( int id ) {
+	if ( asntype_to_compdesc_mapping_tbl[id].atcd_typeId == id )
+		return &asntype_to_compdesc_mapping_tbl[id].atcd_cd;
+	else
+		return NULL;
+}
+
+int
+comp_component_encoder ( void* mem_op, ComponentSyntaxInfo* csi , struct berval* nval ) {
+        int size, rc;
+        GenBuf* b;
+        ExpBuf* buf;
+	struct berval bv;
+	
+	buf = ExpBufAllocBufAndData();
+	ExpBufResetInWriteRvsMode(buf);
+	ExpBuftoGenBuf( buf, &b );
+
+	if ( !csi->csi_comp_desc->cd_gser_encoder && !csi->csi_comp_desc->cd_ldap_encoder )
+		return (-1);
+
+	/*
+	 * if an LDAP specific encoder is provided :
+	 * dn and rdn have their LDAP specific encoder
+	 */
+	if ( csi->csi_comp_desc->cd_ldap_encoder ) {
+		rc = csi->csi_comp_desc->cd_ldap_encoder( csi, &bv );
+		if ( rc != LDAP_SUCCESS )
+			return rc;
+		if ( mem_op )
+			nval->bv_val = CompAlloc( mem_op, bv.bv_len );
+		else
+			nval->bv_val = malloc( size );
+		memcpy( nval->bv_val, bv.bv_val, bv.bv_len );
+		nval->bv_len = bv.bv_len;
+		/*
+		 * This free will be eliminated by making ldap_encoder
+		 * use nibble memory in it 
+		 */
+		free ( bv.bv_val );
+		GenBufFreeBuf( b );
+		BufFreeBuf( buf );
+		return LDAP_SUCCESS;
+	}
+
+	rc = csi->csi_comp_desc->cd_gser_encoder( b, csi );
+	if ( rc < 0 ) {
+		GenBufFreeBuf( b );
+		BufFreeBuf( buf );
+		return rc;
+	}
+
+	size = ExpBufDataSize( buf );
+	if ( size > 0 ) {
+		if ( mem_op )
+			nval->bv_val = CompAlloc ( mem_op, size );
+		else
+			nval->bv_val = malloc( size );
+		nval->bv_len = size;
+		BufResetInReadMode(b);
+		BufCopy( nval->bv_val, b, size );
+	}
+	ExpBufFreeBuf( buf );
+	GenBufFreeBuf( b );
+
+	return LDAP_SUCCESS;
+}
+
+#if SLAPD_COMP_MATCH == SLAPD_MOD_DYNAMIC
+
+#include "certificate.h"
+
+extern convert_attr_to_comp_func* attr_converter;
+extern convert_assert_to_comp_func* assert_converter;
+extern convert_asn_to_ldap_func* csi_converter;
+extern free_component_func* component_destructor;
+extern test_component_func* test_components;
+extern alloc_nibble_func* nibble_mem_allocator;
+extern free_nibble_func* nibble_mem_free;
+extern test_membership_func* is_aliased_attribute;
+extern get_component_info_func* get_component_description;
+extern component_encoder_func* component_encoder;
+
+
+int init_module(int argc, char *argv[]) {
+	/*
+	 * Initialize function pointers in slapd
+	 */
+	attr_converter = (convert_attr_to_comp_func*)comp_convert_attr_to_comp;
+	assert_converter = (convert_assert_to_comp_func*)comp_convert_assert_to_comp;
+	component_destructor = (free_component_func*)comp_free_component;
+	test_components = (test_component_func*)comp_test_components;
+	nibble_mem_allocator = (free_nibble_func*)comp_nibble_memory_allocator;
+	nibble_mem_free = (free_nibble_func*)comp_nibble_memory_free;
+	is_aliased_attribute = (test_membership_func*)comp_is_aliased_attribute;
+	get_component_description = (get_component_info_func*)comp_get_component_description;
+	component_encoder = (component_encoder_func*)comp_component_encoder;
+
+	/* file path needs to be */
+	load_derived_matching_rule ("derived_mr.cfg");
+
+	/* the initialization for example X.509 certificate */
+	init_module_AuthenticationFramework();
+	init_module_AuthorityKeyIdentifierDefinition();
+	init_module_CertificateRevokationList();
+	init_attribute_aliasing_table ();
+	init_component_description_table ();
+	return 0;
+}
+
+#endif /* SLAPD_PASSWD */
diff --git a/contrib/slapd-modules/datamorph/Makefile b/contrib/slapd-modules/datamorph/Makefile
new file mode 100644
index 0000000..82bce49
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/Makefile
@@ -0,0 +1,77 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2017 Ondřej Kuzník, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+SRCDIR = ./
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_DATAMORPH=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = datamorph.la
+MANPAGES = slapo-datamorph.5
+CLEAN = *.o *.lo *.la .libs
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+all: $(PROGRAMS)
+
+d :=
+sp :=
+dir := tests
+include $(dir)/Rules.mk
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+datamorph.la: datamorph.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+		-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf $(CLEAN)
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/datamorph/datamorph.c b/contrib/slapd-modules/datamorph/datamorph.c
new file mode 100644
index 0000000..7767586
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/datamorph.c
@@ -0,0 +1,2091 @@
+/* datamorph.c - enumerated and native integer value support */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2016-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was developed in 2016 by Ondřej Kuzník for Symas Corp.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DATAMORPH
+
+#include <inttypes.h>
+#include <ac/stdlib.h>
+
+#if defined(__linux__)
+#include <endian.h>
+
+#elif defined(sun)
+
+#define be16toh(x) BE_16(x)
+#define le16toh(x) LE_16(x)
+#define htobe16(x) BE_16(x)
+#define htole16(x) LE_16(x)
+
+#define be32toh(x) BE_32(x)
+#define le32toh(x) LE_32(x)
+#define htobe32(x) BE_32(x)
+#define htole32(x) LE_32(x)
+
+#define be64toh(x) BE_64(x)
+#define le64toh(x) LE_64(x)
+#define htobe64(x) BE_64(x)
+#define htole64(x) LE_64(x)
+
+#elif defined(__NetBSD__) || defined(__FreeBSD__)
+#include <sys/endian.h>
+
+#elif defined(__OpenBSD__)
+#include <sys/endian.h>
+
+#define be16toh(x) betoh16(x)
+#define le16toh(x) letoh16(x)
+
+#define be32toh(x) betoh32(x)
+#define le32toh(x) letoh32(x)
+
+#define be64toh(x) betoh64(x)
+#define le64toh(x) letoh64(x)
+
+#elif defined(__BYTE_ORDER__) && \
+		( defined(__GNUC__) || defined(__clang__) )
+
+#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+#define be16toh(x) __builtin_bswap16(x)
+#define le16toh(x) (x)
+#define htobe16(x) __builtin_bswap16(x)
+#define htole16(x) (x)
+
+#define be32toh(x) __builtin_bswap32(x)
+#define le32toh(x) (x)
+#define htobe32(x) __builtin_bswap32(x)
+#define htole32(x) (x)
+
+#define be64toh(x) __builtin_bswap64(x)
+#define le64toh(x) (x)
+#define htobe64(x) __builtin_bswap64(x)
+#define htole64(x) (x)
+
+#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define be16toh(x) (x)
+#define le16toh(x) __builtin_bswap16(x)
+#define htobe16(x) (x)
+#define htole16(x) __builtin_bswap16(x)
+
+#define be32toh(x) (x)
+#define le32toh(x) __builtin_bswap32(x)
+#define htobe32(x) (x)
+#define htole32(x) __builtin_bswap32(x)
+
+#define be64toh(x) (x)
+#define le64toh(x) __builtin_bswap64(x)
+#define htobe64(x) (x)
+#define htole64(x) __builtin_bswap64(x)
+
+#else
+#error "Only support pure big and little endian at the moment"
+#endif
+
+#else
+#error "I lack the way to check my endianness and convert to/from big-endian"
+#endif
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+#include "ldap_queue.h"
+
+typedef enum datamorph_type_t {
+	DATAMORPH_UNSET,
+	DATAMORPH_ENUM,
+	DATAMORPH_INT,
+} datamorph_type;
+
+typedef enum datamorph_flags_t {
+	DATAMORPH_FLAG_SIGNED = 1 << 0,
+	DATAMORPH_FLAG_LOWER = 1 << 1,
+	DATAMORPH_FLAG_UPPER = 1 << 2,
+} datamorph_flags;
+
+typedef union datamorph_interval_bound_t {
+	int64_t i;
+	uint64_t u;
+} datamorph_interval_bound;
+
+typedef struct transformation_info_t {
+	AttributeDescription *attr;
+	datamorph_type type;
+	union {
+		struct {
+			Avlnode *to_db;
+			struct berval from_db[256];
+		} maps;
+#define ti_enum info.maps
+		struct {
+			datamorph_flags flags;
+			unsigned int size;
+			datamorph_interval_bound lower, upper;
+		} interval;
+#define ti_int info.interval
+	} info;
+} transformation_info;
+
+typedef struct datamorph_enum_mapping_t {
+	struct berval wire_value;
+	uint8_t db_value;
+	transformation_info *transformation;
+} datamorph_enum_mapping;
+
+typedef struct datamorph_info_t {
+	Avlnode *transformations;
+	transformation_info *wip_transformation;
+} datamorph_info;
+
+static int
+transformation_mapping_cmp( const void *l, const void *r )
+{
+	const datamorph_enum_mapping *left = l, *right = r;
+
+	return ber_bvcmp( &left->wire_value, &right->wire_value );
+}
+
+static int
+transformation_info_cmp( const void *l, const void *r )
+{
+	const transformation_info *left = l, *right = r;
+
+	return ( left->attr == right->attr ) ? 0 :
+			( left->attr < right->attr ) ? -1 :
+											1;
+}
+
+static int
+transform_to_db_format_one(
+		Operation *op,
+		transformation_info *definition,
+		struct berval *value,
+		struct berval *outval )
+{
+	switch ( definition->type ) {
+		case DATAMORPH_ENUM: {
+			datamorph_enum_mapping *mapping, needle = { .wire_value = *value };
+			struct berval db_value = { .bv_len = 1 };
+
+			mapping = ldap_avl_find( definition->ti_enum.to_db, &needle,
+					transformation_mapping_cmp );
+			if ( !mapping ) {
+				Debug( LDAP_DEBUG_ANY, "transform_to_db_format_one: "
+						"value '%s' not mapped\n",
+						value->bv_val );
+				return LDAP_CONSTRAINT_VIOLATION;
+			}
+
+			db_value.bv_val = (char *)&mapping->db_value;
+			ber_dupbv( outval, &db_value );
+			assert( outval->bv_val );
+			break;
+		}
+
+		case DATAMORPH_INT: {
+			union {
+				char s[8];
+				uint8_t be8;
+				uint16_t be16;
+				uint32_t be32;
+				uint64_t be64;
+			} buf;
+			struct berval db_value = { .bv_val = buf.s };
+			char *ptr = value->bv_val + value->bv_len;
+			uint64_t unsigned_value;
+			int64_t signed_value;
+
+			assert( definition->ti_int.size == 1 ||
+					definition->ti_int.size == 2 ||
+					definition->ti_int.size == 4 ||
+					definition->ti_int.size == 8 );
+
+			/* Read number */
+			if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				signed_value = strtoll( value->bv_val, &ptr, 10 );
+			} else {
+				unsigned_value = strtoull( value->bv_val, &ptr, 10 );
+			}
+			if ( *value->bv_val == '\0' || *ptr != '\0' ) {
+				Debug( LDAP_DEBUG_ANY, "transform_to_db_format_one: "
+						"value '%s' not an integer\n",
+						value->bv_val );
+				return LDAP_CONSTRAINT_VIOLATION;
+			}
+			/* Check it's within configured bounds */
+			if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				if ( signed_value < definition->ti_int.lower.i ||
+						signed_value > definition->ti_int.upper.i ) {
+					Debug( LDAP_DEBUG_ANY, "transform_to_db_format_one: "
+							"value '%s' doesn't fit configured constraints\n",
+							value->bv_val );
+					return LDAP_CONSTRAINT_VIOLATION;
+				}
+			} else {
+				if ( unsigned_value < definition->ti_int.lower.u ||
+						unsigned_value > definition->ti_int.upper.u ) {
+					Debug( LDAP_DEBUG_ANY, "transform_to_db_format_one: "
+							"value '%s' doesn't fit configured constraints\n",
+							value->bv_val );
+					return LDAP_CONSTRAINT_VIOLATION;
+				}
+			}
+
+			db_value.bv_len = definition->ti_int.size;
+			switch ( definition->ti_int.size ) {
+				case 1: {
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						buf.be8 = (unsigned char)((char)signed_value);
+					} else {
+						buf.be8 = unsigned_value;
+					}
+					break;
+				}
+				case 2: {
+					uint16_t h16;
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						h16 = signed_value;
+					} else {
+						h16 = unsigned_value;
+					}
+					buf.be16 = htobe16( h16 );
+					break;
+				}
+				case 4: {
+					uint32_t h32;
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						h32 = signed_value;
+					} else {
+						h32 = unsigned_value;
+					}
+					buf.be32 = htobe32( h32 );
+					break;
+				}
+				case 8: {
+					uint64_t h64;
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						h64 = signed_value;
+					} else {
+						h64 = unsigned_value;
+					}
+					buf.be64 = htobe64( h64 );
+					break;
+				}
+			}
+			ber_dupbv( outval, &db_value );
+			assert( outval->bv_val );
+			break;
+		}
+
+		default:
+			assert(0);
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+transform_to_db_format(
+		Operation *op,
+		transformation_info *definition,
+		BerVarray values,
+		int numvals,
+		BerVarray *out )
+{
+	struct berval *value;
+	int i, rc = LDAP_SUCCESS;
+
+	if ( numvals == 0 ) {
+		for ( value = values; value; value++, numvals++ )
+			; /* Count them */
+	}
+
+	assert( out );
+	*out = ch_calloc( numvals + 1, sizeof(struct berval) );
+
+	for ( i = 0; i < numvals; i++ ) {
+		rc = transform_to_db_format_one(
+				op, definition, &values[i], &(*out)[i] );
+		if ( rc ) {
+			break;
+		}
+	}
+
+	if ( rc ) {
+		for ( ; i >= 0; i-- ) {
+			ch_free((*out)[i].bv_val);
+		}
+		ch_free(*out);
+	}
+
+	return rc;
+}
+
+static int
+transform_from_db_format_one(
+		Operation *op,
+		transformation_info *definition,
+		struct berval *value,
+		struct berval *outval )
+{
+	switch ( definition->type ) {
+		case DATAMORPH_ENUM: {
+			uint8_t index = value->bv_val[0];
+			struct berval *val = &definition->info.maps.from_db[index];
+
+			if ( !BER_BVISNULL( val ) ) {
+				ber_dupbv( outval, val );
+				assert( outval->bv_val );
+			} else {
+				Debug( LDAP_DEBUG_ANY, "transform_from_db_format_one: "
+						"DB value %d has no mapping!\n",
+						index );
+				/* FIXME: probably still need to return an error */
+				BER_BVZERO( outval );
+			}
+			break;
+		}
+
+		case DATAMORPH_INT: {
+			char buf[24];
+			struct berval wire_value = { .bv_val = buf };
+			union lens_t {
+				uint8_t be8;
+				uint16_t be16;
+				uint32_t be32;
+				uint64_t be64;
+			} *lens = (union lens_t *)value->bv_val;
+			uint64_t unsigned_value;
+			int64_t signed_value;
+
+			if ( value->bv_len != definition->ti_int.size ) {
+				Debug( LDAP_DEBUG_ANY, "transform_from_db_format_one(%s): "
+						"unexpected DB value of length %lu when configured "
+						"for %u!\n",
+						definition->attr->ad_cname.bv_val, value->bv_len,
+						definition->ti_int.size );
+				/* FIXME: probably still need to return an error */
+				BER_BVZERO( outval );
+				break;
+			}
+
+			assert( definition->ti_int.size == 1 ||
+					definition->ti_int.size == 2 ||
+					definition->ti_int.size == 4 ||
+					definition->ti_int.size == 8 );
+
+			switch ( definition->ti_int.size ) {
+				case 1: {
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						signed_value = (int8_t)lens->be8;
+					} else {
+						unsigned_value = (uint8_t)lens->be8;
+					}
+					break;
+				}
+				case 2: {
+					uint16_t h16 = be16toh( lens->be16 );
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						signed_value = (int16_t)h16;
+					} else {
+						unsigned_value = (uint16_t)h16;
+					}
+					break;
+				}
+				case 4: {
+					uint32_t h32 = be32toh( lens->be32 );
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						signed_value = (int32_t)h32;
+					} else {
+						unsigned_value = (uint32_t)h32;
+					}
+					break;
+				}
+				case 8: {
+					uint64_t h64 = be64toh( lens->be64 );
+					if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+						signed_value = (int64_t)h64;
+					} else {
+						unsigned_value = (uint64_t)h64;
+					}
+					break;
+				}
+			}
+			if ( definition->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				wire_value.bv_len = sprintf( buf, "%" PRId64, signed_value );
+			} else {
+				wire_value.bv_len = sprintf( buf, "%" PRIu64, unsigned_value );
+			}
+			ber_dupbv( outval, &wire_value );
+			assert( outval->bv_val );
+			break;
+		}
+
+		default:
+			assert(0);
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+transform_from_db_format(
+		Operation *op,
+		transformation_info *definition,
+		BerVarray values,
+		int numvals,
+		BerVarray *out )
+{
+	struct berval *value;
+	int i, rc = LDAP_SUCCESS;
+
+	if ( numvals == 0 ) {
+		for ( value = values; value; value++, numvals++ )
+			; /* Count them */
+	}
+
+	assert( out );
+	*out = ch_calloc( numvals + 1, sizeof(struct berval) );
+
+	for ( i = 0; i < numvals; i++ ) {
+		struct berval bv;
+		rc = transform_from_db_format_one( op, definition, &values[i], &bv );
+		if ( !BER_BVISNULL( &bv ) ) {
+			ber_bvarray_add( out, &bv );
+		}
+		if ( rc ) {
+			break;
+		}
+	}
+
+	if ( rc ) {
+		for ( ; i >= 0; i-- ) {
+			ch_free( (*out)[i].bv_val );
+		}
+		ch_free( *out );
+	}
+
+	return rc;
+}
+
+static int
+datamorph_filter( Operation *op, datamorph_info *ov, Filter *f )
+{
+	switch ( f->f_choice ) {
+		case LDAP_FILTER_PRESENT:
+		/* The matching rules are not in place,
+		 * so the filter will be ignored */
+		case LDAP_FILTER_APPROX:
+		case LDAP_FILTER_SUBSTRINGS:
+		default:
+			break;
+			return LDAP_SUCCESS;
+
+		case LDAP_FILTER_AND:
+		case LDAP_FILTER_OR: {
+			for ( f = f->f_and; f; f = f->f_next ) {
+				int rc = datamorph_filter( op, ov, f );
+				if ( rc != LDAP_SUCCESS ) {
+					return rc;
+				}
+			}
+		} break;
+
+		case LDAP_FILTER_NOT:
+			return datamorph_filter( op, ov, f->f_not );
+
+		case LDAP_FILTER_EQUALITY:
+		case LDAP_FILTER_GE:
+		case LDAP_FILTER_LE: {
+			transformation_info *t, needle = { .attr = f->f_ava->aa_desc };
+
+			t = ldap_avl_find(
+					ov->transformations, &needle, transformation_info_cmp );
+			if ( t ) {
+				struct berval new_val;
+				int rc = transform_to_db_format_one(
+						op, t, &f->f_ava->aa_value, &new_val );
+				ch_free( f->f_ava->aa_value.bv_val );
+
+				if ( rc != LDAP_SUCCESS ) {
+					f->f_choice = SLAPD_FILTER_COMPUTED;
+					f->f_result = SLAPD_COMPARE_UNDEFINED;
+				} else {
+					f->f_ava->aa_value = new_val;
+				}
+			}
+		} break;
+	}
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_op_add( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	Entry *e = op->ora_e;
+	Attribute *a, *next;
+	AttributeDescription *stop = NULL;
+	int rc = LDAP_SUCCESS;
+
+	if ( !BER_BVISNULL( &e->e_nname ) && !BER_BVISEMPTY( &e->e_nname ) ) {
+		LDAPRDN rDN;
+		const char *p;
+		int i;
+
+		rc = ldap_bv2rdn_x( &e->e_nname, &rDN, (char **)&p, LDAP_DN_FORMAT_LDAP,
+				op->o_tmpmemctx );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "datamorph_op_add: "
+					"can't parse rdn: dn=%s\n",
+					op->o_req_ndn.bv_val );
+			return SLAP_CB_CONTINUE;
+		}
+
+		for ( i = 0; rDN[i]; i++ ) {
+			transformation_info needle = {};
+
+			/* If we can't resolve the attribute, ignore it */
+			if ( slap_bv2ad( &rDN[i]->la_attr, &needle.attr, &p ) ) {
+				continue;
+			}
+
+			if ( ldap_avl_find( ov->transformations, &needle,
+						 transformation_info_cmp ) ) {
+				rc = LDAP_CONSTRAINT_VIOLATION;
+				Debug( LDAP_DEBUG_TRACE, "datamorph_op_add: "
+						"attempted to add transformed attribute in RDN\n" );
+				break;
+			}
+		}
+
+		ldap_rdnfree_x( rDN, op->o_tmpmemctx );
+		if ( rc != LDAP_SUCCESS ) {
+			send_ldap_error( op, rs, rc,
+					"datamorph: trying to add transformed attribute in RDN" );
+			return rc;
+		}
+	}
+
+	for ( a = e->e_attrs; a && a->a_desc != stop; a = next ) {
+		transformation_info *t, needle = { .attr = a->a_desc };
+		BerVarray new_vals;
+
+		next = a->a_next;
+
+		t = ldap_avl_find( ov->transformations, &needle, transformation_info_cmp );
+		if ( !t ) continue;
+
+		rc = transform_to_db_format(
+				op, t, a->a_vals, a->a_numvals, &new_vals );
+		if ( rc != LDAP_SUCCESS ) {
+			goto fail;
+		}
+
+		(void)attr_delete( &e->e_attrs, needle.attr );
+
+		rc = attr_merge( e, needle.attr, new_vals, NULL );
+		ber_bvarray_free( new_vals );
+		if ( rc != LDAP_SUCCESS ) {
+			goto fail;
+		}
+		if ( !stop ) {
+			stop = needle.attr;
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+
+fail:
+	send_ldap_error(
+			op, rs, rc, "datamorph: trying to add values outside definitions" );
+	return rc;
+}
+
+static int
+datamorph_op_compare( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	transformation_info *t, needle = { .attr = op->orc_ava->aa_desc };
+	int rc = SLAP_CB_CONTINUE;
+
+	t = ldap_avl_find( ov->transformations, &needle, transformation_info_cmp );
+	if ( t ) {
+		struct berval new_val;
+
+		rc = transform_to_db_format_one(
+				op, t, &op->orc_ava->aa_value, &new_val );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "datamorph_op_compare: "
+					"transformation failed for '%s', rc=%d\n",
+					op->orc_ava->aa_value.bv_val, rc );
+			rs->sr_err = rc = LDAP_COMPARE_FALSE;
+			send_ldap_result( op, rs );
+			return rc;
+		}
+		ch_free( op->orc_ava->aa_value.bv_val );
+		op->orc_ava->aa_value = new_val;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+datamorph_op_mod( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	Modifications *mod;
+	int rc = SLAP_CB_CONTINUE;
+
+	for ( mod = op->orm_modlist; mod; mod = mod->sml_next ) {
+		transformation_info *t, needle = { .attr = mod->sml_desc };
+		BerVarray new_vals = NULL;
+
+		if ( mod->sml_numvals == 0 ) continue; /* Nothing to transform */
+
+		t = ldap_avl_find( ov->transformations, &needle, transformation_info_cmp );
+		if ( !t ) continue;
+
+		assert( !mod->sml_nvalues );
+		rc = transform_to_db_format(
+				op, t, mod->sml_values, mod->sml_numvals, &new_vals );
+		if ( rc != LDAP_SUCCESS ) {
+			goto fail;
+		}
+		ber_bvarray_free( mod->sml_values );
+		mod->sml_values = new_vals;
+	}
+
+	return SLAP_CB_CONTINUE;
+
+fail:
+	Debug( LDAP_DEBUG_TRACE, "datamorph_op_mod: "
+			"dn=%s failed rc=%d\n",
+			op->o_req_ndn.bv_val, rc );
+	send_ldap_error( op, rs, rc,
+			"datamorph: trying to operate on values outside definitions" );
+	return rc;
+}
+
+static int
+datamorph_op_modrdn( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	LDAPRDN rDN;
+	const char *p;
+	int i, rc;
+
+	rc = ldap_bv2rdn_x( &op->orr_nnewrdn, &rDN, (char **)&p,
+			LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "datamorph_op_modrdn: "
+				"can't parse rdn for dn=%s\n",
+				op->o_req_ndn.bv_val );
+		return SLAP_CB_CONTINUE;
+	}
+
+	for ( i = 0; rDN[i]; i++ ) {
+		transformation_info needle = {};
+
+		/* If we can't resolve the attribute, ignore it */
+		if ( slap_bv2ad( &rDN[i]->la_attr, &needle.attr, &p ) ) {
+			continue;
+		}
+
+		if ( ldap_avl_find(
+					 ov->transformations, &needle, transformation_info_cmp ) ) {
+			rc = LDAP_CONSTRAINT_VIOLATION;
+			Debug( LDAP_DEBUG_TRACE, "datamorph_op_modrdn: "
+					"attempted to add transformed values in RDN\n" );
+			break;
+		}
+	}
+
+	ldap_rdnfree_x( rDN, op->o_tmpmemctx );
+	if ( rc != LDAP_SUCCESS ) {
+		send_ldap_error( op, rs, rc,
+				"datamorph: trying to put transformed values in RDN" );
+		return rc;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+datamorph_response( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	Entry *e = NULL, *e_orig = rs->sr_entry;
+	AttributeDescription *stop = NULL;
+	Attribute *a, *next = NULL;
+	int rc = SLAP_CB_CONTINUE;
+
+	if ( rs->sr_type != REP_SEARCH ) {
+		return rc;
+	}
+
+	for ( a = e_orig->e_attrs; a && a->a_desc != stop; a = next ) {
+		transformation_info *t, needle = { .attr = a->a_desc };
+		BerVarray new_vals;
+
+		next = a->a_next;
+
+		t = ldap_avl_find( ov->transformations, &needle, transformation_info_cmp );
+		if ( !t ) continue;
+
+		rc = transform_from_db_format(
+				op, t, a->a_vals, a->a_numvals, &new_vals );
+		if ( rc != LDAP_SUCCESS ) {
+			break;
+		}
+		if ( !e ) {
+			if ( rs->sr_flags & REP_ENTRY_MODIFIABLE ) {
+				e = e_orig;
+			} else {
+				e = entry_dup( e_orig );
+			}
+		}
+
+		(void)attr_delete( &e->e_attrs, needle.attr );
+
+		rc = attr_merge( e, needle.attr, new_vals, NULL );
+		ber_bvarray_free( new_vals );
+		if ( rc != LDAP_SUCCESS ) {
+			break;
+		}
+		if ( !stop ) {
+			stop = needle.attr;
+		}
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		rc = SLAP_CB_CONTINUE;
+		if ( e && e != e_orig ) {
+			rs_replace_entry( op, rs, on, e );
+			rs->sr_flags &= ~REP_ENTRY_MASK;
+			rs->sr_flags |= REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED;
+		}
+	} else if ( e && e != e_orig ) {
+		entry_free( e );
+	}
+
+	return rc;
+}
+
+static int
+datamorph_op_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	int rc = SLAP_CB_CONTINUE;
+
+	/*
+	 * 1. check all requested attributes -> register callback if one matches
+	 * 2. check filter: parse filter, traverse, for configured attributes:
+	 *    - presence -> do not touch
+	 *    - ava -> replace assertion value with db value if possible, assertion with undefined otherwise 
+	 *    - inequality -> ???
+	 *    - anything else -> undefined
+	 *    - might just check for equality and leave the rest to syntax?
+	 * 3. unparse filter
+	 */
+	if ( datamorph_filter( op, ov, op->ors_filter ) ) {
+		send_ldap_error(
+				op, rs, LDAP_OTHER, "datamorph: failed to process filter" );
+		return LDAP_OTHER;
+	}
+
+	return rc;
+}
+
+static int
+datamorph_entry_release_rw( Operation *op, Entry *e, int rw )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	int rc = LDAP_SUCCESS;
+
+	if ( on->on_next ) {
+		rc = overlay_entry_release_ov( op, e, rw, on->on_next );
+	} else if ( on->on_info->oi_orig->bi_entry_release_rw ) {
+		/* FIXME: there should be a better way */
+		rc = on->on_info->oi_orig->bi_entry_release_rw( op, e, rw );
+	} else {
+		entry_free( e );
+	}
+
+	return rc;
+}
+
+static int
+datamorph_entry_get_rw(
+		Operation *op,
+		struct berval *ndn,
+		ObjectClass *oc,
+		AttributeDescription *at,
+		int rw,
+		Entry **ep )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+	Entry *e_orig, *e = NULL;
+	int rc;
+
+	if ( on->on_next ) {
+		rc = overlay_entry_get_ov( op, ndn, oc, at, rw, ep, on->on_next );
+	} else {
+		/* FIXME: there should be a better way */
+		rc = on->on_info->oi_orig->bi_entry_get_rw( op, ndn, oc, at, rw, ep );
+	}
+	e_orig = *ep;
+
+	if ( rc == LDAP_SUCCESS && e_orig ) {
+		AttributeDescription *stop = NULL;
+		Attribute *a;
+
+		for ( a = e_orig->e_attrs; a; a = a->a_next ) {
+			transformation_info *t, needle = { .attr = a->a_desc };
+			BerVarray new_vals;
+
+			t = ldap_avl_find(
+					ov->transformations, &needle, transformation_info_cmp );
+			if ( !t ) continue;
+
+			rc = transform_from_db_format(
+					op, t, a->a_vals, a->a_numvals, &new_vals );
+			if ( rc != LDAP_SUCCESS ) {
+				goto fail;
+			}
+			if ( !e ) {
+				e = entry_dup( e_orig );
+			}
+
+			(void)attr_delete( &e->e_attrs, needle.attr );
+
+			rc = attr_merge( e, needle.attr, new_vals, NULL );
+			ber_bvarray_free( new_vals );
+			if ( rc != LDAP_SUCCESS ) {
+				goto fail;
+			}
+			if ( !stop ) {
+				stop = needle.attr;
+			}
+		}
+	}
+	if ( e ) {
+		datamorph_entry_release_rw( op, e_orig, rw );
+		*ep = e;
+	}
+
+	return rc;
+
+fail:
+	if ( e ) {
+		entry_free( e );
+	}
+	(void)datamorph_entry_release_rw( op, *ep, rw );
+	return rc;
+}
+
+/* Schema */
+
+static int
+datamorphBlobValidate( Syntax *syntax, struct berval *in )
+{
+	/* any value allowed */
+	return LDAP_SUCCESS;
+}
+
+int
+datamorphBinarySignedOrderingMatch( int *matchp,
+		slap_mask_t flags,
+		Syntax *syntax,
+		MatchingRule *mr,
+		struct berval *value,
+		void *assertedValue )
+{
+	struct berval *asserted = assertedValue;
+	ber_len_t v_len = value->bv_len;
+	ber_len_t av_len = asserted->bv_len;
+
+	/* Ordering:
+	 * 1. Negative always before non-negative
+	 * 2. Shorter before longer
+	 * 3. Rest ordered by memory contents (they are big-endian numbers)
+	 */
+	int match = ( *value->bv_val >= 0 ) - ( *asserted->bv_val >= 0 );
+
+	if ( match == 0 ) match = (int)v_len - (int)av_len;
+
+	if ( match == 0 ) match = memcmp( value->bv_val, asserted->bv_val, v_len );
+
+	/* If used in extensible match filter, match if value < asserted */
+	if ( flags & SLAP_MR_EXT ) match = ( match >= 0 );
+
+	*matchp = match;
+	return LDAP_SUCCESS;
+}
+
+/* Index generation function: Ordered index */
+int
+datamorphUnsignedIndexer( slap_mask_t use,
+		slap_mask_t flags,
+		Syntax *syntax,
+		MatchingRule *mr,
+		struct berval *prefix,
+		BerVarray values,
+		BerVarray *keysp,
+		void *ctx )
+{
+	int i;
+	BerVarray keys;
+
+	for ( i = 0; values[i].bv_val != NULL; i++ ) {
+		/* just count them */
+	}
+
+	/* we should have at least one value at this point */
+	assert( i > 0 );
+
+	keys = slap_sl_malloc( sizeof(struct berval) * ( i + 1 ), ctx );
+
+	for ( i = 0; values[i].bv_val != NULL; i++ ) {
+		ber_dupbv_x( &keys[i], &values[i], ctx );
+	}
+
+	BER_BVZERO( &keys[i] );
+
+	*keysp = keys;
+
+	return LDAP_SUCCESS;
+}
+
+/* Index generation function: Ordered index */
+int
+datamorphUnsignedFilter(
+		slap_mask_t use,
+		slap_mask_t flags,
+		Syntax *syntax,
+		MatchingRule *mr,
+		struct berval *prefix,
+		void *assertedValue,
+		BerVarray *keysp,
+		void *ctx )
+{
+	BerVarray keys;
+	BerValue *value = assertedValue;
+
+	keys = slap_sl_malloc( sizeof(struct berval) * 2, ctx );
+	ber_dupbv_x( &keys[0], value, ctx );
+
+	BER_BVZERO( &keys[1] );
+
+	*keysp = keys;
+
+	return LDAP_SUCCESS;
+}
+
+/* Index generation function: Ordered index */
+int
+datamorphSignedIndexer(
+		slap_mask_t use,
+		slap_mask_t flags,
+		Syntax *syntax,
+		MatchingRule *mr,
+		struct berval *prefix,
+		BerVarray values,
+		BerVarray *keysp,
+		void *ctx )
+{
+	int i;
+	BerVarray keys;
+
+	for ( i = 0; values[i].bv_val != NULL; i++ ) {
+		/* just count them */
+	}
+
+	/* we should have at least one value at this point */
+	assert( i > 0 );
+
+	keys = slap_sl_malloc( sizeof(struct berval) * ( i + 1 ), ctx );
+
+	for ( i = 0; values[i].bv_val != NULL; i++ ) {
+		keys[i].bv_len = values[i].bv_len + 1;
+		keys[i].bv_val = slap_sl_malloc( keys[i].bv_len, ctx );
+
+		/* if positive (highest bit is not set), note that in the first byte */
+		*keys[i].bv_val = ~( *values[i].bv_val & 0x80 );
+		AC_MEMCPY( keys[i].bv_val + 1, values[i].bv_val, values[i].bv_len );
+	}
+
+	BER_BVZERO( &keys[i] );
+
+	*keysp = keys;
+
+	return LDAP_SUCCESS;
+}
+
+/* Index generation function: Ordered index */
+int
+datamorphSignedFilter(
+		slap_mask_t use,
+		slap_mask_t flags,
+		Syntax *syntax,
+		MatchingRule *mr,
+		struct berval *prefix,
+		void *assertedValue,
+		BerVarray *keysp,
+		void *ctx )
+{
+	BerVarray keys;
+	BerValue *value = assertedValue;
+
+	keys = slap_sl_malloc( sizeof(struct berval) * 2, ctx );
+
+	keys[0].bv_len = value->bv_len + 1;
+	keys[0].bv_val = slap_sl_malloc( keys[0].bv_len, ctx );
+
+	/* if positive (highest bit is not set), note that in the first byte */
+	*keys[0].bv_val = ~( *value->bv_val & 0x80 );
+	AC_MEMCPY( keys[0].bv_val + 1, value->bv_val, value->bv_len );
+
+	BER_BVZERO( &keys[1] );
+
+	*keysp = keys;
+
+	return LDAP_SUCCESS;
+}
+
+#define DATAMORPH_ARC "1.3.6.1.4.1.4203.666.11.12"
+
+#define DATAMORPH_SYNTAXES DATAMORPH_ARC ".1"
+#define DATAMORPH_SYNTAX_BASE DATAMORPH_SYNTAXES ".1"
+#define DATAMORPH_SYNTAX_ENUM DATAMORPH_SYNTAXES ".2"
+#define DATAMORPH_SYNTAX_INT DATAMORPH_SYNTAXES ".3"
+#define DATAMORPH_SYNTAX_SIGNED_INT DATAMORPH_SYNTAXES ".4"
+
+#define DATAMORPH_MATCHES DATAMORPH_ARC ".2"
+#define DATAMORPH_MATCH_EQUALITY DATAMORPH_MATCHES ".1"
+#define DATAMORPH_MATCH_SIGNED_EQUALITY DATAMORPH_MATCHES ".2"
+#define DATAMORPH_MATCH_ORDERING DATAMORPH_MATCHES ".3"
+#define DATAMORPH_MATCH_SIGNED_ORDERING DATAMORPH_MATCHES ".4"
+
+static char *datamorph_sups[] = {
+	DATAMORPH_SYNTAX_BASE,
+	NULL
+};
+
+static char *datamorphSyntaxes[] = {
+	DATAMORPH_SYNTAX_SIGNED_INT,
+	DATAMORPH_SYNTAX_ENUM,
+	DATAMORPH_SYNTAX_INT,
+
+	NULL
+};
+
+static slap_syntax_defs_rec datamorph_syntax_defs[] = {
+	{ "( " DATAMORPH_SYNTAX_BASE " DESC 'Fixed size value' )",
+		0, NULL, NULL, NULL
+	},
+	{ "( " DATAMORPH_SYNTAX_ENUM " DESC 'Enumerated value' )",
+		0, datamorph_sups, datamorphBlobValidate, NULL
+	},
+	{ "( " DATAMORPH_SYNTAX_INT " DESC 'Fixed-size integer' )",
+		0, datamorph_sups, datamorphBlobValidate, NULL
+	},
+	{ "( " DATAMORPH_SYNTAX_SIGNED_INT " DESC 'Fixed-size signed integer' )",
+		0, datamorph_sups, datamorphBlobValidate, NULL
+	},
+
+	{ NULL, 0, NULL, NULL, NULL }
+};
+
+static Syntax *datamorph_base_syntax;
+
+static slap_mrule_defs_rec datamorph_mrule_defs[] = {
+	{ "( " DATAMORPH_MATCH_EQUALITY
+		" NAME 'fixedSizeIntegerMatch'"
+		" SYNTAX " DATAMORPH_SYNTAX_INT " )",
+		SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_ORDERED_INDEX,
+		datamorphSyntaxes + 1,
+		NULL, NULL, octetStringOrderingMatch,
+		datamorphUnsignedIndexer, datamorphUnsignedFilter,
+		NULL
+	},
+
+	{ "( " DATAMORPH_MATCH_SIGNED_EQUALITY
+		" NAME 'fixedSizeSignedIntegerMatch'"
+		" SYNTAX " DATAMORPH_SYNTAX_SIGNED_INT " )",
+		SLAP_MR_EQUALITY|SLAP_MR_EXT|SLAP_MR_ORDERED_INDEX,
+		NULL,
+		NULL, NULL, datamorphBinarySignedOrderingMatch,
+		datamorphSignedIndexer, datamorphSignedFilter,
+		NULL
+	},
+
+	{ "( " DATAMORPH_MATCH_ORDERING
+		" NAME 'fixedSizeIntegerOrderingMatch'"
+		" SYNTAX " DATAMORPH_SYNTAX_INT " )",
+		SLAP_MR_ORDERING|SLAP_MR_EXT|SLAP_MR_ORDERED_INDEX,
+		datamorphSyntaxes + 1,
+		NULL, NULL, octetStringOrderingMatch,
+		datamorphUnsignedIndexer, datamorphUnsignedFilter,
+		"octetStringMatch" },
+
+	{ "( " DATAMORPH_MATCH_SIGNED_ORDERING
+		" NAME 'fixedSizeSignedIntegerOrderingMatch'"
+		" SYNTAX " DATAMORPH_SYNTAX_SIGNED_INT " )",
+		SLAP_MR_ORDERING|SLAP_MR_EXT|SLAP_MR_ORDERED_INDEX,
+		NULL,
+		NULL, NULL, datamorphBinarySignedOrderingMatch,
+		datamorphSignedIndexer, datamorphSignedFilter,
+		"octetStringMatch" },
+
+	{ NULL, SLAP_MR_NONE, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
+};
+
+/* Configuration */
+
+static ConfigLDAPadd datamorph_ldadd_enum;
+static ConfigLDAPadd datamorph_ldadd_interval;
+static ConfigLDAPadd datamorph_ldadd_mapping;
+
+static ConfigDriver datamorph_set_attribute;
+static ConfigDriver datamorph_set_size;
+static ConfigDriver datamorph_set_signed;
+static ConfigDriver datamorph_set_bounds;
+static ConfigDriver datamorph_set_index;
+static ConfigDriver datamorph_set_value;
+static ConfigDriver datamorph_add_mapping;
+static ConfigDriver datamorph_add_transformation;
+
+static ConfigCfAdd datamorph_cfadd;
+
+enum {
+	DATAMORPH_INT_SIZE = 1,
+	DATAMORPH_INT_SIGNED,
+	DATAMORPH_INT_LOWER,
+	DATAMORPH_INT_UPPER,
+
+	DATAMORPH_INT_LAST,
+};
+
+static ConfigTable datamorph_cfg[] = {
+	{ "datamorph_attribute", "attr", 2, 2, 0,
+		ARG_STRING|ARG_QUOTE|ARG_MAGIC,
+		datamorph_set_attribute,
+		"( OLcfgCtAt:7.1 NAME 'olcDatamorphAttribute' "
+			"DESC 'Attribute to transform' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "datamorph_size", "<1|2|4|8>", 2, 2, 0,
+		ARG_INT|ARG_MAGIC|DATAMORPH_INT_SIZE,
+		datamorph_set_size,
+		"( OLcfgCtAt:7.2 NAME 'olcDatamorphIntegerBytes' "
+			"DESC 'Integer size in bytes' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "datamorph_signed", "TRUE|FALSE", 2, 2, 0,
+		ARG_ON_OFF|ARG_MAGIC|DATAMORPH_INT_SIGNED,
+		datamorph_set_signed,
+		"( OLcfgCtAt:7.3 NAME 'olcDatamorphIntegerSigned' "
+			"DESC 'Whether integers maintain sign' "
+			"EQUALITY booleanMatch "
+			"SYNTAX OMsBoolean "
+				"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "datamorph_lower_bound", "int", 2, 2, 0,
+		ARG_BERVAL|ARG_MAGIC|DATAMORPH_INT_LOWER,
+		datamorph_set_bounds,
+		"( OLcfgCtAt:7.4 NAME 'olcDatamorphIntegerLowerBound' "
+			"DESC 'Lowest valid value for the attribute' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "datamorph_upper_bound", "int", 2, 2, 0,
+		ARG_BERVAL|ARG_MAGIC|DATAMORPH_INT_UPPER,
+		datamorph_set_bounds,
+		"( OLcfgCtAt:7.5 NAME 'olcDatamorphIntegerUpperBound' "
+			"DESC 'Highest valid value for the attribute' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+
+	/* These have no equivalent in slapd.conf */
+	{ "", NULL, 2, 2, 0,
+		ARG_INT|ARG_MAGIC,
+		datamorph_set_index,
+		"( OLcfgCtAt:7.6 NAME 'olcDatamorphIndex' "
+			"DESC 'Internal DB value' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "", NULL, 2, 2, 0,
+		ARG_BERVAL|ARG_QUOTE|ARG_MAGIC,
+		datamorph_set_value,
+		"( OLcfgCtAt:7.7 NAME 'olcDatamorphValue' "
+			"DESC 'Wire value' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+
+	/* slapd.conf alternative for the two above */
+	{ "datamorph_value", "int> <name", 3, 3, 0,
+		ARG_QUOTE|ARG_MAGIC,
+		datamorph_add_mapping,
+		NULL, NULL, NULL
+	},
+
+	/* slapd.conf alternative for objectclasses below */
+	{ "datamorph", "enum|int> <attr", 3, 3, 0,
+		ARG_QUOTE|ARG_MAGIC,
+		datamorph_add_transformation,
+		NULL, NULL, NULL
+	},
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs datamorph_ocs[] = {
+	{ "( OLcfgCtOc:7.1 "
+		"NAME 'olcDatamorphConfig' "
+		"DESC 'Datamorph overlay configuration' "
+		"SUP olcOverlayConfig )",
+		Cft_Overlay, datamorph_cfg, NULL, datamorph_cfadd },
+	{ "( OLcfgCtOc:7.2 "
+		"NAME 'olcTransformation' "
+		"DESC 'Transformation configuration' "
+		"MUST ( olcDatamorphAttribute ) "
+		"SUP top "
+		"ABSTRACT )",
+		Cft_Misc, datamorph_cfg, NULL },
+	{ "( OLcfgCtOc:7.3 "
+		"NAME 'olcDatamorphEnum' "
+		"DESC 'Configuration for an enumerated attribute' "
+		"SUP olcTransformation "
+		"STRUCTURAL )",
+		Cft_Misc, datamorph_cfg, datamorph_ldadd_enum },
+	{ "( OLcfgCtOc:7.4 "
+		"NAME 'olcDatamorphInteger' "
+		"DESC 'Configuration for a compact integer attribute' "
+		"MUST ( olcDatamorphIntegerBytes ) "
+		"MAY ( olcDatamorphIntegerLowerBound $ "
+			"olcDatamorphIntegerUpperBound $ "
+			"olcDatamorphIntegerSigned "
+		") "
+		"SUP olcTransformation "
+		"STRUCTURAL )",
+		Cft_Misc, datamorph_cfg, datamorph_ldadd_interval },
+	{ "( OLcfgCtOc:7.5 "
+		"NAME 'olcDatamorphEnumValue' "
+		"DESC 'Configuration for an enumerated attribute' "
+		"MUST ( olcDatamorphIndex $ "
+			"olcDatamorphValue "
+		") "
+		"STRUCTURAL )",
+		Cft_Misc, datamorph_cfg, datamorph_ldadd_mapping },
+
+	{ NULL, 0, NULL }
+};
+
+static void
+datamorph_mapping_free( void *arg )
+{
+	datamorph_enum_mapping *mapping = arg;
+
+	ch_free( mapping->wire_value.bv_val );
+	ch_free( mapping );
+}
+
+static void
+datamorph_info_free( void *arg )
+{
+	transformation_info *info = arg;
+
+	if ( info->type == DATAMORPH_ENUM ) {
+		ldap_avl_free( info->ti_enum.to_db, datamorph_mapping_free );
+	}
+	ch_free( info );
+}
+
+static int
+datamorph_set_attribute( ConfigArgs *ca )
+{
+	transformation_info needle = {}, *info = ca->ca_private;
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	datamorph_info *ov = on->on_bi.bi_private;
+	char *s = ca->value_string;
+	const char *text;
+	int rc = LDAP_SUCCESS;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_string = info->attr->ad_cname.bv_val;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		info = ldap_avl_delete( &ov->transformations, info,
+				transformation_info_cmp );
+		assert( info );
+
+		info->attr = NULL;
+		return LDAP_SUCCESS;
+	}
+
+	if ( *s == '{' ) {
+		s = strchr( s, '}' );
+		if ( !s ) {
+			rc = LDAP_UNDEFINED_TYPE;
+			goto done;
+		}
+		s += 1;
+	}
+
+	rc = slap_str2ad( s, &info->attr, &text );
+	ch_free( ca->value_string );
+	if ( rc ) {
+		goto done;
+	}
+
+	/* The type has to be set appropriately */
+	if ( !info->attr->ad_type->sat_syntax->ssyn_sups ||
+			info->attr->ad_type->sat_syntax->ssyn_sups[0] !=
+					datamorph_base_syntax ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+				"improper syntax for attribute %s",
+				info->attr->ad_cname.bv_val );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		rc = LDAP_CONSTRAINT_VIOLATION;
+		goto done;
+	}
+
+	needle.attr = info->attr;
+	if ( ldap_avl_find( ov->transformations, &needle, transformation_info_cmp ) ) {
+		rc = LDAP_CONSTRAINT_VIOLATION;
+		goto done;
+	}
+
+done:
+	if ( rc ) {
+		ca->reply.err = rc;
+	}
+	return rc;
+}
+
+static int
+datamorph_set_size( ConfigArgs *ca )
+{
+	transformation_info *info = ca->ca_private;
+
+	if ( !info ) {
+		slap_overinst *on = (slap_overinst *)ca->bi;
+		datamorph_info *ov = on->on_bi.bi_private;
+		info = ov->wip_transformation;
+		assert( ca->op == SLAP_CONFIG_ADD );
+	}
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_int = info->ti_int.size;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		info->ti_int.size = 0;
+		return LDAP_SUCCESS;
+	}
+
+	if ( ca->value_int != 1 &&
+			ca->value_int != 2 &&
+			ca->value_int != 4 &&
+			ca->value_int != 8 ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg), "invalid size %d",
+				ca->value_int );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+	info->ti_int.size = ca->value_int;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_set_signed( ConfigArgs *ca )
+{
+	transformation_info *info = ca->ca_private;
+
+	if ( !info ) {
+		slap_overinst *on = (slap_overinst *)ca->bi;
+		datamorph_info *ov = on->on_bi.bi_private;
+		info = ov->wip_transformation;
+		assert( ca->op == SLAP_CONFIG_ADD );
+	}
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_int = info->ti_int.flags & DATAMORPH_FLAG_SIGNED;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		info->ti_int.flags &= ~DATAMORPH_FLAG_SIGNED;
+		return LDAP_SUCCESS;
+	}
+
+	info->ti_int.flags &= ~DATAMORPH_FLAG_SIGNED;
+	if ( ca->value_int ) {
+		info->ti_int.flags |= DATAMORPH_FLAG_SIGNED;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_set_bounds( ConfigArgs *ca )
+{
+	transformation_info *info = ca->ca_private;
+	datamorph_interval_bound *bound;
+	uint64_t unsigned_bound;
+	int64_t signed_bound;
+	char *ptr = ca->value_bv.bv_val + ca->value_bv.bv_len;
+	int flag;
+
+	if ( !info ) {
+		slap_overinst *on = (slap_overinst *)ca->bi;
+		datamorph_info *ov = on->on_bi.bi_private;
+		info = ov->wip_transformation;
+		assert( ca->op == SLAP_CONFIG_ADD );
+	}
+
+	switch ( ca->type ) {
+		case DATAMORPH_INT_LOWER:
+			bound = &info->ti_int.lower;
+			flag = DATAMORPH_FLAG_LOWER;
+			break;
+		case DATAMORPH_INT_UPPER:
+			bound = &info->ti_int.upper;
+			flag = DATAMORPH_FLAG_UPPER;
+			break;
+		default:
+			assert(0);
+	}
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		char buf[24];
+		struct berval bv = { .bv_val = buf };
+
+		if ( !(info->ti_int.flags & flag) ) {
+			/* Bound not set, do not emit */
+			return LDAP_SUCCESS;
+		}
+		if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+			bv.bv_len = sprintf( buf, "%" PRId64, bound->i );
+		} else {
+			bv.bv_len = sprintf( buf, "%" PRIu64, bound->u );
+		}
+		ber_dupbv_x( &ca->value_bv, &bv, ca->ca_op->o_tmpmemctx );
+
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		info->ti_int.flags &= ~flag;
+		if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+			bound->i = (flag == DATAMORPH_FLAG_LOWER) ? INT64_MIN : INT64_MAX;
+		} else {
+			bound->u = (flag == DATAMORPH_FLAG_LOWER) ? 0 : UINT64_MAX;
+		}
+		return LDAP_SUCCESS;
+	}
+
+	/* FIXME: if attributes in the Add operation come in the wrong order
+	 * (signed=true after the bound definition), we can't check the interval
+	 * sanity. */
+	/*
+	if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+		signed_bound = strtoll( ca->value_bv.bv_val, &ptr, 10 );
+	} else {
+		unsigned_bound = strtoull( ca->value_bv.bv_val, &ptr, 10 );
+	}
+	*/
+	/* Also, no idea what happens in the case of big-endian, hopefully,
+	 * it behaves the same */
+	unsigned_bound = strtoull( ca->value_bv.bv_val, &ptr, 10 );
+	signed_bound = (int64_t)unsigned_bound;
+
+	if ( *ca->value_bv.bv_val == '\0' || *ptr != '\0' ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+				"failed to parse '%s' as integer",
+				ca->value_bv.bv_val );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+	ch_free( ca->value_bv.bv_val );
+
+	info->ti_int.flags |= flag;
+	switch ( info->ti_int.size ) {
+		case 1:
+			if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				/* See FIXME above
+				if ( signed_bound < INT8_MIN || signed_bound > INT8_MAX ) {
+					goto fail;
+				}
+				*/
+			} else {
+				/* See FIXME above
+				if ( unsigned_bound > UINT8_MAX ) {
+					goto fail;
+				}
+				*/
+			}
+			break;
+		case 2:
+			if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				/* See FIXME above
+				if ( signed_bound < INT16_MIN || signed_bound > INT16_MAX ) {
+					goto fail;
+				}
+				*/
+			} else {
+				/* See FIXME above
+				if ( unsigned_bound > UINT16_MAX ) {
+					goto fail;
+				}
+				*/
+			}
+			break;
+		case 4:
+			if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+				/* See FIXME above
+				if ( signed_bound < INT32_MIN || signed_bound > INT32_MAX ) {
+					goto fail;
+				}
+				*/
+			} else {
+				/* See FIXME above
+				if ( unsigned_bound > UINT32_MAX ) {
+					goto fail;
+				}
+				*/
+			}
+			break;
+		case 8:
+			break;
+		default:
+			/* Should only happen in these two cases:
+			 * 1. datamorph_size not yet encountered for this one (when
+			 *    processing slapd.conf)
+			 * 2. When someone runs a fun modification on the config entry
+			 *    messing with more attributes at once
+			 *
+			 * The error message is expected to be helpful only for the former,
+			 * so use the slapd.conf name.
+			 */
+			snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+					"datamorph_size has to be set first!" );
+			Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+			ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+			return ca->reply.err;
+	}
+	if ( info->ti_int.flags & DATAMORPH_FLAG_SIGNED ) {
+		bound->i = signed_bound;
+	} else {
+		bound->u = unsigned_bound;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_set_value( ConfigArgs *ca )
+{
+	datamorph_enum_mapping *mapping = ca->ca_private;
+	char *s = ca->value_bv.bv_val;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		/* We generate the value as part of the RDN, don't add anything */
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		ch_free( mapping->wire_value.bv_val );
+		BER_BVZERO( &mapping->wire_value );
+		/* TODO: remove from info->ti_enum.to_db? */
+		return LDAP_SUCCESS;
+	}
+
+	/* As long as this attribute can be in the RDN,
+	 * we have to expect the '{n}' prefix */
+	if ( *s == '{' ) {
+		ber_len_t len;
+		s = memchr( s, '}', ca->value_bv.bv_len );
+		if ( !s ) {
+			ca->reply.err = LDAP_UNDEFINED_TYPE;
+			return ca->reply.err;
+		}
+		s += 1;
+
+		len = ca->value_bv.bv_len - ( s - ca->value_bv.bv_val );
+		ber_str2bv( s, len, 1, &mapping->wire_value );
+		ch_free( ca->value_bv.bv_val );
+	} else {
+		mapping->wire_value = ca->value_bv;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_set_index( ConfigArgs *ca )
+{
+	datamorph_enum_mapping *mapping = ca->ca_private;
+	struct berval *from_db = mapping->transformation->ti_enum.from_db;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_int = mapping->db_value;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		BER_BVZERO( &from_db[mapping->db_value] );
+		return LDAP_SUCCESS;
+	}
+
+	if ( ca->value_int < 0 || ca->value_int >= 256 ) {
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	} else if ( !BER_BVISNULL( &from_db[ca->value_int] ) ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg), "duplicate index %d",
+				ca->value_int );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+	mapping->db_value = ca->value_int;
+	from_db[ca->value_int] = mapping->wire_value;
+
+	return LDAP_SUCCESS;
+}
+
+/* Called when processing slapd.conf only,
+ * cn=config uses the objectclass to decide which type we're dealing with.
+ */
+static int
+datamorph_add_transformation( ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	datamorph_info *ov = on->on_bi.bi_private;
+	transformation_info *info;
+
+	if ( ov->wip_transformation ) {
+		/* We checked everything as were processing the lines */
+		int rc = ldap_avl_insert( &ov->transformations, ov->wip_transformation,
+				transformation_info_cmp, ldap_avl_dup_error );
+		assert( rc == LDAP_SUCCESS );
+	}
+
+	info = ch_calloc( 1, sizeof(transformation_info) );
+	ov->wip_transformation = ca->ca_private = info;
+
+	if ( !strcasecmp( ca->argv[1], "enum" ) ) {
+		info->type = DATAMORPH_ENUM;
+	} else if ( !strcasecmp( ca->argv[1], "int" ) ) {
+		info->type = DATAMORPH_INT;
+	} else {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+				"unknown transformation type '%s'", ca->argv[1] );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+
+	ca->value_string = strdup( ca->argv[2] );
+
+	return datamorph_set_attribute( ca );
+}
+
+static int
+datamorph_add_mapping( ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	datamorph_info *ov = on->on_bi.bi_private;
+	transformation_info *info = ov->wip_transformation;
+	datamorph_enum_mapping *mapping;
+	int rc = LDAP_CONSTRAINT_VIOLATION;
+
+	if ( !info ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg), "no attribute configured" );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		goto done;
+	}
+
+	mapping = ch_calloc( 1, sizeof(datamorph_enum_mapping) );
+	mapping->transformation = info;
+	ca->ca_private = mapping;
+
+	ber_str2bv( ca->argv[2], 0, 1, &ca->value_bv );
+	rc = datamorph_set_value( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	rc = lutil_atoix( &ca->value_int, ca->argv[1], 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		snprintf( ca->cr_msg, sizeof(ca->cr_msg), "invalid integer %s",
+				ca->argv[1] );
+		Debug( LDAP_DEBUG_ANY, "%s: %s\n", ca->log, ca->cr_msg );
+		goto done;
+	}
+
+	rc = datamorph_set_index( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+done:
+	if ( rc == LDAP_SUCCESS ) {
+		rc = ldap_avl_insert( &info->ti_enum.to_db, mapping,
+				transformation_mapping_cmp, ldap_avl_dup_error );
+	}
+	if ( rc ) {
+		ca->reply.err = rc;
+	}
+
+	return rc;
+}
+
+static int
+datamorph_ldadd_info_cleanup( ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	datamorph_info *ov = on->on_bi.bi_private;
+	transformation_info *info = ca->ca_private;
+
+	if ( ca->reply.err != LDAP_SUCCESS ) {
+		/* Not reached since cleanup is only called on success */
+fail:
+		ch_free( info );
+		return LDAP_SUCCESS;
+	}
+
+	if ( ldap_avl_insert( &ov->transformations, info, transformation_info_cmp,
+			ldap_avl_dup_error ) ) {
+		goto fail;
+	}
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_ldadd_transformation(
+		CfEntryInfo *cei,
+		Entry *e,
+		ConfigArgs *ca,
+		datamorph_type type )
+{
+	transformation_info *info;
+
+	if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
+			cei->ce_bi->bi_cf_ocs != datamorph_ocs )
+		return LDAP_CONSTRAINT_VIOLATION;
+
+	info = ch_calloc( 1, sizeof(transformation_info) );
+	info->type = type;
+
+	ca->bi = cei->ce_bi;
+	ca->ca_private = info;
+	config_push_cleanup( ca, datamorph_ldadd_info_cleanup );
+	/* config_push_cleanup is only run in the case of online config but we use it to
+	 * enable the new config when done with the entry */
+	ca->lineno = 0;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_ldadd_enum( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	return datamorph_ldadd_transformation( cei, e, ca, DATAMORPH_ENUM );
+}
+
+static int
+datamorph_ldadd_interval( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	return datamorph_ldadd_transformation( cei, e, ca, DATAMORPH_INT );
+}
+
+static int
+datamorph_ldadd_mapping_cleanup( ConfigArgs *ca )
+{
+	datamorph_enum_mapping *mapping = ca->ca_private;
+	transformation_info *info = mapping->transformation;
+
+	if ( ca->reply.err != LDAP_SUCCESS ) {
+		/* Not reached since cleanup is only called on success */
+fail:
+		datamorph_mapping_free( mapping );
+		return LDAP_SUCCESS;
+	}
+
+	if ( ldap_avl_insert( &info->ti_enum.to_db, mapping, transformation_mapping_cmp,
+			ldap_avl_dup_error ) ) {
+		goto fail;
+	}
+	info->ti_enum.from_db[mapping->db_value] = mapping->wire_value;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_ldadd_mapping( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	transformation_info *info;
+	datamorph_enum_mapping *mapping;
+	CfEntryInfo *parent = cei->ce_parent;
+
+	if ( cei->ce_type != Cft_Misc || !parent || !parent->ce_bi ||
+			parent->ce_bi->bi_cf_ocs != datamorph_ocs )
+		return LDAP_CONSTRAINT_VIOLATION;
+
+	info = cei->ce_private;
+
+	mapping = ch_calloc( 1, sizeof(datamorph_enum_mapping) );
+	mapping->transformation = info;
+
+	ca->ca_private = mapping;
+	config_push_cleanup( ca, datamorph_ldadd_mapping_cleanup );
+	/* config_push_cleanup is only run in the case of online config but we use it to
+	 * enable the new config when done with the entry */
+	ca->lineno = 0;
+
+	return LDAP_SUCCESS;
+}
+
+struct datamorph_cfadd_args {
+	Operation *op;
+	SlapReply *rs;
+	Entry *p;
+	ConfigArgs *ca;
+	int index;
+};
+
+static int
+datamorph_config_build_enum( void *item, void *arg )
+{
+	datamorph_enum_mapping *mapping = item;
+	struct datamorph_cfadd_args *args = arg;
+	struct berval rdn;
+	Entry *e;
+	char *p;
+	ber_len_t index;
+
+	rdn.bv_len = snprintf( args->ca->cr_msg, sizeof(args->ca->cr_msg),
+			"olcDatamorphValue={%d}", args->index++ );
+	rdn.bv_val = args->ca->cr_msg;
+	p = rdn.bv_val + rdn.bv_len;
+
+	rdn.bv_len += mapping->wire_value.bv_len;
+	for ( index = 0; index < mapping->wire_value.bv_len; index++ ) {
+		if ( RDN_NEEDSESCAPE(mapping->wire_value.bv_val[index]) ) {
+			rdn.bv_len++;
+			*p++ = '\\';
+		}
+		*p++ = mapping->wire_value.bv_val[index];
+	}
+	*p = '\0';
+
+	args->ca->ca_private = mapping;
+	args->ca->ca_op = args->op;
+	e = config_build_entry( args->op, args->rs, args->p->e_private, args->ca,
+			&rdn, &datamorph_ocs[4], NULL );
+	assert( e );
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_config_build_attr( void *item, void *arg )
+{
+	transformation_info *info = item;
+	struct datamorph_cfadd_args *args = arg;
+	struct berval rdn;
+	ConfigOCs *oc;
+	Entry *e;
+
+	rdn.bv_len = snprintf( args->ca->cr_msg, sizeof(args->ca->cr_msg),
+			"olcDatamorphAttribute={%d}%s", args->index++,
+			info->attr->ad_cname.bv_val );
+	rdn.bv_val = args->ca->cr_msg;
+
+	switch ( info->type ) {
+		case DATAMORPH_ENUM:
+			oc = &datamorph_ocs[2];
+			break;
+		case DATAMORPH_INT:
+			oc = &datamorph_ocs[3];
+			break;
+		default:
+			assert(0);
+			break;
+	}
+
+	args->ca->ca_private = info;
+	args->ca->ca_op = args->op;
+	e = config_build_entry(
+			args->op, args->rs, args->p->e_private, args->ca, &rdn, oc, NULL );
+	assert( e );
+
+	if ( info->type == DATAMORPH_ENUM ) {
+		struct datamorph_cfadd_args new_args = *args;
+		new_args.p = e;
+		new_args.index = 0;
+
+		return ldap_avl_apply( info->ti_enum.to_db, datamorph_config_build_enum,
+				&new_args, 1, AVL_PREORDER );
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	datamorph_info *ov = on->on_bi.bi_private;
+	struct datamorph_cfadd_args args = {
+			.op = op,
+			.rs = rs,
+			.p = p,
+			.ca = ca,
+			.index = 0,
+	};
+
+	if ( ov->wip_transformation ) {
+		/* There is one last item that is unfinished */
+		int rc = ldap_avl_insert( &ov->transformations, ov->wip_transformation,
+				transformation_info_cmp, ldap_avl_dup_error );
+		assert( rc == LDAP_SUCCESS );
+	}
+
+	return ldap_avl_apply( ov->transformations, &datamorph_config_build_attr, &args,
+			1, AVL_PREORDER );
+}
+
+static slap_overinst datamorph;
+
+static int
+datamorph_db_init( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	datamorph_info *ov;
+
+	/* TODO: can this be global? */
+	if ( SLAP_ISGLOBALOVERLAY(be) ) {
+		Debug( LDAP_DEBUG_ANY, "datamorph overlay must be instantiated "
+				"within a database.\n" );
+		return 1;
+	}
+
+	ov = ch_calloc( 1, sizeof(datamorph_info) );
+	on->on_bi.bi_private = ov;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+datamorph_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	datamorph_info *ov = on->on_bi.bi_private;
+
+	if ( ov ) {
+		ldap_avl_free( ov->transformations, datamorph_info_free );
+	}
+	ch_free( ov );
+
+	return LDAP_SUCCESS;
+}
+
+int
+datamorph_initialize()
+{
+	int rc, i;
+
+	datamorph.on_bi.bi_type = "datamorph";
+	datamorph.on_bi.bi_db_init = datamorph_db_init;
+	datamorph.on_bi.bi_db_destroy = datamorph_db_destroy;
+
+	datamorph.on_bi.bi_op_add = datamorph_op_add;
+	datamorph.on_bi.bi_op_compare = datamorph_op_compare;
+	datamorph.on_bi.bi_op_modify = datamorph_op_mod;
+	datamorph.on_bi.bi_op_modrdn = datamorph_op_modrdn;
+	datamorph.on_bi.bi_op_search = datamorph_op_search;
+	datamorph.on_response = datamorph_response;
+
+	datamorph.on_bi.bi_entry_release_rw = datamorph_entry_release_rw;
+	datamorph.on_bi.bi_entry_get_rw = datamorph_entry_get_rw;
+
+	datamorph.on_bi.bi_cf_ocs = datamorph_ocs;
+
+	for ( i = 0; datamorph_syntax_defs[i].sd_desc != NULL; i++ ) {
+		rc = register_syntax( &datamorph_syntax_defs[i] );
+
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY, "datamorph_initialize: "
+					"error registering syntax %s\n",
+					datamorph_syntax_defs[i].sd_desc );
+			return rc;
+		}
+	}
+
+	datamorph_base_syntax = syn_find( DATAMORPH_SYNTAX_BASE );
+	assert( datamorph_base_syntax );
+
+	for ( i = 0; datamorph_mrule_defs[i].mrd_desc != NULL; i++ ) {
+		rc = register_matching_rule( &datamorph_mrule_defs[i] );
+
+		if ( rc ) {
+			Debug( LDAP_DEBUG_ANY, "datamorph_initialize: "
+					"error registering matching rule %s\n",
+					datamorph_mrule_defs[i].mrd_desc );
+			return rc;
+		}
+	}
+
+	rc = config_register_schema( datamorph_cfg, datamorph_ocs );
+	if ( rc ) return rc;
+
+	return overlay_register( &datamorph );
+}
+
+#if SLAPD_OVER_DATAMORPH == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return datamorph_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_DATAMORPH */
diff --git a/contrib/slapd-modules/datamorph/slapo-datamorph.5 b/contrib/slapd-modules/datamorph/slapo-datamorph.5
new file mode 100644
index 0000000..0ce0c6a
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/slapo-datamorph.5
@@ -0,0 +1,338 @@
+.TH SLAPO-DATAMORPH 5 "RELEASEDATE" "OpenLDAP"
+.\" Copyright 2016-2017 Symas Corp. All Rights Reserved.
+.\" Copying restrictions apply.  See LICENSE.
+.SH NAME
+slapo\-datamorph \- store enumerated values and fixed size integers
+.SH SYNOPSIS
+olcOverlay=datamorph
+.SH DESCRIPTION
+The
+.B datamorph
+overlay to
+.BR slapd (8)
+allows attributes with a few pre-defined values to be saved more
+space-efficiently as well as signed or unsigned integer attributes.
+
+.LP
+The overlay operates on configured attributes that must have their syntax
+compatible with
+.BR 1.3.6.1.4.1.4203.666.11.12.1.1 ,
+there are three such syntaxes defined by the overlay:
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value),
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer).
+.LP
+
+While transforming the request, if a value for an attribute is not permitted by the configuration, the behaviour depends on the operation:
+
+.RS
+.TP
+.B Search
+The affected value assertions in a
+.B Search
+request filter are replaced by a filter returning
+.B Undefined .
+.TP
+.B Compare
+Request returns
+.B Compare
+.BR False .
+.TP
+.B Add, Modify
+Requests are rejected with a
+.B Constraint
+.BR Violation .
+.RE
+
+The supported allowed matching rules for the attribute types above are:
+
+.RS
+.TP
+.B EQUALITY fixedSizeIntegerMatch
+Appropriate for syntaxes
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer).
+.TP
+.B EQUALITY fixedSizeSignedIntegerMatch
+Appropriate for syntax
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer) only.
+.TP
+.B ORDERING fixedSizeIntegerOrderingMatch
+Appropriate for syntaxes
+.B 1.3.6.1.4.1.4203.666.11.12.1.2
+(Enumerated value), and
+.B 1.3.6.1.4.1.4203.666.11.12.1.3
+(Fixed-size integer). Enumerated value attributes are compared according to
+their stored database value.
+.TP
+.B ORDERING fixedSizeSignedIntegerOrderingMatch
+Appropriate for syntax
+.B 1.3.6.1.4.1.4203.666.11.12.1.4
+(Fixed-size signed integer) only.
+
+
+.SH CONFIGURATION LAYOUT
+
+The overlay has to be instantiated under a database adding an entry of
+.B olcOverlay=datamorph
+with objectClass of
+.BR olcDatamorphConfig.
+
+The overlay configuration subtree consists of the following levels:
+.RS
+.TP
+.B objectClass=olcDatamorphConfig
+Main overlay configuration. Created directly under the database
+configuration entry.
+.TP
+.B objectClass=olcDatamorphInteger
+Specifies a
+.B fixed-size integer
+attribute and must be a child of an entry with
+.BR objectClass=olcDatamorphConfig .
+There may be as many such entries as necessary provided they all specify a
+different attribute in the
+.B olcDatamorphAttribute
+attribute.
+.TP
+.B objectClass=olcDatamorphEnum
+Specifies an
+.B enumerated
+attribute and must be a child of an entry with
+.BR objectClass=olcDatamorphConfig .
+There may be as many such entries as necessary provided they all specify a
+different attribute in the
+.B olcDatamorphAttribute
+attribute.
+.TP
+.B objectClass=olcDatamorphEnumValue
+Specifies a permitted value for the enumerated attribute and its database
+representation. Must be a child of an entry with
+.BR objectClass=olcDatamorphEnum .
+There may be as many such entries as necessary provided they all specify a
+different value and index in the corresponding fields.
+.RE
+
+In the case of
+.BR slapd.conf (5),
+the attribute definition is delimited by the keyword
+.B datamorph
+to define an integer or enumerated attribute followed by an arbitrary number of
+.B datamorph_value
+lines in the case of an enumerated one. Each new
+.B datamorph
+line starts configuring a new attribute.
+
+.SH ENUMERATED ATTRIBUTE CONFIGURATION ENTRY
+
+The enumerated attribute entry configuration
+.RB ( olcDatamorphEnum )
+only has the following option available:
+
+.RS
+.TP
+.B olcDatamorphAttribute: <attribute>
+Mandatory attribute, indicates that the named attribute is to be handled by the
+overlay. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph "int"
+.BR <attribute> .
+.RE
+
+The children of this entry then define how the string values map to the
+database values. They use the objectclass
+.BR olcDatamorphEnumValue ,
+which asks for the following attributes:
+
+.RS
+.TP
+.B olcDatamorphValue: <value>
+A permitted value for the attribute being configured.
+.TP
+.B olcDatamorphIndex: <0-255>
+The corresponding database value.
+.RE
+
+The
+.BR slapd.conf (5)
+equivalent of the above two is
+.B datamorph_value <0-255> <value>
+.RB .
+
+.SH FIXED-WIDTH INTEGER CONFIGURATION ENTRY
+
+The fixed-width integer configuration entry
+.RB ( olcDatamorphInteger )
+has the following options available:
+
+.RS
+.TP
+.B olcDatamorphAttribute: <attribute>
+Mandatory attribute, indicates that the named attribute is to be handled by the
+overlay. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph "int"
+.BR <attribute> .
+.TP
+.B olcDatamorphIntegerBytes: <1|2|4|8>
+Size of the integer as stored in the backend. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph_size
+.BR <1|2|4|8> .
+.TP
+.B olcDatamorphIntegerSigned: <TRUE|FALSE>
+Whether the integer is to be treated as signed. Note that the overlay will not
+enforce consistency between this option and the attribute's syntax. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph_signed
+.BR <TRUE|FALSE> .
+.TP
+.B olcDatamorphIntegerLowerBound: <number>
+The lowest value that the configured attribute will be allowed to have. This
+affects all operations where values are mentioned. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph_lower_bound
+.BR <number> .
+.TP
+.B olcDatamorphIntegerUpperBound: <number>
+The highest value that the configured attribute will be allowed to have. This
+affects all operations where values are mentioned. The
+.BR slapd.conf (5)
+equivalent is
+.B datamorph_upper_bound
+.BR <number> .
+.RE
+
+.SH EXAMPLE
+
+The following is an example of a configured overlay, substitute
+.B $DATABASE
+for the DN of the database it is attached to and
+.B {x}
+with the desired position of the overlay in the overlay stack.
+
+.nf
+dn: olcOverlay={x}datamorph,$DATABASE
+objectClass: olcDatamorphConfig
+olcOverlay: datamorph
+
+# to handle attribute 'enumeratedAttribute'
+dn: olcDatamorphAttribute=enumeratedAttribute,olcOverlay={x}datamorph,$DATABASE
+objectClass: olcDatamorphEnum
+
+# value 'value1' corresponds to 'AQ==' (0x01)
+dn: olcDatamorphValue=value1,olcDatamorphAttribute={0}enumeratedAttribute,olcOv
+ erlay={x}datamorph,$DATABASE
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 1
+
+# value 'value11' corresponds to 'Cw==' (0x0B)
+dn: olcDatamorphValue=value11,olcDatamorphAttribute={0}enumeratedAttribute,olcO
+ verlay={x}datamorph,$DATABASE
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 11
+
+# handle attribute 'signedInteger' as a 2-byte signed integer with values
+# between -20000 and 30000 (inclusive on both sides)
+dn: olcDatamorphAttribute=signedInteger,olcOverlay={x}datamorph,$DATABASE
+objectclass: olcDatamorphInteger
+olcDatamorphIntegerBytes: 2
+olcDatamorphIntegerSigned: TRUE
+olcDatamorphIntegerLowerBound: -20000
+olcDatamorphIntegerUpperBound: 30000
+
+# handle attribute 'shortInteger' as a 1-byte unsigned integer with only values
+# 0 and 1 allowed (effectively a true/false)
+dn: olcDatamorphAttribute=shortInteger,olcOverlay={x}datamorph,$DATABASE
+objectclass: olcDatamorphInteger
+olcDatamorphIntegerBytes: 1
+olcDatamorphIntegerUpperBound: 1
+olcDatamorphIntegerSigned: FALSE
+.fi
+
+The
+.BR slapd.conf (5)
+equivalent of the above follows:
+
+.nf
+overlay datamorph
+
+datamorph enum enumeratedAttribute
+datamorph_value 1 value1
+datamorph_value 11 value11
+
+datamorph int signedInteger
+datamorph_size 2
+datamorph_signed TRUE
+datamorph_lower_bound -20000
+datamorph_upper_bound 30000
+
+datamorph int shortInteger
+datamorph_size 1
+datamorph_signed no
+datamorph_upper_bound 1
+.fi
+
+.SH REPLICATION
+
+Given that there are syntaxes and matching rules provided by the overlay, it
+should be configured on each replica to guarantee consistency.
+
+.SH BUGS AND LIMITATIONS
+Due to the fact that overlays are not active in the
+.BR slapcat (8)
+nor
+.BR slapadd (8)
+processes, backups of the database will be made exactly as stored. This means
+that backups made using
+.BR ldapsearch (1)
+cannot be used by
+.BR slapadd (8)
+nor can backups made using
+.BR slapcat (8)
+be loaded using
+.BR ldapadd (8).
+
+Value based ACLs that involve values of the transformed attributes are not
+supported.
+
+The overlay will refuse operations that add or rename entries with any of the
+configured attributes in their RDN.
+
+No controls are explicitly handled in the overlay, attaching any controls that
+reference configured attributes might lead to unexpected behaviour and is
+therefore discouraged.
+
+Increment modification of the configured attributes is not supported either.
+
+If a transformation is configured to be signed yet the attribute's schema uses the
+unsigned syntax and matching rules, inequality matching will not work as
+intended and will treat negative numbers as higher than positive numbers.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR slapd-config (5),
+.BR slapd.conf (5),
+.BR slapd.overlays (5),
+.BR slapd (8),
+.BR slapcat (8),
+.BR slapadd (8)
+.SH ACKNOWLEDGEMENTS
+This module was developed in 2016 by Ondřej Kuzník for Symas Corp.
diff --git a/contrib/slapd-modules/datamorph/tests/Rules.mk b/contrib/slapd-modules/datamorph/tests/Rules.mk
new file mode 100644
index 0000000..c25c1d2
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/Rules.mk
@@ -0,0 +1,23 @@
+sp := $(sp).x
+dirstack_$(sp) := $(d)
+d := $(dir)
+
+.PHONY: test
+
+CLEAN += clients servers tests/progs tests/schema tests/testdata tests/testrun
+
+test: all clients servers tests/progs
+
+test:
+	cd tests; \
+		SRCDIR=$(abspath $(LDAP_SRC)) \
+		LDAP_BUILD=$(abspath $(LDAP_BUILD)) \
+		TOPDIR=$(abspath $(SRCDIR)) \
+		LIBTOOL=$(abspath $(LIBTOOL)) \
+			$(abspath $(SRCDIR))/tests/run all
+
+servers clients tests/progs:
+	ln -s $(abspath $(LDAP_BUILD))/$@ $@
+
+d := $(dirstack_$(sp))
+sp := $(basename $(sp))
diff --git a/contrib/slapd-modules/datamorph/tests/data/config.ldif b/contrib/slapd-modules/datamorph/tests/data/config.ldif
new file mode 100644
index 0000000..91f2e60
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/config.ldif
@@ -0,0 +1,108 @@
+dn: cn=datamorph,cn=schema,cn=config
+changetype: add
+objectClass: olcSchemaConfig
+olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.12.123.1
+  NAME 'enumerated'
+  DESC 'Enumerated attribute'
+  EQUALITY fixedSizeIntegerMatch
+  ORDERING fixedSizeIntegerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.2 )
+olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.12.123.2
+  NAME 'number'
+  DESC 'Integer attribute'
+  EQUALITY fixedSizeIntegerMatch
+  ORDERING fixedSizeIntegerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.3 )
+olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.12.123.3
+  NAME 'signed'
+  DESC 'Signed integer attribute'
+  EQUALITY fixedSizeSignedIntegerMatch
+  ORDERING fixedSizeSignedIntegerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.4 )
+olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.12.123.4
+  NAME 'transformedObject'
+  DESC 'Testing objectclass'
+  SUP top AUXILIARY
+  MAY ( enumerated $ number $ signed ) )
+
+dn: olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectclass: olcDatamorphConfig
+
+# a basic enum
+dn: olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnum
+
+dn: olcDatamorphValue=bjensen,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 1
+
+dn: olcDatamorphValue=bjorn,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 11
+
+dn: olcDatamorphValue=dots,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 12
+
+dn: olcDatamorphValue=jaj,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 13
+
+dn: olcDatamorphValue=jjones,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 14
+
+dn: olcDatamorphValue=jdoe,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 10
+
+dn: olcDatamorphValue=jen,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 101
+
+dn: olcDatamorphValue=johnd,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 20
+
+dn: olcDatamorphValue=melliot,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 51
+
+dn: olcDatamorphValue=uham,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 31
+
+dn: olcDatamorphValue=\5Cno \22name\22,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 200
+
+# an interval
+dn: olcDatamorphAttribute=signed,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphInteger
+olcDatamorphIntegerBytes: 2
+olcDatamorphIntegerSigned: TRUE
+olcDatamorphIntegerLowerBound: -20000
+olcDatamorphIntegerUpperBound: 30000
+
+# an number interval (essentially TRUE/FALSE)
+dn: olcDatamorphAttribute=number,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphInteger
+olcDatamorphIntegerBytes: 1
+olcDatamorphIntegerUpperBound: 1
+olcDatamorphIntegerSigned: FALSE
diff --git a/contrib/slapd-modules/datamorph/tests/data/datamorph.conf b/contrib/slapd-modules/datamorph/tests/data/datamorph.conf
new file mode 100644
index 0000000..7cc4899
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/datamorph.conf
@@ -0,0 +1,49 @@
+overlay datamorph
+
+# they depend on the syntaxes defined by the overlay
+attributetype ( 1.3.6.1.4.1.4203.666.11.12.123.1 NAME 'enumerated'
+    DESC 'Enumerated attribute'
+    EQUALITY fixedSizeIntegerMatch
+    ORDERING fixedSizeIntegerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.2 )
+
+attributetype ( 1.3.6.1.4.1.4203.666.11.12.123.2 NAME 'number'
+    DESC 'Integer attribute'
+    EQUALITY fixedSizeIntegerMatch
+    ORDERING fixedSizeIntegerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.3 )
+
+attributetype ( 1.3.6.1.4.1.4203.666.11.12.123.3 NAME 'signed'
+    DESC 'Signed integer attribute'
+    EQUALITY fixedSizeSignedIntegerMatch
+    ORDERING fixedSizeSignedIntegerOrderingMatch
+    SYNTAX 1.3.6.1.4.1.4203.666.11.12.1.4 )
+
+objectclass ( 1.3.6.1.4.1.4203.666.11.12.123.4 NAME 'transformedObject'
+    DESC 'Testing objectclass'
+    SUP top AUXILIARY
+    MAY ( enumerated $ number $ signed ) )
+
+datamorph eNuM enumerated
+datamorph_value 1 bjensen
+datamorph_value 11 bjorn
+datamorph_value 12 dots
+datamorph_value "13" jaj
+datamorph_value 14 jjones
+datamorph_value 10 jdoe
+datamorph_value 101 jen
+datamorph_value 20 johnd
+datamorph_value 51 "melliot"
+datamorph_value 31 uham
+datamorph_value 200 "\\no \"name\""
+
+datamorph int signed
+datamorph_size 2
+datamorph_signed TRUE
+datamorph_lower_bound -20000
+datamorph_upper_bound 30000
+
+datamorph iNT number
+datamorph_size 1
+datamorph_signed no
+datamorph_upper_bound 1
diff --git a/contrib/slapd-modules/datamorph/tests/data/test.ldif b/contrib/slapd-modules/datamorph/tests/data/test.ldif
new file mode 100644
index 0000000..67971f3
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test.ldif
@@ -0,0 +1,434 @@
+#LEAD COMMENT
+dn: dc=example,dc=com
+#EMBEDDED COMMENT
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+signed:: sm4=
+number:: AA==
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
+ mple,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=exampl
+ e,dc=com
+owner: cn=Manager,dc=example,dc=com
+cn: All Staff
+description: Everyone in the sample data
+objectClass: groupofnames
+
+dn: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+member: cn=Manager,dc=example,dc=com
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+member: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All Alumni Assoc Staff
+cn: Alumni Assoc Staff
+objectClass: groupofnames
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+enumerated:: AQ==
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+enumerated:: Cw==
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homePhone: +1 313 555 0454
+enumerated:: DA==
+
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupofuniquenames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,OU=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+enumerated:: DQ==
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+enumerated:: Dg==
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+enumerated:: Cg==
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+enumerated:: ZQ==
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+enumerated:: FA==
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+enumerated:: Mw==
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham@mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+enumerated:: Hw==
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test001-01-same-attr.ldif b/contrib/slapd-modules/datamorph/tests/data/test001-01-same-attr.ldif
new file mode 100644
index 0000000..b9ba88f
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test001-01-same-attr.ldif
@@ -0,0 +1,3 @@
+dn: olcDatamorphAttribute=enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnum
diff --git a/contrib/slapd-modules/datamorph/tests/data/test001-02-same-index.ldif b/contrib/slapd-modules/datamorph/tests/data/test001-02-same-index.ldif
new file mode 100644
index 0000000..1dac5dc
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test001-02-same-index.ldif
@@ -0,0 +1,4 @@
+dn: olcDatamorphValue=nope,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 1
diff --git a/contrib/slapd-modules/datamorph/tests/data/test001-02a-same-index.ldif b/contrib/slapd-modules/datamorph/tests/data/test001-02a-same-index.ldif
new file mode 100644
index 0000000..f31ab0a
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test001-02a-same-index.ldif
@@ -0,0 +1,4 @@
+dn: olcDatamorphValue={0}bjensen,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 11
diff --git a/contrib/slapd-modules/datamorph/tests/data/test001-03-invalid-attr.ldif b/contrib/slapd-modules/datamorph/tests/data/test001-03-invalid-attr.ldif
new file mode 100644
index 0000000..01f21c2
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test001-03-invalid-attr.ldif
@@ -0,0 +1,3 @@
+dn: olcDatamorphAttribute=uid,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnum
diff --git a/contrib/slapd-modules/datamorph/tests/data/test002-config.ldif b/contrib/slapd-modules/datamorph/tests/data/test002-config.ldif
new file mode 100644
index 0000000..2aed906
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test002-config.ldif
@@ -0,0 +1,9 @@
+dn: olcDatamorphValue=gjensen,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcDatamorphEnumValue
+olcDatamorphIndex: 55
+
+dn: olcDatamorphAttribute={1}signed,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+delete: olcDatamorphIntegerUpperBound
+olcDatamorphIntegerUpperBound: 30000
diff --git a/contrib/slapd-modules/datamorph/tests/data/test002-entry.ldif b/contrib/slapd-modules/datamorph/tests/data/test002-entry.ldif
new file mode 100644
index 0000000..0df14c4
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test002-entry.ldif
@@ -0,0 +1,31 @@
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=
+ com
+changetype: add
+objectClass: testPerson
+objectClass: transformedObject
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: Chief Investigator, ITD
+postalAddress: ITD $ 535 W. William St $ Anytown, MI 48103
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Coffee
+homePostalAddress: 844 Brown St. Apt. 4 $ Anytown, MI 48104
+description: Very odd
+facsimileTelephonenumber: +1 313 555 7557
+telephoneNumber: +1 313 555 8343
+mail: gjensen@mailgw.example.com
+homePhone: +1 313 555 8844
+testTime: 20050304001801.234Z
+enumerated: gjensen
+
+dn: ou=New Unit,dc=example,dc=com
+changetype: add
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: New Unit
+uidNumber: 32345
+gidNumber: 1
+signed: 32345
+number: 1
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test002-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test002-fail.ldif
new file mode 100644
index 0000000..f834997
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test002-fail.ldif
@@ -0,0 +1,23 @@
+dn: uid=bjensen+cn=Barbara Jensen+enumerated=bjensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+changetype: add
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test002-transformed-rdn.ldif b/contrib/slapd-modules/datamorph/tests/data/test002-transformed-rdn.ldif
new file mode 100644
index 0000000..cbcb14a
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test002-transformed-rdn.ldif
@@ -0,0 +1,5 @@
+dn: ou=New Unit,dc=www+number=1,dc=example,dc=com
+changetype: add
+objectClass: organizationalUnit
+ou: New Unit
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test003-config.ldif b/contrib/slapd-modules/datamorph/tests/data/test003-config.ldif
new file mode 100644
index 0000000..f74717c
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test003-config.ldif
@@ -0,0 +1,30 @@
+dn: olcDatamorphValue={2}dots,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 110
+
+dn: olcDatamorphValue={3}jaj,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 12
+
+dn: olcDatamorphValue={4}jjones,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 13
+
+dn: olcDatamorphValue={2}dots,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 14
+
+dn: olcDatamorphAttribute={1}signed,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIntegerSigned
+olcDatamorphIntegerSigned: FALSE
+-
+replace: olcDatamorphIntegerUpperBound
+olcDatamorphIntegerUpperBound: 50000
+-
+replace: olcDatamorphIntegerLowerBound
+olcDatamorphIntegerLowerBound: 50
diff --git a/contrib/slapd-modules/datamorph/tests/data/test003-out.ldif b/contrib/slapd-modules/datamorph/tests/data/test003-out.ldif
new file mode 100644
index 0000000..3dbd8bc
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test003-out.ldif
@@ -0,0 +1,125 @@
+# List regular entries
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcobject
+dc: example
+l: Anytown, Michigan
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+
+# List entries with transformed attributes
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+enumerated: johnd
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+enumerated: bjorn
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+enumerated: bjensen
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+enumerated: jjones
+
+
+# Search for transformed attributes listing only those
+dn: ou=People,dc=example,dc=com
+signed: -19858
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+enumerated: bjensen
+
+
+# Search for transformed attributes after reconfiguring mapping
+dn: ou=People,dc=example,dc=com
+signed: 45678
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+enumerated: jaj
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-01-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-01-fail.ldif
new file mode 100644
index 0000000..694aacc
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-01-fail.ldif
@@ -0,0 +1,5 @@
+# invalid enum value
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: enumerated
+enumerated: 2dots
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-02-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-02-fail.ldif
new file mode 100644
index 0000000..1ce687f
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-02-fail.ldif
@@ -0,0 +1,5 @@
+# enums are case sensitive
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: enumerated
+enumerated: Dots
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-03-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-03-fail.ldif
new file mode 100644
index 0000000..54bb9b5
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-03-fail.ldif
@@ -0,0 +1,5 @@
+# value does not exist in entry
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+delete: enumerated
+enumerated: uham
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-03a-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-03a-fail.ldif
new file mode 100644
index 0000000..601d895
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-03a-fail.ldif
@@ -0,0 +1,5 @@
+# value does not exist in entry
+dn: ou=People,dc=example,dc=com
+changetype: modify
+delete: signed
+signed: 2
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-04-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-04-fail.ldif
new file mode 100644
index 0000000..d97effc
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-04-fail.ldif
@@ -0,0 +1,10 @@
+# a value outside the bounds
+dn: ou=People,dc=example,dc=com
+changetype: modify
+replace: signed
+signed: 2
+-
+replace: number
+number: -1
+-
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-04a-fail.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-04a-fail.ldif
new file mode 100644
index 0000000..63b3263
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-04a-fail.ldif
@@ -0,0 +1,6 @@
+# a value outside the bounds
+dn: ou=People,dc=example,dc=com
+changetype: modify
+replace: signed
+signed: 32000
+-
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-changes.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-changes.ldif
new file mode 100644
index 0000000..17a72da
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-changes.ldif
@@ -0,0 +1,30 @@
+dn: ou=People,dc=example,dc=com
+changetype: modify
+replace: signed
+signed: -1
+-
+replace: number
+number: 1
+-
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: enumerated
+enumerated: jaj
+-
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+add: enumerated
+enumerated: bjorn
+enumerated: uham
+-
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+delete: enumerated
+enumerated: johnd
+-
+add: enumerated
+enumerated: melliot
+-
diff --git a/contrib/slapd-modules/datamorph/tests/data/test005-out.ldif b/contrib/slapd-modules/datamorph/tests/data/test005-out.ldif
new file mode 100644
index 0000000..4c8c360
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test005-out.ldif
@@ -0,0 +1,212 @@
+# Test1: list entries that should have been changed by ldapmodify
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+signed: -1
+number: 1
+
+dn: cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Barbara Jensen
+cn: Babs Jensen
+sn:: IEplbnNlbiA=
+uid: bjensen
+title: Mythical Manager, Research Systems
+postalAddress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Anyt
+ own, MI 48103-4943
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: YmplbnNlbg==
+mail: bjensen@mailgw.example.com
+homePostalAddress: 123 Wesley $ Anytown, MI 48103
+description: Mythical manager of the rsdd unix project
+drink: water
+homePhone: +1 313 555 2333
+pager: +1 313 555 3233
+facsimileTelephoneNumber: +1 313 555 2274
+telephoneNumber: +1 313 555 9022
+enumerated: bjensen
+enumerated: bjorn
+enumerated: uham
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+enumerated: bjorn
+
+dn: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Dorothy Stevens
+cn: Dot Stevens
+sn: Stevens
+uid: dots
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Lemonade
+homePostalAddress: 377 White St. Apt. 3 $ Anytown, MI 48104
+description: Very tall
+facsimileTelephoneNumber: +1 313 555 3223
+telephoneNumber: +1 313 555 3664
+mail: dots@mail.alumni.example.com
+homePhone: +1 313 555 0454
+enumerated: jaj
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: James A Jones 1
+cn: James Jones
+cn: Jim Jones
+sn: Jones
+uid: jaj
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: amFq
+homePostalAddress: 3882 Beverly Rd. $ Anytown, MI 48105
+homePhone: +1 313 555 4772
+description: Outstanding
+title: Mad Cow Researcher, UM Alumni Association
+pager: +1 313 555 3923
+mail: jaj@mail.alumni.example.com
+facsimileTelephoneNumber: +1 313 555 4332
+telephoneNumber: +1 313 555 0895
+enumerated: jaj
+
+dn: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=example
+ ,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: James A Jones 2
+cn: James Jones
+cn: Jim Jones
+sn: Doe
+uid: jjones
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 933 Brooks $ Anytown, MI 48104
+homePhone: +1 313 555 8838
+title: Senior Manager, Information Technology Division
+description: Not around very much
+mail: jjones@mailgw.example.com
+postalAddress: Info Tech Division $ 535 W William $ Anytown, MI 48103
+pager: +1 313 555 2833
+facsimileTelephoneNumber: +1 313 555 8688
+telephoneNumber: +1 313 555 7334
+enumerated: jjones
+
+dn: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Jane Doe
+cn: Jane Alverson
+sn: Doe
+uid: jdoe
+title: Programmer Analyst, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+drink: diet coke
+description: Enthusiastic
+mail: jdoe@woof.net
+homePhone: +1 313 555 5445
+pager: +1 313 555 1220
+facsimileTelephoneNumber: +1 313 555 2311
+telephoneNumber: +1 313 555 4774
+enumerated: jdoe
+
+dn: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Jennifer Smith
+cn: Jen Smith
+sn: Smith
+uid: jen
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Sam Adams
+homePostalAddress: 1000 Maple #44 $ Anytown, MI 48103
+title: Telemarketer, UM Alumni Association
+mail: jen@mail.alumni.example.com
+homePhone: +1 313 555 2333
+pager: +1 313 555 6442
+facsimileTelephoneNumber: +1 313 555 2756
+telephoneNumber: +1 313 555 8232
+enumerated: jen
+
+dn: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: John Doe
+cn: Jonathon Doe
+sn: Doe
+uid: johnd
+postalAddress: ITD $ 535 W. William $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 912 East Bllvd $ Anytown, MI 48104
+title: System Administrator, Information Technology Division
+description: overworked!
+mail: johnd@mailgw.example.com
+homePhone: +1 313 555 3774
+pager: +1 313 555 6573
+facsimileTelephoneNumber: +1 313 555 4544
+telephoneNumber: +1 313 555 9394
+enumerated: melliot
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+enumerated: melliot
+
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+objectClass: transformedObject
+cn: Ursula Hampster
+sn: Hampster
+uid: uham
+title: Secretary, UM Alumni Association
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 123 Anystreet $ Anytown, MI 48104
+mail: uham@mail.alumni.example.com
+homePhone: +1 313 555 8421
+pager: +1 313 555 2844
+facsimileTelephoneNumber: +1 313 555 9700
+telephoneNumber: +1 313 555 5331
+enumerated: uham
+
diff --git a/contrib/slapd-modules/datamorph/tests/data/test007-config.ldif b/contrib/slapd-modules/datamorph/tests/data/test007-config.ldif
new file mode 100644
index 0000000..3820831
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/data/test007-config.ldif
@@ -0,0 +1,30 @@
+dn: olcDatamorphValue={2}dots,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 110
+
+dn: olcDatamorphValue={4}jjones,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 14
+
+dn: olcDatamorphValue={3}jaj,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 13
+
+dn: olcDatamorphValue={2}dots,olcDatamorphAttribute={0}enumerated,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIndex
+olcDatamorphIndex: 12
+
+dn: olcDatamorphAttribute={1}signed,olcOverlay={0}datamorph,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcDatamorphIntegerSigned
+olcDatamorphIntegerSigned: TRUE
+-
+replace: olcDatamorphIntegerLowerBound
+olcDatamorphIntegerLowerBound: -20000
+-
+replace: olcDatamorphIntegerUpperBound
+olcDatamorphIntegerUpperBound: 30000
diff --git a/contrib/slapd-modules/datamorph/tests/run b/contrib/slapd-modules/datamorph/tests/run
new file mode 100755
index 0000000..6a38431
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/run
@@ -0,0 +1,229 @@
+#!/bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+USAGE="$0 [-b <backend>] [-c] [-k] [-l #] [-p] [-s {ro|rp}] [-u] [-w] <script>"
+
+TOPSRCDIR="${SRCDIR-$LDAP_SRC}"
+SRCDIR="${TOPSRCDIR}/tests"
+eval `grep EGREP_CMD= ${LDAP_BUILD}/tests/run`
+eval `$EGREP_CMD -e '^LN_S=' ${LDAP_BUILD}/tests/run`
+
+export SRCDIR TOPSRCDIR LN_S EGREP_CMD
+
+. "${SRCDIR}/scripts/defines.sh"
+
+BACKEND=
+CLEAN=no
+WAIT=0
+KILLSERVERS=yes
+PRESERVE=${PRESERVE-no}
+SYNCMODE=${SYNCMODE-rp}
+USERDATA=no
+LOOP=1
+COUNTER=1
+
+while test $# -gt 0 ; do
+	case "$1" in
+		-b | -backend)
+			BACKEND="$2"
+			shift; shift ;;
+
+		-c | -clean)
+			CLEAN=yes
+			shift ;;
+
+		-k | -kill)
+			KILLSERVERS=no
+			shift ;;
+		-l | -loop)
+			NUM="`echo $2 | sed 's/[0-9]//g'`"
+			if [ -z "$NUM" ]; then
+				LOOP=$2
+			else
+				echo "Loop variable not an int: $2"
+				echo "$USAGE"; exit 1
+			fi
+			shift ;
+			shift ;;
+
+		-p | -preserve)
+			PRESERVE=yes
+			shift ;;
+
+		-s | -syncmode)
+			case "$2" in
+				ro | rp)
+					SYNCMODE="$2"
+					;;
+				*)
+					echo "unknown sync mode $2"
+					echo "$USAGE"; exit 1
+					;;
+			esac
+			shift; shift ;;
+
+		-u | -userdata)
+			USERDATA=yes
+			shift ;;
+
+		-w | -wait)
+			WAIT=1
+			shift ;;
+
+		-)
+			shift
+			break ;;
+
+		-*)
+			echo "$USAGE"; exit 1
+			;;
+
+		*)
+			break ;;
+	esac
+done
+
+eval `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run`
+export `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run | sed 's/=.*//'`
+
+if test -z "$BACKEND" ; then
+	for b in mdb ; do
+		if eval "test \"\$AC_$b\" != no" ; then
+			BACKEND=$b
+			break
+		fi
+	done
+	if test -z "$BACKEND" ; then
+		echo "No suitable default database backend configured" >&2
+		exit 1
+	fi
+fi
+
+BACKENDTYPE=`eval 'echo $AC_'$BACKEND`
+if test "x$BACKENDTYPE" = "x" ; then
+	BACKENDTYPE="unknown"
+fi
+
+# Backend features.  indexdb: indexing and unchecked limit.
+# maindb: main storage backend.  Currently index,limits,mode,paged results.
+INDEXDB=noindexdb MAINDB=nomaindb
+case $BACKEND in
+	mdb) INDEXDB=indexdb MAINDB=maindb ;;
+	ndb) INDEXDB=indexdb ;;
+esac
+
+export	BACKEND BACKENDTYPE INDEXDB MAINDB \
+	WAIT KILLSERVERS PRESERVE SYNCMODE USERDATA \
+	SRCDIR
+
+if test $# = 0 ; then
+	echo "$USAGE"; exit 1
+fi
+
+# need defines.sh for the definitions of the directories
+. $SRCDIR/scripts/defines.sh
+
+SCRIPTDIR="${TOPDIR}/tests/scripts"
+
+export SCRIPTDIR
+
+SCRIPTNAME="$1"
+shift
+
+if test -x "${SCRIPTDIR}/${SCRIPTNAME}" ; then
+	SCRIPT="${SCRIPTDIR}/${SCRIPTNAME}"
+elif test -x "`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"
+elif test -x "`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"
+else
+	echo "run: ${SCRIPTNAME} not found (or not executable)"
+	exit 1;
+fi
+
+if test ! -r ${DATADIR}/test.ldif ; then
+	${LN_S} ${SRCDIR}/data ${DATADIR}
+fi
+if test ! -r ${SCHEMADIR}/core.schema ; then
+	${LN_S} ${TOPSRCDIR}/servers/slapd/schema ${SCHEMADIR}
+fi
+if test ! -r ./data; then
+	${LN_S} ${TOPDIR}/tests/data ./
+fi
+
+if test -d ${TESTDIR} ; then
+	if test $PRESERVE = no ; then
+		echo "Cleaning up test run directory leftover from previous run."
+		/bin/rm -rf ${TESTDIR}
+	elif test $PRESERVE = yes ; then
+		echo "Cleaning up only database directories leftover from previous run."
+		/bin/rm -rf ${TESTDIR}/db.*
+	fi
+fi
+if test $BACKEND = ndb ; then
+	mysql --user root <<EOF
+	drop database if exists db_1;
+	drop database if exists db_2;
+	drop database if exists db_3;
+	drop database if exists db_4;
+	drop database if exists db_5;
+	drop database if exists db_6;
+EOF
+fi
+mkdir -p ${TESTDIR}
+
+if test $USERDATA = yes ; then
+	if test ! -d userdata ; then
+		echo "User data directory (userdata) does not exist."
+		exit 1
+	fi
+	cp -R userdata/* ${TESTDIR}
+fi
+
+# disable LDAP initialization
+LDAPNOINIT=true; export LDAPNOINIT
+
+echo "Running ${SCRIPT} for ${BACKEND}..."
+while [ $COUNTER -le $LOOP ]; do
+	if [ $LOOP -gt 1 ]; then
+		echo "Running $COUNTER of $LOOP iterations"
+	fi
+	$SCRIPT $*
+	RC=$?
+
+	if test $CLEAN = yes ; then
+		echo "Cleaning up test run directory from this run."
+		/bin/rm -rf ${TESTDIR}
+		echo "Cleaning up symlinks."
+		/bin/rm -f ${DATADIR} ${SCHEMADIR}
+	fi
+
+	if [ $RC -ne 0 ]; then
+		if [ $LOOP -gt 1 ]; then
+			echo "Failed after $COUNTER of $LOOP iterations"
+		fi
+		exit $RC
+	else
+		COUNTER=`expr $COUNTER + 1`
+		if [ $COUNTER -le $LOOP ]; then
+			echo "Cleaning up test run directory from this run."
+			/bin/rm -rf ${TESTDIR}
+		fi
+	fi
+done
+exit $RC
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/all b/contrib/slapd-modules/datamorph/tests/scripts/all
new file mode 100755
index 0000000..d6d6dc7
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/all
@@ -0,0 +1,102 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+. $SRCDIR/scripts/defines.sh
+
+TB="" TN=""
+if test -t 1 ; then
+	TB=`$SHTOOL echo -e "%B" 2>/dev/null`
+	TN=`$SHTOOL echo -e "%b" 2>/dev/null`
+fi
+
+FAILCOUNT=0
+SKIPCOUNT=0
+SLEEPTIME=10
+
+echo ">>>>> Executing all LDAP tests for $BACKEND"
+
+if [ -n "$NOEXIT" ]; then
+	echo "Result	Test" > $TESTWD/results
+fi
+
+for CMD in ${SCRIPTDIR}/test*; do
+	case "$CMD" in
+		*~)		continue;;
+		*.bak)	continue;;
+		*.orig)	continue;;
+		*.sav)	continue;;
+		*)		test -f "$CMD" || continue;;
+	esac
+
+	# remove cruft from prior test
+	if test $PRESERVE = yes ; then
+		/bin/rm -rf $TESTDIR/db.*
+	else
+		/bin/rm -rf $TESTDIR
+	fi
+	if test $BACKEND = ndb ; then
+		mysql --user root <<EOF
+		drop database if exists db_1;
+		drop database if exists db_2;
+		drop database if exists db_3;
+		drop database if exists db_4;
+		drop database if exists db_5;
+		drop database if exists db_6;
+EOF
+	fi
+
+	BCMD=`basename $CMD`
+	if [ -x "$CMD" ]; then
+		echo ">>>>> Starting ${TB}$BCMD${TN} for $BACKEND..."
+		$CMD
+		RC=$?
+		if test $RC -eq 0 ; then
+			echo ">>>>> $BCMD completed ${TB}OK${TN} for $BACKEND."
+		else
+			echo ">>>>> $BCMD ${TB}failed${TN} for $BACKEND"
+			FAILCOUNT=`expr $FAILCOUNT + 1`
+
+			if [ -n "$NOEXIT" ]; then
+				echo "Continuing."
+			else
+				echo "(exit $RC)"
+				exit $RC
+			fi
+		fi
+	else
+		echo ">>>>> Skipping ${TB}$BCMD${TN} for $BACKEND."
+		SKIPCOUNT=`expr $SKIPCOUNT + 1`
+		RC="-"
+	fi
+
+	if [ -n "$NOEXIT" ]; then
+		echo "$RC	$BCMD" >> $TESTWD/results
+	fi
+
+#	echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+#	sleep $SLEEPTIME
+	echo ""
+done
+
+if [ -n "$NOEXIT" ]; then
+	if [ "$FAILCOUNT" -gt 0 ]; then
+		cat $TESTWD/results
+		echo "$FAILCOUNT tests for $BACKEND ${TB}failed${TN}. Please review the test log."
+	else
+		echo "All executed tests for $BACKEND ${TB}succeeded${TN}."
+	fi
+fi
+
+echo "$SKIPCOUNT tests for $BACKEND were ${TB}skipped${TN}."
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/common.sh b/contrib/slapd-modules/datamorph/tests/scripts/common.sh
new file mode 100755
index 0000000..a468732
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/common.sh
@@ -0,0 +1,152 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+OVERLAY_CONFIG=${OVERLAY_CONFIG-data/config.ldif}
+
+mkdir -p $TESTDIR $DBDIR1
+
+mkdir $TESTDIR/confdir
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "database config" >>$CONF1
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1
+
+echo "Starting slapd on TCP/IP port $PORT1 for configuration..."
+$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
+	-s base -b 'cn=module{0},cn=config' 1.1 >$TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: `pwd`/../datamorph.la
+EOMOD
+	;;
+32)
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: `pwd`/../datamorph.la
+EOMOD
+	;;
+*)
+	echo "Failed testing for module load entry"
+	exit $RC;
+	;;
+esac
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Loading test datamorph configuration..."
+. $CONFFILTER $BACKEND $MONITORDB < $OVERLAY_CONFIG | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+if test $INDEXDB = indexdb ; then
+	echo "Configure indexing for transformed attributes..."
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+		>> $TESTOUT 2>&1 <<EOMOD
+dn: olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+add: olcDbIndex
+olcDbIndex: enumerated pres,eq
+olcDbIndex: number pres,eq
+olcDbIndex: signed pres,eq
+EOMOD
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+else
+	echo "Skipping indexing setup for this database"
+fi
+
+echo "Stopping slapd on TCP/IP port $PORT1..."
+kill -HUP $KILLPIDS
+KILLPIDS=""
+sleep $SLEEP0
+
+echo "Running slapadd to build slapd database..."
+$SLAPADD -F $TESTDIR/confdir -l data/test.ldif
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test001-config b/contrib/slapd-modules/datamorph/tests/scripts/test001-config
new file mode 100755
index 0000000..c4bfdf0
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test001-config
@@ -0,0 +1,248 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Applying invalid changes to config (should fail)..."
+for CHANGE in data/test001-*.ldif; do
+	echo "... $CHANGE"
+	. $CONFFILTER $BACKEND $MONITORDB < $CHANGE | \
+	$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \
+		>> $TESTOUT 2>&1
+	RC=$?
+	case $RC in
+	0)
+		echo "ldapmodify should have failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+		;;
+	80)
+		echo "ldapmodify failed ($RC)"
+		;;
+	*)
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+		;;
+	esac
+done
+
+# We run this search after the changes above and before restart so we can also
+# check the reconfiguration attempts actually had no side effects
+echo "Saving search output before server restart..."
+echo "# search output from dynamically configured server..." >> $SERVER6OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	>> $SERVER6OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Stopping slapd on TCP/IP port $PORT1..."
+kill -HUP $KILLPIDS
+KILLPIDS=""
+sleep $SLEEP0
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Testing slapd.conf support..."
+mkdir $TESTDIR/conftest $DBDIR2
+. $CONFFILTER $BACKEND $MONITORDB < $CONFTWO \
+	| sed -e '/^argsfile.*/a\
+moduleload ../datamorph.la' \
+		-e '/database.*monitor/i\
+include data/datamorph.conf' \
+	> $CONF2
+echo "database config" >>$CONF2
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF2
+
+$SLAPADD -f $CONF2 -l data/test.ldif
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+$SLAPD -f $CONF2 -h $URI2 -d $LVL >> $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "# search output from server running from slapd.conf..." >> $SERVER2OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI2 \
+	>> $SERVER2OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Stopping slapd on TCP/IP port $PORT2..."
+kill -HUP $PID
+
+$SLAPD -Tt -f $CONF2 -F $TESTDIR/conftest -d $LVL >> $LOG3 2>&1
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+$SLAPD -F $TESTDIR/conftest -h $URI2 -d $LVL >> $LOG3 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Gathering overlay configuration from both servers..."
+echo "# overlay configuration from dynamically configured server..." >> $SERVER1OUT
+$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
+	-b "olcOverlay={0}datamorph,olcDatabase={1}$BACKEND,cn=config" \
+	| sed -e "s/ {[0-9]*}/ /" -e "s/={[0-9]*}/=/g" \
+	>> $SERVER1OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "# overlay configuration from server configured from slapd.conf..." >> $SERVER3OUT
+$LDAPSEARCH -D cn=config -H $URI2 -y $CONFIGPWF \
+	-b "olcOverlay={0}datamorph,olcDatabase={1}$BACKEND,cn=config" \
+	| sed -e "s/ {[0-9]*}/ /" -e "s/={[0-9]*}/=/g" \
+	>> $SERVER3OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# We've already filtered out the ordering markers, now sort the entries
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SERVER3OUT > $SERVER3FLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $SERVER1OUT > $SERVER1FLT
+echo "Comparing filter output..."
+$CMP $SERVER3FLT $SERVER1FLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+rm $SERVER1OUT $SERVER3OUT
+
+echo "Comparing search output on both servers..."
+echo "# search output from dynamically configured server..." >> $SERVER1OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	>> $SERVER1OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "# search output from server configured from slapd.conf..." >> $SERVER3OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI2 \
+	>> $SERVER3OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SERVER1OUT > $SERVER1FLT
+$LDIFFILTER -s e < $SERVER2OUT > $SERVER2FLT
+$LDIFFILTER -s e < $SERVER3OUT > $SERVER3FLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $SERVER6OUT > $SERVER6FLT
+echo "Comparing filter output..."
+$CMP $SERVER6FLT $SERVER1FLT > $CMPOUT && \
+$CMP $SERVER6FLT $SERVER2FLT > $CMPOUT && \
+$CMP $SERVER6FLT $SERVER3FLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test002-add-delete b/contrib/slapd-modules/datamorph/tests/scripts/test002-add-delete
new file mode 100755
index 0000000..f947d09
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test002-add-delete
@@ -0,0 +1,147 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Adding entries (should fail this time)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-c -f data/test002-entry.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+19)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Adding other entries (should fail)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-fail.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+19)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-transformed-rdn.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+32)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Configuring new value..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test002-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Adding some of the entries again..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-entry.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Saving search output..."
+$LDAPSEARCH -H $URI1 -b "$BASEDN" \
+	"(|(cn=Gern Jensen)(ou=New Unit))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Removing entry..."
+$LDAPDELETE -D $MANAGERDN -H $URI1 -w $PASSWD \
+	"cn=Gern Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	"ou=New Unit,$BASEDN" \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapdelete failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test002-entry.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s ae < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s ae < $LDIF | grep -v '^changetype:' > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test003-search b/contrib/slapd-modules/datamorph/tests/scripts/test003-search
new file mode 100755
index 0000000..9afe677
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test003-search
@@ -0,0 +1,106 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Testing searches against regular entries..."
+echo "# Testing searches against regular entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 "(|(ou=Groups)(st=*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "ou=Information Technology Division,ou=People,$BASEDN" -s one \
+	-H $URI1 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	"(|(enumerated=bjensen)(&(signed=-19858)(signed<=0)(signed>=-20000)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Reconfiguring transformation definition..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test003-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on the new values..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on the new values..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	"(|(enumerated=not a value)(enumerated=jaj)(&(signed=45678)(!(signed>=50000))(signed>=44444)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test004-compare b/contrib/slapd-modules/datamorph/tests/scripts/test004-compare
new file mode 100755
index 0000000..d4b535b
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test004-compare
@@ -0,0 +1,62 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Comparing a regular entry..."
+$LDAPCOMPARE -H $URI1 \
+	"cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" \
+	"cn:Mark Elliot" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Comparing a transformed enum entry..."
+$LDAPCOMPARE -H $URI1 \
+	"cn=Jane Doe,ou=Alumni Association,ou=People,$BASEDN" \
+	"enumerated:jdoe" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Comparing a transformed interval entry..."
+$LDAPCOMPARE -H $URI1 "ou=People,$BASEDN" \
+	"signed:-19858" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test005-modify b/contrib/slapd-modules/datamorph/tests/scripts/test005-modify
new file mode 100755
index 0000000..94cf1c0
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test005-modify
@@ -0,0 +1,89 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Modifying entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-changes.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Applying invalid changes (should fail)..."
+for CHANGE in data/test005-*fail.ldif; do
+	echo "... $CHANGE"
+	$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+		-f $CHANGE >> $TESTOUT 2>&1
+	RC=$?
+	case $RC in
+	0)
+		echo "ldapmodify should have failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+		;;
+	16|19)
+		echo "ldapmodify failed ($RC)"
+		;;
+	*)
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+		;;
+	esac
+done
+
+echo "Reading affected entries back..."
+echo "# Reading affected entries back..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	'(|(objectClass=OpenLDAPperson)(ou=people))' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test005-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test006-modrdn b/contrib/slapd-modules/datamorph/tests/scripts/test006-modrdn
new file mode 100755
index 0000000..56e2f2a
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test006-modrdn
@@ -0,0 +1,52 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Renaming an entry to add new value (should fail)..."
+$LDAPMODRDN -D $MANAGERDN -H $URI1 -w $PASSWD \
+	"cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" \
+	"cn=Mark Elliot+enumerated=melliot" \
+	>> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodrdn should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+19)
+	echo "ldapmodrdn failed ($RC)"
+	;;
+*)
+	echo "ldapmodrdn failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test007-transformed-replication b/contrib/slapd-modules/datamorph/tests/scripts/test007-transformed-replication
new file mode 100755
index 0000000..5b2ea4d
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test007-transformed-replication
@@ -0,0 +1,296 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$SYNCPROV" = syncprovno; then
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi
+
+. ${SCRIPTDIR}/common.sh
+
+if test "$SYNCPROV" = syncprovmod; then
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: $LDAP_BUILD/servers/slapd/overlays/syncprov.la
+EOMOD
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+fi
+
+mkdir $DBDIR4 $TESTDIR/confdir-consumer
+
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4
+
+echo "database config" >>$CONF4
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF4
+
+$SLAPD -f $CONF4 -F $TESTDIR/confdir-consumer -h $URI4 -d $LVL > $LOG4 2>&1 &
+CONSUMERPID=$!
+if test $WAIT != 0 ; then
+	echo CONSUMERPID $CONSUMERPID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $CONSUMERPID"
+
+sleep $SLEEP0
+
+echo "Setting up overlay on consumer..."
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: `pwd`/../datamorph.la
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Configuring syncprov on provider..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
+changetype: add
+objectclass: olcSyncProvConfig
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $OVERLAY_CONFIG | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$BASEDN" -H $URI4 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for consumer to start replication..."
+	sleep ${SLEEP1}
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Testing searches against regular replicated entries..."
+echo "# Testing searches against regular replicated entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 "(|(ou=Groups)(st=*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing replicated transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing replicated transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "ou=Information Technology Division,ou=People,$BASEDN" \
+	-s one -H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on replicated transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on replicated transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(enumerated=bjensen)(&(signed=-19858)(signed<=0)(signed>=-20000)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Reconfiguring transformation definition..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test003-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < data/test003-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on the new replicated values..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on the new replicated values..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(enumerated=not a value)(enumerated=jaj)(&(signed=45678)(!(signed>=50000))(signed>=44444)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+rm $SEARCHOUT
+
+echo "Reverting part of the above configuration for remainder of the test..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test007-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < data/test007-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Modifying entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-changes.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Applying invalid changes (should fail)..."
+for CHANGE in data/test005-*fail.ldif; do
+	echo "... $CHANGE"
+	$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+		-f $CHANGE >> $TESTOUT 2>&1
+	RC=$?
+	case $RC in
+	0)
+		echo "ldapmodify should have failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+		;;
+	16|19)
+		echo "ldapmodify failed ($RC)"
+		;;
+	*)
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+		;;
+	esac
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Reading affected entries back..."
+echo "# Reading affected entries back..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	'(|(objectClass=OpenLDAPperson)(ou=people))' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test005-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/datamorph/tests/scripts/test008-ignored-replication b/contrib/slapd-modules/datamorph/tests/scripts/test008-ignored-replication
new file mode 100755
index 0000000..a1fcb71
--- /dev/null
+++ b/contrib/slapd-modules/datamorph/tests/scripts/test008-ignored-replication
@@ -0,0 +1,299 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$SYNCPROV" = syncprovno; then
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi
+
+. ${SCRIPTDIR}/common.sh
+
+if test "$SYNCPROV" = syncprovmod; then
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: $LDAP_BUILD/servers/slapd/overlays/syncprov.la
+EOMOD
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+fi
+
+mkdir $DBDIR4 $TESTDIR/confdir-consumer
+
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4
+
+echo "database config" >>$CONF4
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF4
+
+$SLAPD -f $CONF4 -F $TESTDIR/confdir-consumer -h $URI4 -d $LVL > $LOG4 2>&1 &
+CONSUMERPID=$!
+if test $WAIT != 0 ; then
+	echo CONSUMERPID $CONSUMERPID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $CONSUMERPID"
+
+sleep $SLEEP0
+
+echo "Setting up overlay on consumer..."
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: `pwd`/../datamorph.la
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Configuring syncprov on provider..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: olcOverlay={0}syncprov,olcDatabase={1}$BACKEND,cn=config
+changetype: add
+objectclass: olcSyncProvConfig
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $OVERLAY_CONFIG | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$BASEDN" -H $URI4 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for consumer to start replication..."
+	sleep ${SLEEP1}
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Testing searches against regular replicated entries..."
+echo "# Testing searches against regular replicated entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 "(|(ou=Groups)(st=*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing replicated transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing replicated transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "ou=Information Technology Division,ou=People,$BASEDN" -s one \
+	-H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on replicated transformed attributes..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on replicated transformed attributes..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(enumerated=bjensen)(&(signed=-19858)(signed<=0)(signed>=-20000)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Reconfiguring transformation definition..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test003-config.ldif | \
+sed 's/{0}datamorph/{1}datamorph/' | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < data/test003-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on the new replicated values..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on the new replicated values..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(enumerated=not a value)(enumerated=jaj)(&(signed=45678)(!(signed>=50000))(signed>=44444)))" \
+	enumerated signed \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+rm $SEARCHOUT
+
+echo "Reverting part of the above configuration for remainder of the test..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test007-config.ldif | \
+sed 's/{0}datamorph/{1}datamorph/' | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < data/test007-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Modifying entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-changes.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Applying invalid changes (should fail)..."
+for CHANGE in data/test005-*fail.ldif; do
+	echo "... $CHANGE"
+	$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+		-f $CHANGE >> $TESTOUT 2>&1
+	RC=$?
+	case $RC in
+	0)
+		echo "ldapmodify should have failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+		;;
+	16|19)
+		echo "ldapmodify failed ($RC)"
+		;;
+	*)
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+		;;
+	esac
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Reading affected entries back..."
+echo "# Reading affected entries back..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	'(|(objectClass=OpenLDAPperson)(ou=people))' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test005-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/denyop/Makefile b/contrib/slapd-modules/denyop/Makefile
new file mode 100644
index 0000000..2cea18b
--- /dev/null
+++ b/contrib/slapd-modules/denyop/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_DENYOP=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = denyop.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+denyop.la: denyop.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/denyop/denyop.c b/contrib/slapd-modules/denyop/denyop.c
new file mode 100644
index 0000000..dd3e13c
--- /dev/null
+++ b/contrib/slapd-modules/denyop/denyop.c
@@ -0,0 +1,260 @@
+/* denyop.c - Denies operations */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_DENYOP
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+
+/* This overlay provides a quick'n'easy way to deny selected operations
+ * for a database whose backend implements the operations.  It is intended
+ * to be less expensive than ACLs because its evaluation occurs before
+ * any backend specific operation is actually even initiated.
+ */
+
+enum {
+	denyop_add = 0,
+	denyop_bind,
+	denyop_compare,
+	denyop_delete,
+	denyop_extended,
+	denyop_modify,
+	denyop_modrdn,
+	denyop_search,
+	denyop_unbind
+} denyop_e;
+
+typedef struct denyop_info {
+	int do_op[denyop_unbind + 1];
+} denyop_info;
+
+static int
+denyop_func( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
+	denyop_info		*oi = (denyop_info *)on->on_bi.bi_private;
+	int			deny = 0;
+
+	switch( op->o_tag ) {
+	case LDAP_REQ_BIND:
+		deny = oi->do_op[denyop_bind];
+		break;
+
+	case LDAP_REQ_ADD:
+		deny = oi->do_op[denyop_add];
+		break;
+
+	case LDAP_REQ_DELETE:
+		deny = oi->do_op[denyop_delete];
+		break;
+
+	case LDAP_REQ_MODRDN:
+		deny = oi->do_op[denyop_modrdn];
+		break;
+
+	case LDAP_REQ_MODIFY:
+		deny = oi->do_op[denyop_modify];
+		break;
+
+	case LDAP_REQ_COMPARE:
+		deny = oi->do_op[denyop_compare];
+		break;
+
+	case LDAP_REQ_SEARCH:
+		deny = oi->do_op[denyop_search];
+		break;
+
+	case LDAP_REQ_EXTENDED:
+		deny = oi->do_op[denyop_extended];
+		break;
+
+	case LDAP_REQ_UNBIND:
+		deny = oi->do_op[denyop_unbind];
+		break;
+	}
+
+	if ( !deny ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+	send_ldap_error( op, rs, LDAP_UNWILLING_TO_PERFORM,
+			"operation not allowed within namingContext" );
+
+	return 0;
+}
+
+static int
+denyop_over_init(
+	BackendDB *be, ConfigReply *cr
+)
+{
+	slap_overinst		*on = (slap_overinst *) be->bd_info;
+	denyop_info		*oi;
+
+	oi = (denyop_info *)ch_malloc(sizeof(denyop_info));
+	memset(oi, 0, sizeof(denyop_info));
+	on->on_bi.bi_private = oi;
+
+	return 0;
+}
+
+static int
+denyop_config(
+    BackendDB	*be,
+    const char	*fname,
+    int		lineno,
+    int		argc,
+    char	**argv
+)
+{
+	slap_overinst		*on = (slap_overinst *) be->bd_info;
+	denyop_info		*oi = (denyop_info *)on->on_bi.bi_private;
+
+	if ( strcasecmp( argv[0], "denyop" ) == 0 ) {
+		char *op;
+
+		if ( argc != 2 ) {
+			Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+				"operation list missing in "
+				"\"denyop <op-list>\" line.\n",
+				fname, lineno );
+			return( 1 );
+		}
+
+		/* The on->on_bi.bi_private pointer can be used for
+		 * anything this instance of the overlay needs.
+		 */
+
+		op = argv[1];
+		do {
+			char	*next = strchr( op, ',' );
+
+			if ( next ) {
+				next[0] = '\0';
+				next++;
+			}
+
+			if ( strcmp( op, "add" ) == 0 ) {
+				oi->do_op[denyop_add] = 1;
+
+			} else if ( strcmp( op, "bind" ) == 0 ) {
+				oi->do_op[denyop_bind] = 1;
+
+			} else if ( strcmp( op, "compare" ) == 0 ) {
+				oi->do_op[denyop_compare] = 1;
+
+			} else if ( strcmp( op, "delete" ) == 0 ) {
+				oi->do_op[denyop_delete] = 1;
+
+			} else if ( strcmp( op, "extended" ) == 0 ) {
+				oi->do_op[denyop_extended] = 1;
+
+			} else if ( strcmp( op, "modify" ) == 0 ) {
+				oi->do_op[denyop_modify] = 1;
+
+			} else if ( strcmp( op, "modrdn" ) == 0 ) {
+				oi->do_op[denyop_modrdn] = 1;
+
+			} else if ( strcmp( op, "search" ) == 0 ) {
+				oi->do_op[denyop_search] = 1;
+
+			} else if ( strcmp( op, "unbind" ) == 0 ) {
+				oi->do_op[denyop_unbind] = 1;
+
+			} else {
+				Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+					"unknown operation \"%s\" at "
+					"\"denyop <op-list>\" line.\n",
+					fname, lineno, op );
+				return( 1 );
+			}
+
+			op = next;
+		} while ( op );
+
+	} else {
+		return SLAP_CONF_UNKNOWN;
+	}
+	return 0;
+}
+
+static int
+denyop_destroy(
+	BackendDB *be, ConfigReply *cr
+)
+{
+	slap_overinst	*on = (slap_overinst *) be->bd_info;
+	denyop_info	*oi = (denyop_info *)on->on_bi.bi_private;
+
+	if ( oi ) {
+		ch_free( oi );
+	}
+
+	return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst denyop;
+
+int
+denyop_initialize( void )
+{
+	memset( &denyop, 0, sizeof( slap_overinst ) );
+	denyop.on_bi.bi_type = "denyop";
+	denyop.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	denyop.on_bi.bi_db_init = denyop_over_init;
+	denyop.on_bi.bi_db_config = denyop_config;
+	denyop.on_bi.bi_db_destroy = denyop_destroy;
+
+	denyop.on_bi.bi_op_bind = denyop_func;
+	denyop.on_bi.bi_op_search = denyop_func;
+	denyop.on_bi.bi_op_compare = denyop_func;
+	denyop.on_bi.bi_op_modify = denyop_func;
+	denyop.on_bi.bi_op_modrdn = denyop_func;
+	denyop.on_bi.bi_op_add = denyop_func;
+	denyop.on_bi.bi_op_delete = denyop_func;
+	denyop.on_bi.bi_extended = denyop_func;
+	denyop.on_bi.bi_op_unbind = denyop_func;
+
+	denyop.on_response = NULL /* denyop_response */ ;
+
+	return overlay_register( &denyop );
+}
+
+#if SLAPD_OVER_DENYOP == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return denyop_initialize();
+}
+#endif /* SLAPD_OVER_DENYOP == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_DENYOP) */
diff --git a/contrib/slapd-modules/dsaschema/Makefile b/contrib/slapd-modules/dsaschema/Makefile
new file mode 100644
index 0000000..3a88fc0
--- /dev/null
+++ b/contrib/slapd-modules/dsaschema/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = dsaschema.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+dsaschema.la: dsaschema.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/dsaschema/README b/contrib/slapd-modules/dsaschema/README
new file mode 100644
index 0000000..fdf932e
--- /dev/null
+++ b/contrib/slapd-modules/dsaschema/README
@@ -0,0 +1,23 @@
+Copyright 2004-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+This directory contains a native slapd plugin, dsaschema, that permits the
+loading of DSA-specific schema from configuration files (including operational
+attributes).
+
+To use the plugin, add:
+
+moduleload dsaschema.so
+	/etc/openldap/schema/foo1.schema
+	...etc...
+	/etc/openldap/schema/fooN.schema
+
+to your slapd configuration file.
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -o dsaschema.so dsaschema.c
+
diff --git a/contrib/slapd-modules/dsaschema/dsaschema.c b/contrib/slapd-modules/dsaschema/dsaschema.c
new file mode 100644
index 0000000..31defae
--- /dev/null
+++ b/contrib/slapd-modules/dsaschema/dsaschema.c
@@ -0,0 +1,369 @@
+/* dsaschema.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include <ac/signal.h>
+#include <ac/errno.h>
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/time.h>
+#include <ac/unistd.h>
+
+#include <stdio.h>
+
+/*
+ * Schema reader that allows us to define DSA schema (including
+ * operational attributes and non-user object classes)
+ *
+ * A kludge, at best, and in order to avoid including slapd
+ * headers we use fprintf() rather than slapd's native logging,
+ * which may confuse users...
+ *
+ */
+
+#include <ldap.h>
+#include <ldap_schema.h>
+
+#include <slap.h>
+#include <slap-config.h>
+
+#define ARGS_STEP 512
+
+static char *fp_getline(FILE *fp, int *lineno);
+static void fp_getline_init(int *lineno);
+static int fp_parse_line(int lineno, char *line);
+static char *strtok_quote( char *line, char *sep );
+
+static char **cargv = NULL;
+static int cargv_size = 0;
+static int cargc = 0;
+static char *strtok_quote_ptr;
+
+int init_module(int argc, char *argv[]);
+
+static int dsaschema_parse_cr(const char *fname, int lineno, char *line, char **argv)
+{
+	struct config_args_s c = { .line = line };
+
+	if ( parse_cr( &c, NULL ) ) {
+		Debug( LDAP_DEBUG_ANY, "dsaschema_parse_cr: "
+				"ditcontentrule definition invalid at %s:%d\n",
+				fname, lineno );
+		return 1;
+	}
+
+	return 0;
+}
+
+static int dsaschema_read_config(const char *fname, int depth)
+{
+	FILE *fp;
+	char *line, *savefname, *saveline = NULL;
+	int savelineno, lineno;
+	int rc;
+
+	if (depth == 0) {
+		cargv = ch_calloc(ARGS_STEP + 1, sizeof(*cargv));
+		cargv_size = ARGS_STEP + 1;
+	}
+
+	fp = fopen(fname, "r");
+	if (fp == NULL) {
+		char ebuf[128];
+		int saved_errno = errno;
+		fprintf(stderr, "could not open config file \"%s\": %s (%d)\n",
+			fname, AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)), saved_errno);
+		return 1;
+	}
+	fp_getline_init(&lineno);
+
+	while ((line = fp_getline(fp, &lineno)) != NULL) {
+		/* skip comments and blank lines */
+		if (line[0] == '#' || line[0] == '\0') {
+			continue;
+		}
+
+		saveline = ch_strdup(line);
+
+		if (fp_parse_line(lineno, line) != 0) {
+			rc = 1;
+			break;
+		}
+
+		if (cargc < 1) {
+			continue;
+		}
+
+		if (strcasecmp(cargv[0], "attributetype") == 0 ||
+		    strcasecmp(cargv[0], "attribute") == 0) {
+			if (cargc < 2) {
+				fprintf(stderr, "%s: line %d: illegal attribute type format\n",
+					fname, lineno);
+				rc = 1;
+				break;
+			} else if (*cargv[1] == '(' /*')'*/) {
+				char *p;
+	
+				p = strchr(saveline, '(' /*')'*/);
+				rc = register_at(p, NULL, 0);
+				if (rc != 0) {
+					Debug( LDAP_DEBUG_ANY, "dsaschema_read_config: "
+							"attribute definition invalid at %s:%d\n",
+							fname, lineno );
+					break;
+				}
+			} else {
+				fprintf(stderr, "%s: line %d: old attribute type format not supported\n",
+					fname, lineno);
+			}
+		} else if (strcasecmp(cargv[0], "ditcontentrule") == 0) {
+			char *p;
+			p = strchr(saveline, '(' /*')'*/);
+			rc = dsaschema_parse_cr(fname, lineno, p, cargv);
+			if (rc != 0)
+				break;
+		} else if (strcasecmp(cargv[0], "objectclass") == 0) {
+			if (cargc < 2) {
+				fprintf(stderr, "%s: line %d: illegal objectclass format\n",
+					fname, lineno);
+				rc = 1;
+				break;
+			} else if (*cargv[1] == '(' /*')'*/) {
+				char *p;
+
+				p = strchr(saveline, '(' /*')'*/);
+				rc = register_oc(p, NULL, 0);
+				if (rc != 0) {
+					Debug( LDAP_DEBUG_ANY, "dsaschema_read_config: "
+							"objectclass definition invalid at %s:%d\n",
+							fname, lineno );
+					break;
+				}
+			} else {
+				fprintf(stderr, "%s: line %d: object class format not supported\n",
+					fname, lineno);
+			}
+		} else if (strcasecmp(cargv[0], "include") == 0) {
+			if (cargc < 2) {
+				fprintf(stderr, "%s: line %d: missing file name in \"include <filename>\" line",
+					fname, lineno);
+				rc = 1;
+				break;
+			}
+			savelineno = lineno;
+			savefname = ch_strdup(cargv[1]);
+
+			rc = dsaschema_read_config(savefname, depth + 1);
+			ch_free(savefname);
+			lineno = savelineno - 1;
+			if (rc != 0) {
+				break;
+			}
+		} else {
+			fprintf(stderr, "%s: line %d: unknown directive \"%s\" (ignored)\n",
+				fname, lineno, cargv[0]);
+		}
+
+		ch_free(saveline);
+		saveline = NULL;
+	}
+
+	fclose(fp);
+
+	if (depth == 0)
+		ch_free(cargv);
+
+	if (saveline != NULL)
+		ch_free(saveline);
+
+	return rc;
+}
+
+int init_module(int argc, char *argv[])
+{
+	int i;
+	int rc;
+
+	for (i = 0; i < argc; i++) {
+		rc = dsaschema_read_config(argv[i], 0);
+		if (rc != 0) {
+			break;
+		}
+	}
+
+	return rc;
+}
+
+
+static int
+fp_parse_line(
+    int		lineno,
+    char	*line
+)
+{
+	char *	token;
+
+	cargc = 0;
+	token = strtok_quote( line, " \t" );
+
+	if ( strtok_quote_ptr ) {
+		*strtok_quote_ptr = ' ';
+	}
+
+	if ( strtok_quote_ptr ) {
+		*strtok_quote_ptr = '\0';
+	}
+
+	for ( ; token != NULL; token = strtok_quote( NULL, " \t" ) ) {
+		if ( cargc == cargv_size - 1 ) {
+			char **tmp;
+			tmp = ch_realloc( cargv, (cargv_size + ARGS_STEP) *
+					    sizeof(*cargv) );
+			cargv = tmp;
+			cargv_size += ARGS_STEP;
+		}
+		cargv[cargc++] = token;
+	}
+	cargv[cargc] = NULL;
+	return 0;
+}
+
+static char *
+strtok_quote( char *line, char *sep )
+{
+	int		inquote;
+	char		*tmp;
+	static char	*next;
+
+	strtok_quote_ptr = NULL;
+	if ( line != NULL ) {
+		next = line;
+	}
+	while ( *next && strchr( sep, *next ) ) {
+		next++;
+	}
+
+	if ( *next == '\0' ) {
+		next = NULL;
+		return( NULL );
+	}
+	tmp = next;
+
+	for ( inquote = 0; *next; ) {
+		switch ( *next ) {
+		case '"':
+			if ( inquote ) {
+				inquote = 0;
+			} else {
+				inquote = 1;
+			}
+			AC_MEMCPY( next, next + 1, strlen( next + 1 ) + 1 );
+			break;
+
+		case '\\':
+			if ( next[1] )
+				AC_MEMCPY( next,
+					    next + 1, strlen( next + 1 ) + 1 );
+			next++;		/* dont parse the escaped character */
+			break;
+
+		default:
+			if ( ! inquote ) {
+				if ( strchr( sep, *next ) != NULL ) {
+					strtok_quote_ptr = next;
+					*next++ = '\0';
+					return( tmp );
+				}
+			}
+			next++;
+			break;
+		}
+	}
+
+	return( tmp );
+}
+
+static char	buf[BUFSIZ];
+static char	*line;
+static size_t lmax, lcur;
+
+#define CATLINE( buf ) \
+	do { \
+		size_t len = strlen( buf ); \
+		while ( lcur + len + 1 > lmax ) { \
+			lmax += BUFSIZ; \
+			line = (char *) ch_realloc( line, lmax ); \
+		} \
+		strcpy( line + lcur, buf ); \
+		lcur += len; \
+	} while( 0 )
+
+static char *
+fp_getline( FILE *fp, int *lineno )
+{
+	char		*p;
+
+	lcur = 0;
+	CATLINE( buf );
+	(*lineno)++;
+
+	/* hack attack - keeps us from having to keep a stack of bufs... */
+	if ( strncasecmp( line, "include", 7 ) == 0 ) {
+		buf[0] = '\0';
+		return( line );
+	}
+
+	while ( fgets( buf, sizeof(buf), fp ) != NULL ) {
+		/* trim off \r\n or \n */
+		if ( (p = strchr( buf, '\n' )) != NULL ) {
+			if( p > buf && p[-1] == '\r' ) --p;
+			*p = '\0';
+		}
+		
+		/* trim off trailing \ and append the next line */
+		if ( line[ 0 ] != '\0' 
+				&& (p = line + strlen( line ) - 1)[ 0 ] == '\\'
+				&& p[ -1 ] != '\\' ) {
+			p[ 0 ] = '\0';
+			lcur--;
+
+		} else {
+			if ( ! isspace( (unsigned char) buf[0] ) ) {
+				return( line );
+			}
+
+			/* change leading whitespace to a space */
+			buf[0] = ' ';
+		}
+
+		CATLINE( buf );
+		(*lineno)++;
+	}
+	buf[0] = '\0';
+
+	return( line[0] ? line : NULL );
+}
+
+static void
+fp_getline_init( int *lineno )
+{
+	*lineno = -1;
+	buf[0] = '\0';
+}
+
diff --git a/contrib/slapd-modules/dupent/Makefile b/contrib/slapd-modules/dupent/Makefile
new file mode 100644
index 0000000..6b35438
--- /dev/null
+++ b/contrib/slapd-modules/dupent/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_DUPENT=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = dupent.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+dupent.la: dupent.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/dupent/dupent.c b/contrib/slapd-modules/dupent/dupent.c
new file mode 100644
index 0000000..89ad622
--- /dev/null
+++ b/contrib/slapd-modules/dupent/dupent.c
@@ -0,0 +1,558 @@
+/* dupent.c - LDAP Control for a Duplicate Entry Representation of Search Results */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2006-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+/*
+ * LDAP Control for a Duplicate Entry Representation of Search Results
+ * <draft-ietf-ldapext-ldapv3-dupent-08.txt> (EXPIRED)
+ * <http://tools.ietf.org/id/draft-ietf-ldapext-ldapv3-dupent-08.txt>
+ */
+
+#include "portable.h"
+
+/* define SLAPD_OVER_DUPENT=2 to build as run-time loadable module */
+#ifdef SLAPD_OVER_DUPENT
+
+/*
+ * The macros
+ *
+ * LDAP_CONTROL_DUPENT_REQUEST		"2.16.840.1.113719.1.27.101.1"
+ * LDAP_CONTROL_DUPENT_RESPONSE		"2.16.840.1.113719.1.27.101.2"
+ * LDAP_CONTROL_DUPENT_ENTRY		"2.16.840.1.113719.1.27.101.3"
+ *
+ * are already defined in <ldap.h>
+ */
+
+/*
+ * support for no attrs and "*" in AttributeDescriptionList is missing
+ */
+
+#include "slap.h"
+#include "ac/string.h"
+
+#define o_dupent			o_ctrlflag[dupent_cid]
+#define o_ctrldupent		o_controls[dupent_cid]
+
+static int dupent_cid;
+static slap_overinst dupent;
+
+typedef struct dupent_t {
+	AttributeName	*ds_an;
+	ber_len_t		ds_nattrs;
+	slap_mask_t		ds_flags;
+	ber_int_t		ds_paa;
+} dupent_t;
+
+static int
+dupent_parseCtrl (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	ber_tag_t tag;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_len_t len;
+	BerVarray AttributeDescriptionList = NULL;
+	ber_len_t cnt = sizeof(struct berval);
+	ber_len_t off = 0;
+	ber_int_t PartialApplicationAllowed = 1;
+	dupent_t *ds = NULL;
+	int i;
+
+	if ( op->o_dupent != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "Dupent control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "Dupent control value is absent";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( BER_BVISEMPTY( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "Dupent control value is empty";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_init2( ber, &ctrl->ldctl_value, 0 );
+
+	/*
+
+   DuplicateEntryRequest ::= SEQUENCE { 
+        AttributeDescriptionList, -- from [RFC2251] 
+        PartialApplicationAllowed BOOLEAN DEFAULT TRUE } 
+
+        AttributeDescriptionList ::= SEQUENCE OF 
+                AttributeDescription 
+    
+        AttributeDescription ::= LDAPString 
+    
+        attributeDescription = AttributeType [ ";" <options> ] 
+
+	 */
+
+	tag = ber_skip_tag( ber, &len );
+	if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX;
+	if ( ber_scanf( ber, "{M}", &AttributeDescriptionList, &cnt, off )
+		== LBER_ERROR )
+	{
+		rs->sr_text = "Dupent control: dupentSpec decoding error";
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+	tag = ber_skip_tag( ber, &len );
+	if ( tag == LBER_BOOLEAN ) {
+		/* NOTE: PartialApplicationAllowed is ignored, since the control
+		 * can always be honored
+		 */
+		if ( ber_scanf( ber, "b", &PartialApplicationAllowed ) == LBER_ERROR )
+		{
+			rs->sr_text = "Dupent control: dupentSpec decoding error";
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+		tag = ber_skip_tag( ber, &len );
+	}
+	if ( len || tag != LBER_DEFAULT ) {
+		rs->sr_text = "Dupent control: dupentSpec decoding error";
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	ds = (dupent_t *)op->o_tmpcalloc( 1,
+		sizeof(dupent_t) + sizeof(AttributeName)*cnt,
+		op->o_tmpmemctx );
+
+	ds->ds_paa = PartialApplicationAllowed;
+
+	if ( cnt == 0 ) {
+		ds->ds_flags |= SLAP_USERATTRS_YES;
+
+	} else {
+		int c;
+
+		ds->ds_an = (AttributeName *)&ds[ 1 ];
+
+		for ( i = 0, c = 0; i < cnt; i++ ) {
+			const char *text;
+			int j;
+			int rc;
+			AttributeDescription *ad = NULL;
+
+			if ( bvmatch( &AttributeDescriptionList[i],
+				slap_bv_all_user_attrs ) )
+			{
+				if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
+					rs->sr_text = "Dupent control: AttributeDescription decoding error";
+					rs->sr_err = LDAP_PROTOCOL_ERROR;
+					goto done;
+				}
+
+				ds->ds_flags |= SLAP_USERATTRS_YES;
+				continue;
+			}
+
+			rc = slap_bv2ad( &AttributeDescriptionList[i], &ad, &text );
+			if ( rc != LDAP_SUCCESS ) {
+				continue;
+			}
+
+			ds->ds_an[c].an_desc = ad;
+			ds->ds_an[c].an_name = ad->ad_cname;
+
+			/* FIXME: not specified; consider this an error, just in case */
+			for ( j = 0; j < c; j++ ) {
+				if ( ds->ds_an[c].an_desc == ds->ds_an[j].an_desc ) {
+					rs->sr_text = "Dupent control: AttributeDescription must be unique within AttributeDescriptionList";
+					rs->sr_err = LDAP_PROTOCOL_ERROR;
+					goto done;
+				}
+			}
+
+			c++;
+		}
+
+		ds->ds_nattrs = c;
+
+		if ( ds->ds_flags & SLAP_USERATTRS_YES ) {
+			/* purge user attrs */
+			for ( i = 0; i < ds->ds_nattrs;  ) {
+				if ( is_at_operational( ds->ds_an[i].an_desc->ad_type ) ) {
+					i++;
+					continue;
+				}
+
+				ds->ds_nattrs--;
+				if ( i < ds->ds_nattrs ) {
+					ds->ds_an[i] = ds->ds_an[ds->ds_nattrs];
+				}
+			}
+		}
+	}
+
+	op->o_ctrldupent = (void *)ds;
+
+	op->o_dupent = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
+	rs->sr_err = LDAP_SUCCESS;
+
+done:;
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		op->o_tmpfree( ds, op->o_tmpmemctx );
+	}
+
+	if ( AttributeDescriptionList != NULL ) {
+		ber_memfree_x( AttributeDescriptionList, op->o_tmpmemctx );
+	}
+
+	return rs->sr_err;
+}
+
+typedef struct dupent_cb_t {
+	slap_overinst	*dc_on;
+	dupent_t		*dc_ds;
+	int		dc_skip;
+} dupent_cb_t;
+
+typedef struct valnum_t {
+	Attribute *ap;
+	Attribute a;
+	struct berval vals[2];
+	struct berval nvals[2];
+	int cnt;
+} valnum_t;
+
+static int
+dupent_response_done( Operation *op, SlapReply *rs )
+{
+	BerElementBuffer	berbuf;
+	BerElement			*ber = (BerElement *) &berbuf;
+	struct berval		ctrlval;
+	LDAPControl			*ctrl, *ctrlsp[2];
+
+	ber_init2( ber, NULL, LBER_USE_DER );
+
+	/*
+
+      DuplicateEntryResponseDone ::= SEQUENCE { 
+         resultCode,     -- From [RFC2251] 
+         errorMessage    [0] LDAPString OPTIONAL, 
+         attribute       [1] AttributeDescription OPTIONAL } 
+
+	 */
+
+	ber_printf( ber, "{i}", rs->sr_err );
+	if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
+		ber_free_buf( ber );
+		if ( op->o_dupent == SLAP_CONTROL_CRITICAL ) {
+			return LDAP_CONSTRAINT_VIOLATION;
+		}
+		return SLAP_CB_CONTINUE;
+	}
+
+	ctrl = op->o_tmpcalloc( 1,
+		sizeof( LDAPControl ) + ctrlval.bv_len + 1,
+		op->o_tmpmemctx );
+	ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
+	ctrl->ldctl_oid = LDAP_CONTROL_DUPENT_RESPONSE;
+	ctrl->ldctl_iscritical = 0;
+	ctrl->ldctl_value.bv_len = ctrlval.bv_len;
+	AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
+	ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
+
+	ber_free_buf( ber );
+
+	ctrlsp[0] = ctrl;
+	ctrlsp[1] = NULL;
+	slap_add_ctrls( op, rs, ctrlsp );
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_response_entry_1level(
+	Operation *op,
+	SlapReply *rs,
+	Entry *e,
+	valnum_t *valnum,
+	int nattrs,
+	int level )
+{
+	int i, rc = LDAP_SUCCESS;
+
+	for ( i = 0; i < valnum[level].ap->a_numvals; i++ ) {
+		LDAPControl	*ctrl = NULL, *ctrlsp[2];
+
+		valnum[level].a.a_vals[0] = valnum[level].ap->a_vals[i];
+		if ( valnum[level].ap->a_nvals != valnum[level].ap->a_vals ) {
+			valnum[level].a.a_nvals[0] = valnum[level].ap->a_nvals[i];
+		}
+
+		if ( level < nattrs - 1 ) {
+			rc = dupent_response_entry_1level( op, rs,
+				e, valnum, nattrs, level + 1 );
+			if ( rc != LDAP_SUCCESS ) {
+				break;
+			}
+
+			continue;
+		}
+
+		/* NOTE: add the control all times, under the assumption
+		 * send_search_entry() honors the REP_CTRLS_MUSTBEFREED
+		 * set by slap_add_ctrls(); this is not true (ITS#6629)
+		 */
+		ctrl = op->o_tmpcalloc( 1, sizeof( LDAPControl ), op->o_tmpmemctx );
+		ctrl->ldctl_oid = LDAP_CONTROL_DUPENT_ENTRY;
+		ctrl->ldctl_iscritical = 0;
+
+		ctrlsp[0] = ctrl;
+		ctrlsp[1] = NULL;
+		slap_add_ctrls( op, rs, ctrlsp );
+
+		/* do the real send */
+		rs->sr_entry = e;
+		rc = send_search_entry( op, rs );
+		if ( rc != LDAP_SUCCESS ) {
+			break;
+		}
+	}
+
+	return rc;
+}
+
+static void
+dupent_attr_prepare( dupent_t *ds, Entry *e, valnum_t *valnum, int nattrs, int c, Attribute **app, Attribute **ap_listp )
+{
+	valnum[c].ap = *app;
+	*app = (*app)->a_next;
+
+	valnum[c].ap->a_next = *ap_listp;
+	*ap_listp = valnum[c].ap;
+
+	valnum[c].a = *valnum[c].ap;
+	if ( c < nattrs - 1 ) {
+		valnum[c].a.a_next = &valnum[c + 1].a;
+	} else {
+		valnum[c].a.a_next = NULL;
+	}
+	valnum[c].a.a_numvals = 1;
+	valnum[c].a.a_vals = valnum[c].vals;
+	BER_BVZERO( &valnum[c].vals[1] );
+	if ( valnum[c].ap->a_nvals != valnum[c].ap->a_vals ) {
+		valnum[c].a.a_nvals = valnum[c].nvals;
+		BER_BVZERO( &valnum[c].nvals[1] );
+	} else {
+		valnum[c].a.a_nvals = valnum[c].a.a_vals;
+	}
+}
+
+static int
+dupent_response_entry( Operation *op, SlapReply *rs )
+{
+	dupent_cb_t	*dc = (dupent_cb_t *)op->o_callback->sc_private;
+	int			nattrs = 0;
+	valnum_t	*valnum = NULL;
+	Attribute	**app, *ap_list = NULL;
+	int			i, c;
+	Entry		*e = NULL;
+	int			rc;
+
+	assert( rs->sr_type == REP_SEARCH );
+
+	for ( i = 0; i < dc->dc_ds->ds_nattrs; i++ ) {
+		Attribute *ap;
+
+		ap = attr_find( rs->sr_entry->e_attrs,
+			dc->dc_ds->ds_an[ i ].an_desc );
+		if ( ap && ap->a_numvals > 1 ) {
+			nattrs++;
+		}
+	}
+
+	if ( dc->dc_ds->ds_flags & SLAP_USERATTRS_YES ) {
+		Attribute *ap;
+
+		for ( ap = rs->sr_entry->e_attrs; ap != NULL; ap = ap->a_next ) {
+			if ( !is_at_operational( ap->a_desc->ad_type ) && ap->a_numvals > 1 ) {
+				nattrs++;
+			}
+		}
+	}
+
+	if ( !nattrs ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	rs_entry2modifiable( op, rs, dc->dc_on );
+	rs->sr_flags &= ~(REP_ENTRY_MODIFIABLE | REP_ENTRY_MUSTBEFREED);
+	e = rs->sr_entry;
+
+	valnum = op->o_tmpcalloc( sizeof(valnum_t), nattrs, op->o_tmpmemctx );
+
+	for ( c = 0, i = 0; i < dc->dc_ds->ds_nattrs; i++ ) {
+		for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next ) {
+			if ( (*app)->a_desc == dc->dc_ds->ds_an[ i ].an_desc ) {
+				break;
+			}
+		}
+
+		if ( *app != NULL && (*app)->a_numvals > 1 ) {
+			assert( c < nattrs );
+			dupent_attr_prepare( dc->dc_ds, e, valnum, nattrs, c, app, &ap_list );
+			c++;
+		}
+	}
+
+	if ( dc->dc_ds->ds_flags & SLAP_USERATTRS_YES ) {
+		for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next ) {
+			if ( !is_at_operational( (*app)->a_desc->ad_type ) && (*app)->a_numvals > 1 ) {
+				assert( c < nattrs );
+				dupent_attr_prepare( dc->dc_ds, e, valnum, nattrs, c, app, &ap_list );
+				c++;
+			}
+		}
+	}
+
+	for ( app = &e->e_attrs; *app != NULL; app = &(*app)->a_next )
+		/* goto tail */ ;
+
+	*app = &valnum[0].a;
+
+	/* NOTE: since send_search_entry() does not honor the
+	 * REP_CTRLS_MUSTBEFREED flag set by slap_add_ctrls(),
+	 * the control could be added here once for all (ITS#6629)
+	 */
+
+	dc->dc_skip = 1;
+	rc = dupent_response_entry_1level( op, rs, e, valnum, nattrs, 0 );
+	dc->dc_skip = 0;
+
+	*app = ap_list;
+
+	entry_free( e );
+
+	op->o_tmpfree( valnum, op->o_tmpmemctx );
+
+	return rc;
+}
+
+static int
+dupent_response( Operation *op, SlapReply *rs )
+{
+	dupent_cb_t	*dc = (dupent_cb_t *)op->o_callback->sc_private;
+
+	if ( dc->dc_skip ) {
+		return SLAP_CB_CONTINUE;
+	}
+	
+	switch ( rs->sr_type ) {
+	case REP_RESULT:
+		return dupent_response_done( op, rs );
+
+	case REP_SEARCH:
+		return dupent_response_entry( op, rs );
+
+	case REP_SEARCHREF:
+		break;
+
+	default:
+		assert( 0 );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_cleanup( Operation *op, SlapReply *rs )
+{
+	if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
+		op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+		op->o_callback = NULL;
+
+		op->o_tmpfree( op->o_ctrldupent, op->o_tmpmemctx );
+		op->o_ctrldupent = NULL;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+dupent_op_search( Operation *op, SlapReply *rs )
+{
+	if ( op->o_dupent != SLAP_CONTROL_NONE ) {
+		slap_callback *sc;
+		dupent_cb_t *dc;
+
+		sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( dupent_cb_t ), op->o_tmpmemctx );
+
+		dc = (dupent_cb_t *)&sc[ 1 ];
+		dc->dc_on = (slap_overinst *)op->o_bd->bd_info;
+		dc->dc_ds = (dupent_t *)op->o_ctrldupent;
+		dc->dc_skip = 0;
+
+		sc->sc_response = dupent_response;
+		sc->sc_cleanup = dupent_cleanup;
+		sc->sc_private = (void *)dc;
+
+		sc->sc_next = op->o_callback->sc_next;
+                op->o_callback->sc_next = sc;
+	}
+	
+	return SLAP_CB_CONTINUE;
+}
+
+#if SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC */
+int
+dupent_initialize( void )
+{
+	int rc;
+
+	rc = register_supported_control( LDAP_CONTROL_DUPENT,
+		SLAP_CTRL_SEARCH, NULL,
+		dupent_parseCtrl, &dupent_cid );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY,
+			"dupent_initialize: Failed to register control (%d)\n",
+			rc );
+		return -1;
+	}
+
+	dupent.on_bi.bi_type = "dupent";
+
+	dupent.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	dupent.on_bi.bi_op_search = dupent_op_search;
+
+	return overlay_register( &dupent );
+}
+
+#if SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return dupent_initialize();
+}
+#endif /* SLAPD_OVER_DUPENT == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_DUPENT */
diff --git a/contrib/slapd-modules/emptyds/Makefile b/contrib/slapd-modules/emptyds/Makefile
new file mode 100644
index 0000000..654f856
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/Makefile
@@ -0,0 +1,78 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+SRCDIR = ./
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_EDS=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = emptyds.la
+MANPAGES = slapo-emptyds.5
+CLEAN = *.o *.lo *.la .libs
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+all: $(PROGRAMS)
+
+d :=
+sp :=
+dir := tests
+include $(dir)/Rules.mk
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+emptyds.la: emptyds.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+		-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf $(CLEAN)
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/emptyds/README b/contrib/slapd-modules/emptyds/README
new file mode 100644
index 0000000..914d4e7
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/README
@@ -0,0 +1,66 @@
+emptyds Overlay README
+
+DESCRIPTION
+    This package contains an OpenLDAP overlay called "emptyds" (empty
+    directory string) that eliminates empty values of type directory string
+    (OID 1.3.6.1.4.1.1466.115.121.1.15) from the list of the values in the
+    following manner:
+    
+    - add: All empty attribute values will be removed before the add request
+      is executed
+    - mod-replace: A replace with empty values will be modified to a replace
+      without values. As result the attribute will be deleted
+    - mod-add: All empty attribute values will be removed before the mod-add
+      request is executed
+    - mod-delete: All empty attribute values will be removed before the
+      mod-delete request is executed
+    
+    If removing all empty values from a modification makes it a no-op, that
+    modification is removed from the list.
+    
+    At module load time the emptyds overlay manipulates the syntax checking
+    so that it intercepts the syntax check and allows empty values for
+    attributes of type directory string only. Non-empty values continue to
+    go through the normal check routines. It is therefore very important to
+    configure the overlays in a way that ensures that the emptyds overlay gets
+    the control over the operation before any other overlay. Otherwise it
+    could come to the situation with empty attribute values in the data base.
+    
+    David Hawes' addpartial overlay has been used as starting point for this
+    overlay.
+     
+BUILDING
+    A Makefile is included, please set your LDAP_SRC directory properly.
+
+INSTALLATION
+    After compiling the emptyds overlay, add the following to your
+    slapd.conf:
+
+    ### slapd.conf
+    ...
+    moduleload emptyds.la
+    ...
+    overlay emptyds
+    ...
+    # before database directive...
+    # this overlay must be the last overlay in the config file to ensure that
+    # requests are modified before other overlays get them.
+    ...
+    ### end slapd.conf
+
+CAVEATS
+    - In order to ensure that emptyds does what it needs to do, it must be
+      the last overlay configured so it will run before the other overlays.
+
+---
+Copyright 2014-2022 The OpenLDAP Foundation.
+Portions Copyright (C) DAASI International GmbH, Tamim Ziai.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+http://www.OpenLDAP.org/license.html.
diff --git a/contrib/slapd-modules/emptyds/emptyds.c b/contrib/slapd-modules/emptyds/emptyds.c
new file mode 100644
index 0000000..bb3202e
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/emptyds.c
@@ -0,0 +1,325 @@
+/* emptyds.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2014-2022 The OpenLDAP Foundation.
+ * Portions Copyright (C) 2014 DAASI International GmbH, Tamim Ziai.
+ * Portions Copyright (C) 2022 Ondřej Kuzník, Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * http://www.OpenLDAP.org/license.html.
+ */
+/* ACKNOLEDGEDMENTS:
+ * This work was initially developed by Tamim Ziai of DAASI International GmbH
+ * for inclusion in OpenLDAP Software.
+ */
+/* slapo-emptyds
+ *
+ * This is an OpenLDAP overlay that accepts empty strings as attribute values
+ * without syntax violation but never actually stores them. This allows
+ * applications that used to work with LDAP implementations allowing empty
+ * strings (such as Novel eDirectory) to continue to work with OpenLDAP without
+ * any modifications. Add and modify change types will be proceeded as follows,
+ * other operations will be forwarded without modifications:
+ *
+ * changeType: add                  changeType: add
+ * sn: <empty>              -->     sn: blah
+ * sn: blah
+ *
+ * changeType: modify               changeType: modify
+ * add: sn                  -->     add: sn
+ * sn: <empty>                      sn: blah
+ * sn: blah
+ *
+ * changeType: modify               changeType: modify
+ * delete: sn               -->     delete: sn
+ * sn: <empty>                      sn: blah
+ * sn: blah
+ *
+ * changeType: modify               changeType: modify
+ * replace: sn              -->     replace: sn
+ * sn: <empty>
+ *
+ */
+
+#include "portable.h"
+#include "slap.h"
+
+static slap_overinst emptyds;
+
+static const char ds_oid[] = "1.3.6.1.4.1.1466.115.121.1.15";
+
+static slap_syntax_validate_func *ssyn_validate_original = NULL;
+static slap_syntax_transform_func *ssyn_pretty_original = NULL;
+static int emptyds_instances = 0;
+
+static unsigned int
+remove_empty_values( Modification *m, Attribute *a )
+{
+	BerVarray vals = m ? m->sm_values : a->a_vals,
+			  nvals = m ? m->sm_nvalues : a->a_nvals;
+	unsigned int i, j, numvals = m ? m->sm_numvals : a->a_numvals;
+
+	for ( i = 0; i < numvals && !BER_BVISEMPTY( &vals[i] ); i++ )
+		/* Find first empty */;
+
+	if ( i == numvals ) return i;
+
+	/*
+	 * We have an empty value at index i, move all of them to the end of the
+	 * list, preserving the order of non-empty values.
+	 */
+	j = i + 1;
+	for ( j = i + 1; j < numvals; j++ ) {
+		struct berval tmp;
+
+		if ( BER_BVISEMPTY( &vals[j] ) ) continue;
+
+		tmp = vals[i];
+		vals[i] = vals[j];
+		vals[j] = tmp;
+
+		if ( nvals && vals != nvals ) {
+			tmp = nvals[i];
+			nvals[i] = nvals[j];
+			nvals[j] = tmp;
+		}
+
+		if ( m && a && m->sm_values != a->a_vals ) {
+			tmp = a->a_vals[i];
+			a->a_vals[i] = a->a_vals[j];
+			a->a_vals[j] = tmp;
+
+			if ( a->a_nvals && a->a_vals != a->a_nvals ) {
+				tmp = a->a_nvals[i];
+				a->a_nvals[i] = a->a_nvals[j];
+				a->a_nvals[j] = tmp;
+			}
+		}
+		i++;
+	}
+
+	/* Free empty vals */
+	for ( ; j && i < j--; ) {
+		ber_memfree( vals[j].bv_val );
+		if ( nvals && vals != nvals ) {
+			ber_memfree( nvals[j].bv_val );
+			BER_BVZERO( &nvals[j] );
+		}
+
+		if ( m && a && m->sm_values != a->a_vals ) {
+			if ( m->sm_values[j].bv_val != a->a_vals[j].bv_val ) {
+				ber_memfree( a->a_vals[j].bv_val );
+				BER_BVZERO( &a->a_vals[j] );
+
+				if ( a->a_nvals && a->a_vals != a->a_nvals ) {
+					ber_memfree( a->a_nvals[j].bv_val );
+					BER_BVZERO( &a->a_nvals[j] );
+				}
+			}
+		}
+		BER_BVZERO( &vals[j] );
+	}
+
+	return i;
+}
+
+/**
+ *  Remove all operations with empty strings.
+ */
+static int
+emptyds_op_add( Operation *op, SlapReply *rs )
+{
+	Attribute **ap, **nexta, *a;
+	Modifications **mlp, **nextp = NULL, *ml;
+	Entry *e = op->ora_e;
+
+	/*
+	 * op->ora_modlist can be NULL, at least accesslog doesn't always populate
+	 * it on an add.
+	 */
+	for ( ap = &e->e_attrs, a = e->e_attrs, mlp = &op->ora_modlist,
+		  ml = op->ora_modlist;
+			a != NULL;
+			ap = nexta, a = *ap, mlp = nextp, ml = ml ? *mlp : NULL ) {
+		AttributeType *at = a->a_desc->ad_type;
+		unsigned int remaining;
+
+		nexta = &a->a_next;
+		if ( ml ) {
+			nextp = &ml->sml_next;
+		}
+
+		if ( at->sat_syntax != slap_schema.si_syn_directoryString ||
+				at->sat_atype.at_usage != LDAP_SCHEMA_USER_APPLICATIONS )
+			continue;
+
+		remaining = remove_empty_values( &ml->sml_mod, a );
+		if ( remaining == a->a_numvals ) continue;
+		/* Empty values found */
+
+		if ( !remaining ) {
+			/* All values are empty */
+			*ap = a->a_next;
+			a->a_next = NULL;
+			nexta = ap;
+
+			if ( ml ) {
+				*mlp = ml->sml_next;
+				ml->sml_next = NULL;
+				nextp = mlp;
+				/* Values are generally shared with attribute */
+				slap_mods_free( ml, ml->sml_values != a->a_vals );
+			}
+			attr_free( a );
+		} else {
+			a->a_numvals = remaining;
+			if ( ml ) {
+				ml->sml_mod.sm_numvals = remaining;
+			}
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+emptyds_op_modify( Operation *op, SlapReply *rs )
+{
+	Modifications **mlp, **nextp, *ml;
+
+	for ( mlp = &op->orm_modlist, ml = op->orm_modlist; ml != NULL;
+			mlp = nextp, ml = *mlp ) {
+		AttributeType *at = ml->sml_desc->ad_type;
+		unsigned int remaining;
+
+		nextp = &ml->sml_next;
+
+		if ( at->sat_syntax != slap_schema.si_syn_directoryString ||
+				at->sat_atype.at_usage != LDAP_SCHEMA_USER_APPLICATIONS )
+			continue;
+
+		remaining = remove_empty_values( &ml->sml_mod, NULL );
+		if ( remaining == ml->sml_numvals ) continue;
+
+		if ( !remaining ) {
+			/* All values are empty */
+			if ( ml->sml_op == LDAP_MOD_REPLACE ) {
+				/* Replace is kept */
+				if ( ml->sml_nvalues && ml->sml_nvalues != ml->sml_values ) {
+					ber_bvarray_free( ml->sml_nvalues );
+				}
+				if ( ml->sml_values ) {
+					ber_bvarray_free( ml->sml_values );
+				}
+
+				ml->sml_numvals = 0;
+				ml->sml_values = NULL;
+				ml->sml_nvalues = NULL;
+			} else {
+				/* Remove modification */
+				*mlp = ml->sml_next;
+				ml->sml_next = NULL;
+				nextp = mlp;
+				slap_mods_free( ml, 1 );
+			}
+		} else {
+			ml->sml_numvals = remaining;
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+emptyds_ssyn_validate( Syntax *syntax, struct berval *in )
+{
+	if ( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
+		return LDAP_SUCCESS;
+	}
+	return ssyn_validate_original( syntax, in );
+}
+
+static int
+emptyds_ssyn_pretty( Syntax *syntax,
+		struct berval *in,
+		struct berval *out,
+		void *memctx )
+{
+	if ( BER_BVISEMPTY( in ) && syntax == slap_schema.si_syn_directoryString ) {
+		return LDAP_SUCCESS;
+	}
+	return ssyn_pretty_original( syntax, in, out, memctx );
+}
+
+static int
+emptyds_db_init( BackendDB *be, ConfigReply *cr )
+{
+	Syntax *syntax = syn_find( ds_oid );
+
+	if ( syntax == NULL ) {
+		Debug( LDAP_DEBUG_TRACE, "emptyds_db_init: "
+				"Syntax %s not found\n",
+				ds_oid );
+	} else {
+		Debug( LDAP_DEBUG_TRACE, "emptyds_db_init: "
+				"Found syntax: %s\n",
+				syntax->ssyn_bvoid.bv_val );
+		if ( ssyn_validate_original == NULL && syntax->ssyn_validate != NULL ) {
+			ssyn_validate_original = syntax->ssyn_validate;
+			syntax->ssyn_validate = emptyds_ssyn_validate;
+		}
+		if ( ssyn_pretty_original == NULL && syntax->ssyn_pretty != NULL ) {
+			ssyn_pretty_original = syntax->ssyn_pretty;
+			syntax->ssyn_pretty = &emptyds_ssyn_pretty;
+		}
+	}
+
+	emptyds_instances++;
+	return LDAP_SUCCESS;
+}
+
+static int
+emptyds_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	Syntax *syntax = syn_find( ds_oid );
+
+	if ( --emptyds_instances == 0 && syntax != NULL ) {
+		if ( syntax->ssyn_validate == emptyds_ssyn_validate ) {
+			syntax->ssyn_validate = ssyn_validate_original;
+		}
+		ssyn_validate_original = NULL;
+
+		if ( syntax->ssyn_pretty == emptyds_ssyn_pretty ) {
+			syntax->ssyn_pretty = ssyn_pretty_original;
+		}
+		ssyn_pretty_original = NULL;
+	}
+
+	assert( emptyds_instances >= 0 );
+	return LDAP_SUCCESS;
+}
+
+int
+emptyds_init()
+{
+	emptyds.on_bi.bi_type = "emptyds";
+	emptyds.on_bi.bi_op_add = emptyds_op_add;
+	emptyds.on_bi.bi_op_modify = emptyds_op_modify;
+	emptyds.on_bi.bi_db_init = emptyds_db_init;
+	emptyds.on_bi.bi_db_destroy = emptyds_db_destroy;
+
+	return overlay_register( &emptyds );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return emptyds_init();
+}
diff --git a/contrib/slapd-modules/emptyds/slapo-emptyds.5 b/contrib/slapd-modules/emptyds/slapo-emptyds.5
new file mode 100644
index 0000000..75b1059
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/slapo-emptyds.5
@@ -0,0 +1,68 @@
+.TH SLAPO-EDS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2022 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copyright 2018 Tamim Ziai 
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-emptyds \- Remove Empty values from Directory String attributes
+Overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+Some non-conformant clients will provide empty values for Directory String
+attributes with certain operations. This overlay makes empty values acceptable
+for the Directory String syntax and will adjust all operations to make sure
+these values are never actually stored in the database.
+.LP
+.nf
+.ft tt
+	dn: cn=alex,cn=people,dc=example,dc=org
+	changeType: add                  changeType: add
+	sn: <empty>              -->     sn: blah
+	sn: blah
+
+	dn: cn=alex,cn=people,dc=example,dc=org
+	changeType: modify               changeType: modify
+	add: sn                  -->     add: sn
+	sn: <empty>                      sn: blah
+	sn: blah
+
+	dn: cn=alex,cn=people,dc=example,dc=org
+	changeType: modify               changeType: modify
+	delete: sn               -->     delete: sn
+	sn: <empty>                      sn: blah
+	sn: blah
+
+	dn: cn=alex,cn=people,dc=example,dc=org
+	changeType: modify               changeType: modify
+	replace: sn              -->     replace: sn
+	sn: <empty>
+
+	dn: cn=alex,cn=people,dc=example,dc=org
+	changeType: modify               changeType: modify
+	replace: sn              -->     replace: sn
+	sn: <empty>                      sn: blah
+	sn: blah
+.ft
+.fi
+.LP
+.SH CONFIGURATION
+This overlay has no specific configuration, however in order to ensure that it
+does what it needs to do, it should be the last overlay configured so it will
+run before the other overlays.
+.SH EXAMPLES
+.LP
+.RS
+.nf
+overlay emptyds
+.RE
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
+.SH ACKNOWLEDGEMENTS
+This module was written in 2014 by Tamim Ziai for DAASI International and
+updated in 2022 by Ondřej Kuzník for inclusion in the OpenLDAP project.
+.so ../Project
diff --git a/contrib/slapd-modules/emptyds/tests/Rules.mk b/contrib/slapd-modules/emptyds/tests/Rules.mk
new file mode 100644
index 0000000..c25c1d2
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/Rules.mk
@@ -0,0 +1,23 @@
+sp := $(sp).x
+dirstack_$(sp) := $(d)
+d := $(dir)
+
+.PHONY: test
+
+CLEAN += clients servers tests/progs tests/schema tests/testdata tests/testrun
+
+test: all clients servers tests/progs
+
+test:
+	cd tests; \
+		SRCDIR=$(abspath $(LDAP_SRC)) \
+		LDAP_BUILD=$(abspath $(LDAP_BUILD)) \
+		TOPDIR=$(abspath $(SRCDIR)) \
+		LIBTOOL=$(abspath $(LIBTOOL)) \
+			$(abspath $(SRCDIR))/tests/run all
+
+servers clients tests/progs:
+	ln -s $(abspath $(LDAP_BUILD))/$@ $@
+
+d := $(dirstack_$(sp))
+sp := $(basename $(sp))
diff --git a/contrib/slapd-modules/emptyds/tests/data/emptyds.conf b/contrib/slapd-modules/emptyds/tests/data/emptyds.conf
new file mode 100644
index 0000000..221fe81
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/data/emptyds.conf
@@ -0,0 +1,54 @@
+# basic slapd config -- for testing of slapo-emptyds
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+include		@SCHEMADIR@/core.schema
+include		@SCHEMADIR@/cosine.schema
+include		@SCHEMADIR@/inetorgperson.schema
+include		@SCHEMADIR@/openldap.schema
+include		@SCHEMADIR@/nis.schema
+include		@DATADIR@/test.schema
+#
+pidfile		@TESTDIR@/slapd.1.pid
+argsfile	@TESTDIR@/slapd.1.args
+
+#mod#modulepath	../servers/slapd/back-@BACKEND@/
+#mod#moduleload	back_@BACKEND@.la
+#accesslogmod#modulepath ../servers/slapd/overlays/
+#accesslogmod#moduleload accesslog.la
+moduleload ../emptyds.la
+
+database	@BACKEND@
+suffix		"dc=example,dc=com"
+rootdn		"cn=Manager,dc=example,dc=com"
+rootpw		secret
+#~null~#directory	@TESTDIR@/db.1.a
+
+overlay accesslog
+logdb cn=log
+logops writes
+logsuccess true
+
+overlay emptyds
+
+database	@BACKEND@
+suffix		"cn=log"
+rootdn		"cn=Manager,dc=example,dc=com"
+#~null~#directory	@TESTDIR@/db.1.b
+
+## This one makes no difference except we want to make sure we can
+## safely instantiate the overlay on multiple databases
+overlay emptyds
+
+database	monitor
diff --git a/contrib/slapd-modules/emptyds/tests/data/test001.ldif b/contrib/slapd-modules/emptyds/tests/data/test001.ldif
new file mode 100644
index 0000000..b7f289a
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/data/test001.ldif
@@ -0,0 +1,71 @@
+# slapd prevents us from adding the same value multiple times
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+add: description
+description: one
+description: 
+description: two
+description: three
+description: four
+# a space is distinct from an empty value
+description:: ICAg
+-
+replace: drink
+drink: Earl Grey, hot
+-
+delete: description
+description: 
+-
+replace: drink
+drink: Earl Grey, hot
+
+# there is no such restriction on deletes, so we exercise this part of the overlay here
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+delete: description
+description: 
+description: four
+description: 
+description: three
+description: two
+description: 
+description: 
+description: one
+description: 
+-
+add: description
+description: 
+
+dn: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modify
+replace: drink
+drink: 
+
+dn: cn=All Staff,ou=Groups,dc=example,dc=com
+changetype: modify
+delete: member
+-
+add: member
+# an empty DN should not be stripped
+member: 
+member: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: add
+objectclass: testPerson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+title: 
+postaladdress: ITD $ 535 W. William St $ Anytown, MI 48103
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Anytown, MI 48104
+description: Very odd
+description: 
+description: More than you think
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen@mailgw.example.com
+homephone: +1 313 555 8844
+testTime: 20050304001801.234Z
diff --git a/contrib/slapd-modules/emptyds/tests/data/test001.out b/contrib/slapd-modules/emptyds/tests/data/test001.out
new file mode 100644
index 0000000..6f41247
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/data/test001.out
@@ -0,0 +1,54 @@
+dn: reqStart=timestamp,cn=log
+reqDN: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+reqMod: description:+ one
+reqMod: description:+ two
+reqMod: description:+ three
+reqMod: description:+ four
+# "description:+    " that's a space, then 3 spaces for value
+reqMod:: ZGVzY3JpcHRpb246KyAgICA=
+reqMod: drink:= Earl Grey, hot
+# second mod was removed, so we have two replaces in succession now and need
+# to separate them (":")
+reqMod:: Og==
+reqMod: drink:= Earl Grey, hot
+
+dn: reqStart=timestamp,cn=log
+reqDN: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+reqMod: description:- four
+reqMod: description:- three
+reqMod: description:- two
+reqMod: description:- one
+# second mod is removed
+
+dn: reqStart=timestamp,cn=log
+reqDN: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+reqMod: drink:=
+
+dn: reqStart=timestamp,cn=log
+reqDN: cn=All Staff,ou=Groups,dc=example,dc=com
+reqMod: member:-
+# "member:+ " adding an empty DN
+reqMod:: bWVtYmVyOisg
+reqMod: member:+ cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example
+ ,dc=com
+
+dn: reqStart=timestamp,cn=log
+reqDN: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,
+ dc=com
+reqMod: objectClass:+ testPerson
+reqMod: cn:+ Gern Jensen
+reqMod: sn:+ Jensen
+reqMod: uid:+ gjensen
+reqMod: postalAddress:+ ITD $ 535 W. William St $ Anytown, MI 48103
+reqMod: seeAlso:+ cn=All Staff,ou=Groups,dc=example,dc=com
+reqMod: drink:+ Coffee
+reqMod: homePostalAddress:+ 844 Brown St. Apt. 4 $ Anytown, MI 48104
+reqMod: description:+ Very odd
+reqMod: description:+ More than you think
+reqMod: facsimileTelephoneNumber:+ +1 313 555 7557
+reqMod: telephoneNumber:+ +1 313 555 8343
+reqMod: mail:+ gjensen@mailgw.example.com
+reqMod: homePhone:+ +1 313 555 8844
+reqMod: testTime:+ 20050304001801.234Z
+reqMod: structuralObjectClass:+ testPerson
+
diff --git a/contrib/slapd-modules/emptyds/tests/run b/contrib/slapd-modules/emptyds/tests/run
new file mode 100755
index 0000000..e28820c
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/run
@@ -0,0 +1,218 @@
+#!/bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+USAGE="$0 [-b <backend>] [-c] [-k] [-l #] [-p] [-s {ro|rp}] [-u] [-w] <script>"
+
+TOPSRCDIR="${SRCDIR-$LDAP_SRC}"
+SRCDIR="${TOPSRCDIR}/tests"
+eval `grep EGREP_CMD= ${LDAP_BUILD}/tests/run`
+eval `$EGREP_CMD -e '^LN_S=' ${LDAP_BUILD}/tests/run`
+
+export SRCDIR TOPSRCDIR LN_S EGREP_CMD
+
+. "${SRCDIR}/scripts/defines.sh"
+
+BACKEND=
+CLEAN=no
+WAIT=0
+KILLSERVERS=yes
+PRESERVE=${PRESERVE-no}
+SYNCMODE=${SYNCMODE-rp}
+USERDATA=no
+LOOP=1
+COUNTER=1
+
+while test $# -gt 0 ; do
+	case "$1" in
+		-b | -backend)
+			BACKEND="$2"
+			shift; shift ;;
+
+		-c | -clean)
+			CLEAN=yes
+			shift ;;
+
+		-k | -kill)
+			KILLSERVERS=no
+			shift ;;
+		-l | -loop)
+			NUM="`echo $2 | sed 's/[0-9]//g'`"
+			if [ -z "$NUM" ]; then
+				LOOP=$2
+			else
+				echo "Loop variable not an int: $2"
+				echo "$USAGE"; exit 1
+			fi
+			shift ;
+			shift ;;
+
+		-p | -preserve)
+			PRESERVE=yes
+			shift ;;
+
+		-s | -syncmode)
+			case "$2" in
+				ro | rp)
+					SYNCMODE="$2"
+					;;
+				*)
+					echo "unknown sync mode $2"
+					echo "$USAGE"; exit 1
+					;;
+			esac
+			shift; shift ;;
+
+		-u | -userdata)
+			USERDATA=yes
+			shift ;;
+
+		-w | -wait)
+			WAIT=1
+			shift ;;
+
+		-)
+			shift
+			break ;;
+
+		-*)
+			echo "$USAGE"; exit 1
+			;;
+
+		*)
+			break ;;
+	esac
+done
+
+eval `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run`
+export `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run | sed 's/=.*//'`
+
+if test -z "$BACKEND" ; then
+	for b in mdb ; do
+		if eval "test \"\$AC_$b\" != no" ; then
+			BACKEND=$b
+			break
+		fi
+	done
+	if test -z "$BACKEND" ; then
+		echo "No suitable default database backend configured" >&2
+		exit 1
+	fi
+fi
+
+BACKENDTYPE=`eval 'echo $AC_'$BACKEND`
+if test "x$BACKENDTYPE" = "x" ; then
+	BACKENDTYPE="unknown"
+fi
+
+# Backend features.  indexdb: indexing and unchecked limit.
+# maindb: main storage backend.  Currently index,limits,mode,paged results.
+INDEXDB=noindexdb MAINDB=nomaindb
+case $BACKEND in
+	mdb) INDEXDB=indexdb MAINDB=maindb ;;
+esac
+
+export	BACKEND BACKENDTYPE INDEXDB MAINDB \
+	WAIT KILLSERVERS PRESERVE SYNCMODE USERDATA \
+	SRCDIR
+
+if test $# = 0 ; then
+	echo "$USAGE"; exit 1
+fi
+
+# need defines.sh for the definitions of the directories
+. $SRCDIR/scripts/defines.sh
+
+SCRIPTDIR="${TOPDIR}/tests/scripts"
+
+export SCRIPTDIR
+
+SCRIPTNAME="$1"
+shift
+
+if test -x "${SCRIPTDIR}/${SCRIPTNAME}" ; then
+	SCRIPT="${SCRIPTDIR}/${SCRIPTNAME}"
+elif test -x "`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"
+elif test -x "`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"
+else
+	echo "run: ${SCRIPTNAME} not found (or not executable)"
+	exit 1;
+fi
+
+if test ! -r ${DATADIR}/test.ldif ; then
+	${LN_S} ${SRCDIR}/data ${DATADIR}
+fi
+if test ! -r ${SCHEMADIR}/core.schema ; then
+	${LN_S} ${TOPSRCDIR}/servers/slapd/schema ${SCHEMADIR}
+fi
+if test ! -r ./data; then
+	${LN_S} ${TOPDIR}/tests/data ./
+fi
+
+if test -d ${TESTDIR} ; then
+	if test $PRESERVE = no ; then
+		echo "Cleaning up test run directory leftover from previous run."
+		/bin/rm -rf ${TESTDIR}
+	elif test $PRESERVE = yes ; then
+		echo "Cleaning up only database directories leftover from previous run."
+		/bin/rm -rf ${TESTDIR}/db.*
+	fi
+fi
+mkdir -p ${TESTDIR}
+
+if test $USERDATA = yes ; then
+	if test ! -d userdata ; then
+		echo "User data directory (userdata) does not exist."
+		exit 1
+	fi
+	cp -R userdata/* ${TESTDIR}
+fi
+
+# disable LDAP initialization
+LDAPNOINIT=true; export LDAPNOINIT
+
+echo "Running ${SCRIPT} for ${BACKEND}..."
+while [ $COUNTER -le $LOOP ]; do
+	if [ $LOOP -gt 1 ]; then
+		echo "Running $COUNTER of $LOOP iterations"
+	fi
+	$SCRIPT $*
+	RC=$?
+
+	if test $CLEAN = yes ; then
+		echo "Cleaning up test run directory from this run."
+		/bin/rm -rf ${TESTDIR}
+		echo "Cleaning up symlinks."
+		/bin/rm -f ${DATADIR} ${SCHEMADIR}
+	fi
+
+	if [ $RC -ne 0 ]; then
+		if [ $LOOP -gt 1 ]; then
+			echo "Failed after $COUNTER of $LOOP iterations"
+		fi
+		exit $RC
+	else
+		COUNTER=`expr $COUNTER + 1`
+		if [ $COUNTER -le $LOOP ]; then
+			echo "Cleaning up test run directory from this run."
+			/bin/rm -rf ${TESTDIR}
+		fi
+	fi
+done
+exit $RC
diff --git a/contrib/slapd-modules/emptyds/tests/scripts/all b/contrib/slapd-modules/emptyds/tests/scripts/all
new file mode 100755
index 0000000..a5c1774
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/scripts/all
@@ -0,0 +1,92 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+. $SRCDIR/scripts/defines.sh
+
+TB="" TN=""
+if test -t 1 ; then
+	TB=`$SHTOOL echo -e "%B" 2>/dev/null`
+	TN=`$SHTOOL echo -e "%b" 2>/dev/null`
+fi
+
+FAILCOUNT=0
+SKIPCOUNT=0
+SLEEPTIME=10
+
+echo ">>>>> Executing all LDAP tests for $BACKEND"
+
+if [ -n "$NOEXIT" ]; then
+	echo "Result	Test" > $TESTWD/results
+fi
+
+for CMD in ${SCRIPTDIR}/test*; do
+	case "$CMD" in
+		*~)		continue;;
+		*.bak)	continue;;
+		*.orig)	continue;;
+		*.sav)	continue;;
+		*)		test -f "$CMD" || continue;;
+	esac
+
+	# remove cruft from prior test
+	if test $PRESERVE = yes ; then
+		/bin/rm -rf $TESTDIR/db.*
+	else
+		/bin/rm -rf $TESTDIR
+	fi
+
+	BCMD=`basename $CMD`
+	if [ -x "$CMD" ]; then
+		echo ">>>>> Starting ${TB}$BCMD${TN} for $BACKEND..."
+		$CMD
+		RC=$?
+		if test $RC -eq 0 ; then
+			echo ">>>>> $BCMD completed ${TB}OK${TN} for $BACKEND."
+		else
+			echo ">>>>> $BCMD ${TB}failed${TN} for $BACKEND"
+			FAILCOUNT=`expr $FAILCOUNT + 1`
+
+			if [ -n "$NOEXIT" ]; then
+				echo "Continuing."
+			else
+				echo "(exit $RC)"
+				exit $RC
+			fi
+		fi
+	else
+		echo ">>>>> Skipping ${TB}$BCMD${TN} for $BACKEND."
+		SKIPCOUNT=`expr $SKIPCOUNT + 1`
+		RC="-"
+	fi
+
+	if [ -n "$NOEXIT" ]; then
+		echo "$RC	$BCMD" >> $TESTWD/results
+	fi
+
+#	echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+#	sleep $SLEEPTIME
+	echo ""
+done
+
+if [ -n "$NOEXIT" ]; then
+	if [ "$FAILCOUNT" -gt 0 ]; then
+		cat $TESTWD/results
+		echo "$FAILCOUNT tests for $BACKEND ${TB}failed${TN}. Please review the test log."
+	else
+		echo "All executed tests for $BACKEND ${TB}succeeded${TN}."
+	fi
+fi
+
+echo "$SKIPCOUNT tests for $BACKEND were ${TB}skipped${TN}."
diff --git a/contrib/slapd-modules/emptyds/tests/scripts/test001-emptyds b/contrib/slapd-modules/emptyds/tests/scripts/test001-emptyds
new file mode 100755
index 0000000..b8d715a
--- /dev/null
+++ b/contrib/slapd-modules/emptyds/tests/scripts/test001-emptyds
@@ -0,0 +1,137 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2019 by Tamim Ziai for DAASI International
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+LDIF=${TOPDIR}/tests/data/test001.out
+
+if test $ACCESSLOG = accesslogno; then
+	echo "Accesslog overlay not available, test skipped"
+	exit 0
+fi
+
+mkdir -p $TESTDIR $DBDIR1A $DBDIR1B
+
+. $CONFFILTER $BACKEND < "${TOPDIR}/tests/data/emptyds.conf" > $CONF1
+
+echo "Running slapadd to build slapd database... "
+$SLAPADD -f $CONF1 -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -f $CONF1 -h $URI1 -d $LVL >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Checking add/modify handling... "
+
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+	> $TESTOUT -f "${TOPDIR}/tests/data/test001.ldif"
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Checking modrdn handling (should still fail with invalidDNSyntax)... "
+
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+changetype: modrdn
+newrdn: cn=
+deleteoldrdn: 0
+EOMOD
+RC=$?
+case $RC in
+34)
+	echo "	ldapmodify failed ($RC)"
+	;;
+0)
+	echo "	ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+*)
+	echo "	ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Dumping accesslog..."
+
+$LDAPSEARCH -b "cn=log" -H $URI1 \
+	'objectClass=auditWriteObject' reqDN reqMod | \
+	grep -v -e 'entryCSN' -e '\(create\|modify\)Timestamp' \
+		-e '\(modifier\|creator\)sName' -e 'entryUUID' | \
+	sed -e 's/reqStart=[^,]*,/reqStart=timestamp,/' \
+	> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+# Expectations:
+# - all empty values for directoryString pruned
+# - empty adds/deletes removed, empty replaces kept
+# - remaining values keep the same order as submitted
+# - other syntaxes (especially DNs) are kept intact
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+$LDIFFILTER < $LDIF > $LDIFFLT
+
+echo "Comparing filter output..."
+$CMP $LDIFFLT $SEARCHFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/kinit/Makefile b/contrib/slapd-modules/kinit/Makefile
new file mode 100644
index 0000000..7b25ced
--- /dev/null
+++ b/contrib/slapd-modules/kinit/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB) -lkrb5
+
+PROGRAMS = kinit.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+kinit.la: kinit.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/kinit/README b/contrib/slapd-modules/kinit/README
new file mode 100644
index 0000000..7e3ebe8
--- /dev/null
+++ b/contrib/slapd-modules/kinit/README
@@ -0,0 +1,36 @@
+This directory contains the "kinit" slapd module. It is a simple plugin to
+have slapd request a Kerberos TGT and keep it renewed as long as slapd is
+running.
+
+The current implementation has only been tested against the MIT variant of
+the Kerberos libraries. (Heimdal support might come later)
+
+To use the overlay just load it into the slapd process:
+
+    moduleload </path/to>/kinit.so <principal> </path/to/key.tab>
+
+The module accepts two arguments. The first one being the principal for which
+to request the TGT (it defaults to "ldap/<your hostname>@<DEFAULTREALM>")
+and the second one is the path to the keytab file to use for
+authentication, defaulting to whatever your system wide kerberos settings
+default to).
+
+Use Makefile or the following commands should work to
+build it from inside the unpacked slapd sources, provided the required KRB5
+header files and libraries are installed on your system:
+
+    gcc -fPIC -c -I ../../../include/ -I ../../../servers/slapd kinit.c
+    gcc -shared -o kinit.so kinit.o -lkrb5
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2010-2022 The OpenLDAP Foundation.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
diff --git a/contrib/slapd-modules/kinit/kinit.c b/contrib/slapd-modules/kinit/kinit.c
new file mode 100644
index 0000000..630b6bf
--- /dev/null
+++ b/contrib/slapd-modules/kinit/kinit.c
@@ -0,0 +1,295 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2010-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#ifndef SLAPD_MOD_KINIT
+#define SLAPD_MOD_KINIT SLAPD_MOD_DYNAMIC
+#endif
+
+#ifdef SLAPD_MOD_KINIT
+
+#include <slap.h>
+#include "ldap_rq.h"
+#include <ac/errno.h>
+#include <ac/string.h>
+#include <krb5/krb5.h>
+
+typedef struct kinit_data {
+	krb5_context ctx;
+	krb5_ccache ccache;
+	krb5_keytab keytab;
+	krb5_principal princ;
+	krb5_get_init_creds_opt *opts;
+} kinit_data;
+
+static char* principal;
+static char* kt_name;
+static kinit_data *kid;
+
+static void
+log_krb5_errmsg( krb5_context ctx, const char* func, krb5_error_code rc )
+{
+	const char* errmsg = krb5_get_error_message(ctx, rc);
+	Log(LDAP_DEBUG_ANY, LDAP_LEVEL_ERR, "slapd-kinit: %s: %s\n", func, errmsg );
+	krb5_free_error_message(ctx, errmsg);
+	return;
+}
+
+static int
+kinit_check_tgt(kinit_data *kid, int *remaining)
+{
+	int ret=3;
+	krb5_principal princ;
+	krb5_error_code rc;
+	krb5_cc_cursor cursor;
+	krb5_creds creds;
+	char *name;
+	time_t now=time(NULL);
+
+	rc = krb5_cc_get_principal(kid->ctx, kid->ccache, &princ);
+	if (rc) {
+		log_krb5_errmsg(kid->ctx, "krb5_cc_get_principal", rc);
+		return 2;
+	} else {
+		if (!krb5_principal_compare(kid->ctx, kid->princ, princ)) {
+			Log(LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+					"Principal in ccache does not match requested principal\n");
+			krb5_free_principal(kid->ctx, princ);
+			return 2;
+		}
+	}
+
+	rc = krb5_cc_start_seq_get(kid->ctx, kid->ccache, &cursor);
+	if (rc) {
+		log_krb5_errmsg(kid->ctx, "krb5_cc_start_seq_get", rc);
+		krb5_free_principal(kid->ctx, princ);
+		return -1;
+	}
+
+	while (!(rc = krb5_cc_next_cred(kid->ctx, kid->ccache, &cursor, &creds))) {
+		if (krb5_is_config_principal(kid->ctx, creds.server)) {
+			krb5_free_cred_contents(kid->ctx, &creds);
+			continue;
+		}
+
+		if (creds.server->length==2 &&
+				(!strcmp(creds.server->data[0].data, "krbtgt")) &&
+				(!strcmp(creds.server->data[1].data, princ->realm.data))) {
+
+			krb5_unparse_name(kid->ctx, creds.server, &name);
+
+			*remaining = (time_t)creds.times.endtime-now;
+			if ( *remaining <= 0) {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+						"kinit_qtask: TGT (%s) expired\n", name);
+			} else {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+						"kinit_qtask: TGT (%s) expires in %dh:%02dm:%02ds\n",
+						name, *remaining/3600, (*remaining%3600)/60, *remaining%60);
+			}
+			free(name);
+
+			if (*remaining <= 30) {
+				if (creds.times.renew_till-60 > now) {
+					int renewal=creds.times.renew_till-now;
+					Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+							"kinit_qtask: Time remaining for renewal: %dh:%02dm:%02ds\n",
+							renewal/3600, (renewal%3600)/60,  renewal%60);
+					ret = 1;
+				} else {
+					Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+							"kinit_qtask: Only short time left for renewal. "
+							"Trying to re-init.\n");
+					ret = 2;
+				}
+			} else {
+				ret=0;
+			}
+			krb5_free_cred_contents(kid->ctx, &creds);
+			break;
+		}
+		krb5_free_cred_contents(kid->ctx, &creds);
+
+	}
+	krb5_cc_end_seq_get(kid->ctx, kid->ccache, &cursor);
+	krb5_free_principal(kid->ctx, princ);
+	return ret;
+}
+
+void*
+kinit_qtask( void *ctx, void *arg )
+{
+	struct re_s     *rtask = arg;
+	kinit_data	*kid = (kinit_data*)rtask->arg;
+	krb5_error_code rc;
+	krb5_creds creds;
+	int nextcheck, remaining, renew=0;
+	Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "kinit_qtask: running TGT check\n" );
+
+	memset(&creds, 0, sizeof(creds));
+
+	renew = kinit_check_tgt(kid, &remaining);
+
+	if (renew > 0) {
+		if (renew==1) {
+			Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+					"kinit_qtask: Trying to renew TGT: ");
+			rc = krb5_get_renewed_creds(kid->ctx, &creds, kid->princ, kid->ccache, NULL);
+			if (rc!=0) {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "Failed\n" );
+				log_krb5_errmsg( kid->ctx,
+						"kinit_qtask, Renewal failed: krb5_get_renewed_creds", rc );
+				renew++;
+			} else {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "Success\n" );
+				krb5_cc_initialize(kid->ctx, kid->ccache, creds.client);
+				krb5_cc_store_cred(kid->ctx, kid->ccache, &creds);
+				krb5_free_cred_contents(kid->ctx, &creds);
+				renew=kinit_check_tgt(kid, &remaining);
+			}
+		}
+		if (renew > 1) {
+			Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+					"kinit_qtask: Trying to get new TGT: ");
+			rc = krb5_get_init_creds_keytab( kid->ctx, &creds, kid->princ,
+					kid->keytab, 0, NULL, kid->opts);
+			if (rc) {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "Failed\n" );
+				log_krb5_errmsg(kid->ctx, "krb5_get_init_creds_keytab", rc);
+			} else {
+				Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "Success\n" );
+				renew=kinit_check_tgt(kid, &remaining);
+			}
+			krb5_free_cred_contents(kid->ctx, &creds);
+		}
+	}
+	if (renew == 0) {
+		nextcheck = remaining-30;
+	} else {
+		nextcheck = 60;
+	}
+
+	ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+	if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
+		ldap_pvt_runqueue_stoptask( &slapd_rq, rtask );
+	}
+	Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG,
+			"kinit_qtask: Next TGT check in %dh:%02dm:%02ds\n",
+			nextcheck/3600, (nextcheck%3600)/60,  nextcheck%60);
+	rtask->interval.tv_sec = nextcheck;
+	ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
+	slap_wake_listener();
+	ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+	return NULL;
+}
+
+int
+kinit_initialize(void)
+{
+	Log( LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "kinit_initialize\n" );
+	krb5_error_code rc;
+	struct re_s *task = NULL;
+
+	kid = ch_calloc(1, sizeof(kinit_data) );
+
+	rc = krb5_init_context( &kid->ctx );
+	if ( !rc )
+		rc = krb5_cc_default(kid->ctx, &kid->ccache );
+
+	if ( !rc ) {
+		if (!principal) {
+			int len=STRLENOF("ldap/")+global_host_bv.bv_len+1;
+			principal=ch_calloc(len, 1);
+			snprintf(principal, len, "ldap/%s", global_host_bv.bv_val);
+			Log(LDAP_DEBUG_TRACE, LDAP_LEVEL_DEBUG, "Principal <%s>\n", principal );
+
+		}
+		rc = krb5_parse_name(kid->ctx, principal, &kid->princ);
+	}
+
+	if ( !rc && kt_name) {
+		rc = krb5_kt_resolve(kid->ctx, kt_name, &kid->keytab);
+	}
+
+	if ( !rc )
+		rc = krb5_get_init_creds_opt_alloc(kid->ctx, &kid->opts);
+
+	if ( !rc )
+		rc = krb5_get_init_creds_opt_set_out_ccache( kid->ctx, kid->opts, kid->ccache);
+
+	if ( !rc ) {
+		ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
+		task = ldap_pvt_runqueue_insert( &slapd_rq, 10, kinit_qtask, (void*)kid,
+				"kinit_qtask", "ldap/bronsted.g17.lan@G17.LAN" );
+		ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
+	}
+
+	if (rc) {
+		log_krb5_errmsg(kid->ctx, "kinit_initialize", rc);
+		rc = -1;
+	}
+	return rc;
+}
+
+#if SLAPD_MOD_KINIT == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	if (argc > 0) {
+		principal = ch_strdup(argv[0]);
+	}
+	if (argc > 1) {
+		kt_name = ch_strdup(argv[1]);
+	}
+	if (argc > 2) {
+		return -1;
+	}
+	return kinit_initialize();
+}
+
+int
+term_module() {
+	if (principal)
+		ch_free(principal);
+	if (kt_name)
+		ch_free(kt_name);
+	if (kid) {
+		struct re_s *task;
+
+		task=ldap_pvt_runqueue_find( &slapd_rq, kinit_qtask, (void*)kid);
+		if (task) {
+			if ( ldap_pvt_runqueue_isrunning(&slapd_rq, task) ) {
+				ldap_pvt_runqueue_stoptask(&slapd_rq, task);
+			}
+			ldap_pvt_runqueue_remove(&slapd_rq, task);
+		}
+		if ( kid->ctx ) {
+			if ( kid->princ )
+				krb5_free_principal(kid->ctx, kid->princ);
+			if ( kid->ccache )
+				krb5_cc_close(kid->ctx, kid->ccache);
+			if ( kid->keytab )
+				krb5_kt_close(kid->ctx, kid->keytab);
+			if ( kid->opts )
+				krb5_get_init_creds_opt_free(kid->ctx, kid->opts);
+			krb5_free_context(kid->ctx);
+		}
+		ch_free(kid);
+	}
+	return 0;
+}
+#endif
+
+#endif /* SLAPD_MOD_KINIT */
+
diff --git a/contrib/slapd-modules/lastbind/Makefile b/contrib/slapd-modules/lastbind/Makefile
new file mode 100644
index 0000000..c273cd3
--- /dev/null
+++ b/contrib/slapd-modules/lastbind/Makefile
@@ -0,0 +1,68 @@
+# $OpenLDAP$
+# Copyright 2009 Jonathan Clarke <jonathan@phillipoux.net>.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_LASTBIND=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = lastbind.la
+MANPAGES = slapo-lastbind.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+lastbind.la: lastbind.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/lastbind/lastbind.c b/contrib/slapd-modules/lastbind/lastbind.c
new file mode 100644
index 0000000..bd8e782
--- /dev/null
+++ b/contrib/slapd-modules/lastbind/lastbind.c
@@ -0,0 +1,320 @@
+/* lastbind.c - Record timestamp of the last successful bind to entries */
+/* $OpenLDAP$ */
+/*
+ * Copyright 2009 Jonathan Clarke <jonathan@phillipoux.net>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work is loosely derived from the ppolicy overlay.
+ */
+
+#include "portable.h"
+
+/*
+ * This file implements an overlay that stores the timestamp of the
+ * last successful bind operation in a directory entry.
+ *
+ * Optimization: to avoid performing a write on each bind,
+ * a precision for this timestamp may be configured, causing it to
+ * only be updated if it is older than a given number of seconds.
+ */
+
+#ifdef SLAPD_OVER_LASTBIND
+
+#include <ldap.h>
+#include "lutil.h"
+#include "slap.h"
+#include <ac/errno.h>
+#include <ac/time.h>
+#include <ac/string.h>
+#include <ac/ctype.h>
+#include "slap-config.h"
+
+/* Per-instance configuration information */
+typedef struct lastbind_info {
+	/* precision to update timestamp in authTimestamp attribute */
+	int timestamp_precision;
+	int forward_updates;	/* use frontend for authTimestamp updates */
+} lastbind_info;
+
+/* Operational attributes */
+static AttributeDescription *ad_authTimestamp;
+
+/* This is the definition used by ISODE, as supplied to us in
+ * ITS#6238 Followup #9
+ */
+static struct schema_info {
+	char *def;
+	AttributeDescription **ad;
+} lastBind_OpSchema[] = {
+	{	"( 1.3.6.1.4.1.453.16.2.188 "
+		"NAME 'authTimestamp' "
+		"DESC 'last successful authentication using any method/mech' "
+		"EQUALITY generalizedTimeMatch "
+		"ORDERING generalizedTimeOrderingMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+		"SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation )",
+		&ad_authTimestamp},
+	{ NULL, NULL }
+};
+
+/* configuration attribute and objectclass */
+static ConfigTable lastbindcfg[] = {
+	{ "lastbind-precision", "seconds", 2, 2, 0,
+	  ARG_INT|ARG_OFFSET,
+	  (void *)offsetof(lastbind_info, timestamp_precision),
+	  "( OLcfgCtAt:5.1 "
+	  "NAME 'olcLastBindPrecision' "
+	  "DESC 'Precision of authTimestamp attribute' "
+	  "EQUALITY integerMatch "
+	  "SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "lastbind_forward_updates", "on|off", 1, 2, 0,
+	  ARG_ON_OFF|ARG_OFFSET,
+	  (void *)offsetof(lastbind_info,forward_updates),
+	  "( OLcfgAt:5.2 NAME 'olcLastBindForwardUpdates' "
+	  "DESC 'Allow authTimestamp updates to be forwarded via updateref' "
+	  "EQUALITY booleanMatch "
+	  "SYNTAX OMsBoolean SINGLE-VALUE )", NULL, NULL },
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs lastbindocs[] = {
+	{ "( OLcfgCtOc:5.1 "
+	  "NAME 'olcLastBindConfig' "
+	  "DESC 'Last Bind configuration' "
+	  "SUP olcOverlayConfig "
+	  "MAY ( olcLastBindPrecision $ olcLastBindForwardUpdates) )",
+	  Cft_Overlay, lastbindcfg, NULL, NULL },
+	{ NULL, 0, NULL }
+};
+
+static time_t
+parse_time( char *atm )
+{
+	struct lutil_tm tm;
+	struct lutil_timet tt;
+	time_t ret = (time_t)-1;
+
+	if ( lutil_parsetime( atm, &tm ) == 0) {
+		lutil_tm2time( &tm, &tt );
+		ret = tt.tt_sec;
+	}
+	return ret;
+}
+
+static int
+lastbind_bind_response( Operation *op, SlapReply *rs )
+{
+	Modifications *mod = NULL;
+	BackendInfo *bi = op->o_bd->bd_info;
+	Entry *e;
+	int rc;
+
+	/* we're only interested if the bind was successful */
+	if ( rs->sr_err != LDAP_SUCCESS )
+		return SLAP_CB_CONTINUE;
+
+	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+	op->o_bd->bd_info = bi;
+
+	if ( rc != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	{
+		lastbind_info *lbi = (lastbind_info *) op->o_callback->sc_private;
+
+		time_t now, bindtime = (time_t)-1;
+		Attribute *a;
+		Modifications *m;
+		char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+		struct berval timestamp;
+
+		/* get the current time */
+		now = slap_get_time();
+
+		/* get authTimestamp attribute, if it exists */
+		if ((a = attr_find( e->e_attrs, ad_authTimestamp)) != NULL) {
+			bindtime = parse_time( a->a_nvals[0].bv_val );
+
+			if (bindtime != (time_t)-1) {
+				/* if the recorded bind time is within our precision, we're done
+				 * it doesn't need to be updated (save a write for nothing) */
+				if ((now - bindtime) < lbi->timestamp_precision) {
+					goto done;
+				}
+			}
+		}
+
+		/* update the authTimestamp in the user's entry with the current time */
+		timestamp.bv_val = nowstr;
+		timestamp.bv_len = sizeof(nowstr);
+		slap_timestamp( &now, &timestamp );
+
+		m = ch_calloc( sizeof(Modifications), 1 );
+		m->sml_op = LDAP_MOD_REPLACE;
+		m->sml_flags = 0;
+		m->sml_type = ad_authTimestamp->ad_cname;
+		m->sml_desc = ad_authTimestamp;
+		m->sml_numvals = 1;
+		m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+		m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+
+		ber_dupbv( &m->sml_values[0], &timestamp );
+		ber_dupbv( &m->sml_nvalues[0], &timestamp );
+		m->sml_next = mod;
+		mod = m;
+	}
+
+done:
+	be_entry_release_r( op, e );
+
+	/* perform the update, if necessary */
+	if ( mod ) {
+		Operation op2 = *op;
+		SlapReply r2 = { REP_RESULT };
+		slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+		LDAPControl c, *ca[2];
+		lastbind_info *lbi = (lastbind_info *) op->o_callback->sc_private;
+
+		/* This is a DSA-specific opattr, it never gets replicated. */
+		op2.o_tag = LDAP_REQ_MODIFY;
+		op2.o_callback = &cb;
+		op2.orm_modlist = mod;
+		op2.orm_no_opattrs = 0;
+		op2.o_dn = op->o_bd->be_rootdn;
+		op2.o_ndn = op->o_bd->be_rootndn;
+
+		/*
+		 * Code for forwarding of updates adapted from ppolicy.c of slapo-ppolicy
+		 *
+		 * If this server is a shadow and forward_updates is true,
+		 * use the frontend to perform this modify. That will trigger
+		 * the update referral, which can then be forwarded by the
+		 * chain overlay. Obviously the updateref and chain overlay
+		 * must be configured appropriately for this to be useful.
+		 */
+		if ( SLAP_SHADOW( op->o_bd ) && lbi->forward_updates ) {
+			op2.o_bd = frontendDB;
+
+			/* Must use Relax control since these are no-user-mod */
+			op2.o_relax = SLAP_CONTROL_CRITICAL;
+			op2.o_ctrls = ca;
+			ca[0] = &c;
+			ca[1] = NULL;
+			BER_BVZERO( &c.ldctl_value );
+			c.ldctl_iscritical = 1;
+			c.ldctl_oid = LDAP_CONTROL_RELAX;
+		} else {
+			/* If not forwarding, don't update opattrs and don't replicate */
+			if ( SLAP_SINGLE_SHADOW( op->o_bd )) {
+				op2.orm_no_opattrs = 1;
+				op2.o_dont_replicate = 1;
+			}
+			/* TODO: not sure what this does in slapo-ppolicy */
+			/*
+			op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+			*/
+		}
+
+		rc = op2.o_bd->be_modify( &op2, &r2 );
+		slap_mods_free( mod, 1 );
+	}
+
+	op->o_bd->bd_info = bi;
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+lastbind_bind( Operation *op, SlapReply *rs )
+{
+	slap_callback *cb;
+	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+
+	/* setup a callback to intercept result of this bind operation
+	 * and pass along the lastbind_info struct */
+	cb = op->o_tmpcalloc( sizeof(slap_callback), 1, op->o_tmpmemctx );
+	cb->sc_response = lastbind_bind_response;
+	cb->sc_next = op->o_callback->sc_next;
+	cb->sc_private = on->on_bi.bi_private;
+	op->o_callback->sc_next = cb;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+lastbind_db_init(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst *on = (slap_overinst *) be->bd_info;
+
+	/* initialize private structure to store configuration */
+	on->on_bi.bi_private = ch_calloc( 1, sizeof(lastbind_info) );
+
+	return 0;
+}
+
+static int
+lastbind_db_close(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst *on = (slap_overinst *) be->bd_info;
+	lastbind_info *lbi = (lastbind_info *) on->on_bi.bi_private;
+
+	/* free private structure to store configuration */
+	free( lbi );
+
+	return 0;
+}
+
+static slap_overinst lastbind;
+
+int lastbind_initialize()
+{
+	int i, code;
+
+	/* register operational schema for this overlay (authTimestamp attribute) */
+	for (i=0; lastBind_OpSchema[i].def; i++) {
+		code = register_at( lastBind_OpSchema[i].def, lastBind_OpSchema[i].ad, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"lastbind_initialize: register_at failed\n" );
+			return code;
+		}
+	}
+
+	ad_authTimestamp->ad_type->sat_flags |= SLAP_AT_MANAGEABLE;
+
+	lastbind.on_bi.bi_type = "lastbind";
+	lastbind.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	lastbind.on_bi.bi_db_init = lastbind_db_init;
+	lastbind.on_bi.bi_db_close = lastbind_db_close;
+	lastbind.on_bi.bi_op_bind = lastbind_bind;
+
+	/* register configuration directives */
+	lastbind.on_bi.bi_cf_ocs = lastbindocs;
+	code = config_register_schema( lastbindcfg, lastbindocs );
+	if ( code ) return code;
+
+	return overlay_register( &lastbind );
+}
+
+#if SLAPD_OVER_LASTBIND == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return lastbind_initialize();
+}
+#endif
+
+#endif	/* defined(SLAPD_OVER_LASTBIND) */
diff --git a/contrib/slapd-modules/lastbind/slapo-lastbind.5 b/contrib/slapd-modules/lastbind/slapo-lastbind.5
new file mode 100644
index 0000000..d0da8b8
--- /dev/null
+++ b/contrib/slapd-modules/lastbind/slapo-lastbind.5
@@ -0,0 +1,108 @@
+.TH SLAPO-LASTBIND 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2009 Jonathan Clarke, All Rights Reserved.
+.\" $OpenLDAP$
+.SH NAME
+slapo-lastbind \- lastbind overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B lastbind
+overlay to
+.BR slapd (8)
+allows recording the timestamp of the last successful bind to entries
+in the directory, in the
+.B authTimestamp
+attribute.
+The overlay can be configured to update this timestamp only if it is
+older than a given value, thus avoiding large numbers of write
+operations penalizing performance.
+One sample use for this overlay would be to detect unused accounts.
+
+.SH CONFIGURATION
+The config directives that are specific to the
+.B lastbind
+overlay must be prefixed by
+.BR lastbind\- ,
+to avoid potential conflicts with directives specific to the underlying 
+database or to other stacked overlays.
+
+.TP
+.B overlay lastbind
+This directive adds the
+.B lastbind
+overlay to the current database, see
+.BR slapd.conf (5)
+for details.
+
+.LP
+This
+.B slapd.conf
+configuration option is defined for the lastbind overlay. It must
+appear after the
+.B overlay
+directive:
+.TP
+.B lastbind-precision <seconds>
+The value 
+.B <seconds>
+is the number of seconds after which to update the
+.B authTimestamp
+attribute in an entry. If the existing value of
+.B authTimestamp
+is less than 
+.B <seconds>
+old, it will not be changed. 
+If this configuration option is omitted, the
+.B authTimestamp
+attribute is updated on each successful bind operation.
+.TP
+.B lastbind_forward_updates
+Specify that updates of the authTimestamp attribute
+on a consumer should be forwarded
+to a provider instead of being written directly into the consumer's local
+database. This setting is only useful on a replication consumer, and
+also requires the
+.B updateref
+setting and
+.B chain
+overlay to be appropriately configured.
+
+.SH EXAMPLE
+This example configures the
+.B lastbind
+overlay to store
+.B authTimestamp
+in all entries in a database, with a 1 week precision.
+Add the following to
+.BR slapd.conf (5):
+
+.LP
+.nf
+    database <database>
+    # ...
+
+    overlay lastbind
+    lastbind-precision 604800
+.fi
+.LP
+.B slapd
+must also load
+.B lastbind.la,
+if compiled as a run-time module;
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd (8).
+The
+.BR slapo-lastbind (5)
+overlay supports dynamic configuration via
+.BR back-config.
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2009 by Jonathan Clarke. It is loosely
+derived from the password policy overlay.
diff --git a/contrib/slapd-modules/lastmod/Makefile b/contrib/slapd-modules/lastmod/Makefile
new file mode 100644
index 0000000..9b06c28
--- /dev/null
+++ b/contrib/slapd-modules/lastmod/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_LASTMOD=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = lastmod.la
+MANPAGES = slapo-lastmod.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+lastmod.la: lastmod.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/lastmod/lastmod.c b/contrib/slapd-modules/lastmod/lastmod.c
new file mode 100644
index 0000000..116b9ae
--- /dev/null
+++ b/contrib/slapd-modules/lastmod/lastmod.c
@@ -0,0 +1,963 @@
+/* lastmod.c - returns last modification info */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_LASTMOD
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+typedef struct lastmod_info_t {
+	struct berval		lmi_rdnvalue;
+	Entry			*lmi_e;
+	ldap_pvt_thread_mutex_t	lmi_entry_mutex;
+	int			lmi_enabled;
+} lastmod_info_t;
+
+struct lastmod_schema_t {
+	ObjectClass		*lms_oc_lastmod;
+	AttributeDescription	*lms_ad_lastmodDN;
+	AttributeDescription	*lms_ad_lastmodType;
+	AttributeDescription	*lms_ad_lastmodEnabled;
+} lastmod_schema;
+
+enum lastmodType_e {
+	LASTMOD_ADD = 0,
+	LASTMOD_DELETE,
+	LASTMOD_EXOP,
+	LASTMOD_MODIFY,
+	LASTMOD_MODRDN,
+	LASTMOD_UNKNOWN
+};
+
+struct berval lastmodType[] = {
+	BER_BVC( "add" ),
+	BER_BVC( "delete" ),
+	BER_BVC( "exop" ),
+	BER_BVC( "modify" ),
+	BER_BVC( "modrdn" ),
+	BER_BVC( "unknown" ),
+	BER_BVNULL
+};
+
+static struct m_s {
+	char			*schema;
+	slap_mask_t 		flags;
+	int			offset;
+} moc[] = {
+	{ "( 1.3.6.1.4.1.4203.666.3.13"
+		"NAME 'lastmod' "
+		"DESC 'OpenLDAP per-database last modification monitoring' "
+		"STRUCTURAL "
+		"SUP top "
+		"MUST cn "
+		"MAY ( "
+			"lastmodDN "
+			"$ lastmodType "
+			"$ description "
+			"$ seeAlso "
+		") )", SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
+		offsetof( struct lastmod_schema_t, lms_oc_lastmod ) },
+	{ NULL }
+}, mat[] = {
+	{ "( 1.3.6.1.4.1.4203.666.1.28"
+		"NAME 'lastmodDN' "
+		"DESC 'DN of last modification' "
+		"EQUALITY distinguishedNameMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
+		"NO-USER-MODIFICATION "
+		"USAGE directoryOperation )", SLAP_AT_HIDE,
+		offsetof( struct lastmod_schema_t, lms_ad_lastmodDN ) },
+	{ "( 1.3.6.1.4.1.4203.666.1.29"
+		"NAME 'lastmodType' "
+		"DESC 'Type of last modification' "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
+		"EQUALITY caseIgnoreMatch "
+		"SINGLE-VALUE "
+		"NO-USER-MODIFICATION "
+		"USAGE directoryOperation )", SLAP_AT_HIDE,
+		offsetof( struct lastmod_schema_t, lms_ad_lastmodType ) },
+	{ "( 1.3.6.1.4.1.4203.666.1.30"
+		"NAME 'lastmodEnabled' "
+		"DESC 'Lastmod overlay state' "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
+		"EQUALITY booleanMatch "
+		"SINGLE-VALUE )", 0,
+		offsetof( struct lastmod_schema_t, lms_ad_lastmodEnabled ) },
+	{ NULL }
+
+	/* FIXME: what about UUID of last modified entry? */
+};
+
+static int
+lastmod_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	int			rc;
+
+	/* if we get here, it must be a success */
+	rs->sr_err = LDAP_SUCCESS;
+
+	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+	rc = test_filter( op, lmi->lmi_e, op->oq_search.rs_filter );
+	if ( rc == LDAP_COMPARE_TRUE ) {
+		rs->sr_attrs = op->ors_attrs;
+		rs->sr_flags = 0;
+		rs->sr_entry = lmi->lmi_e;
+		rs->sr_err = send_search_entry( op, rs );
+		rs->sr_entry = NULL;
+		rs->sr_flags = 0;
+		rs->sr_attrs = NULL;
+	}
+
+	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+	send_ldap_result( op, rs );
+
+	return 0;
+}
+
+static int
+lastmod_compare( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	Attribute		*a;
+
+	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+	if ( get_assert( op ) &&
+		( test_filter( op, lmi->lmi_e, get_assertion( op ) ) != LDAP_COMPARE_TRUE ) )
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
+	rs->sr_err = access_allowed( op, lmi->lmi_e, op->oq_compare.rs_ava->aa_desc,
+		&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+	if ( ! rs->sr_err ) {
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		goto return_results;
+	}
+
+	rs->sr_err = LDAP_NO_SUCH_ATTRIBUTE;
+
+	for ( a = attr_find( lmi->lmi_e->e_attrs, op->oq_compare.rs_ava->aa_desc );
+		a != NULL;
+		a = attr_find( a->a_next, op->oq_compare.rs_ava->aa_desc ) )
+	{
+		rs->sr_err = LDAP_COMPARE_FALSE;
+
+		if ( value_find_ex( op->oq_compare.rs_ava->aa_desc,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+			a->a_nvals, &op->oq_compare.rs_ava->aa_value, op->o_tmpmemctx ) == 0 )
+		{
+			rs->sr_err = LDAP_COMPARE_TRUE;
+			break;
+		}
+	}
+
+return_results:;
+
+	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+	send_ldap_result( op, rs );
+
+	if( rs->sr_err == LDAP_COMPARE_FALSE || rs->sr_err == LDAP_COMPARE_TRUE ) {
+		rs->sr_err = LDAP_SUCCESS;
+	}
+
+	return rs->sr_err;
+}
+
+static int
+lastmod_exop( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+
+	/* Temporary */
+
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+	rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+	rs->sr_text = "not allowed within namingContext";
+	send_ldap_result( op, rs );
+	rs->sr_text = NULL;
+	
+	return -1;
+}
+
+static int
+lastmod_modify( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	Modifications		*ml;
+
+	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+	if ( !acl_check_modlist( op, lmi->lmi_e, op->orm_modlist ) ) {
+		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		goto cleanup;
+	}
+
+	for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+		Attribute	*a;
+
+		if ( ml->sml_desc != lastmod_schema.lms_ad_lastmodEnabled ) {
+			continue;
+		}
+
+		if ( ml->sml_op != LDAP_MOD_REPLACE ) {
+			rs->sr_text = "unsupported mod type";
+			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+			goto cleanup;
+		}
+		
+		a = attr_find( lmi->lmi_e->e_attrs, ml->sml_desc );
+
+		if ( a == NULL ) {
+			rs->sr_text = "lastmod overlay internal error";
+			rs->sr_err = LDAP_OTHER;
+			goto cleanup;
+		}
+
+		ch_free( a->a_vals[ 0 ].bv_val );
+		ber_dupbv( &a->a_vals[ 0 ], &ml->sml_values[ 0 ] );
+		if ( a->a_nvals ) {
+			ch_free( a->a_nvals[ 0 ].bv_val );
+			if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[ 0 ] ) ) {
+				ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_nvalues[ 0 ] );
+			} else {
+				ber_dupbv( &a->a_nvals[ 0 ], &ml->sml_values[ 0 ] );
+			}
+		}
+
+		if ( strcmp( ml->sml_values[ 0 ].bv_val, "TRUE" ) == 0 ) {
+			lmi->lmi_enabled = 1;
+		} else if ( strcmp( ml->sml_values[ 0 ].bv_val, "FALSE" ) == 0 ) {
+			lmi->lmi_enabled = 0;
+		} else {
+			assert( 0 );
+		}
+	}
+
+	rs->sr_err = LDAP_SUCCESS;
+
+cleanup:;
+	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+	send_ldap_result( op, rs );
+	rs->sr_text = NULL;
+
+	return rs->sr_err;
+}
+
+static int
+lastmod_op_func( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	Modifications		*ml;
+
+	if ( dn_match( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
+		switch ( op->o_tag ) {
+		case LDAP_REQ_SEARCH:
+			if ( op->ors_scope != LDAP_SCOPE_BASE ) {
+				goto return_referral;
+			}
+			/* process */
+			return lastmod_search( op, rs );
+
+		case LDAP_REQ_COMPARE:
+			return lastmod_compare( op, rs );
+
+		case LDAP_REQ_EXTENDED:
+			/* if write, reject; otherwise process */
+			if ( exop_is_write( op )) {
+				rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+				rs->sr_text = "not allowed within namingContext";
+				goto return_error;
+			}
+			return lastmod_exop( op, rs );
+
+		case LDAP_REQ_MODIFY:
+			/* allow only changes to overlay status */
+			for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+				if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifiersName ) != 0
+						&& ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) != 0
+						&& ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) != 0
+						&& ad_cmp( ml->sml_desc, lastmod_schema.lms_ad_lastmodEnabled ) != 0 )
+				{
+					rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+					rs->sr_text = "not allowed within namingContext";
+					goto return_error;
+				}
+			}
+			return lastmod_modify( op, rs );
+
+		default:
+			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+			rs->sr_text = "not allowed within namingContext";
+			goto return_error;
+		}
+	}
+
+	if ( dnIsSuffix( &op->o_req_ndn, &lmi->lmi_e->e_nname ) ) {
+		goto return_referral;
+	}
+
+	return SLAP_CB_CONTINUE;
+
+return_referral:;
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+	rs->sr_ref = referral_rewrite( default_referral,
+			NULL, &op->o_req_dn, op->ors_scope );
+
+	if ( !rs->sr_ref ) {
+		rs->sr_ref = default_referral;
+	}
+	rs->sr_err = LDAP_REFERRAL;
+	send_ldap_result( op, rs );
+
+	if ( rs->sr_ref != default_referral ) {
+		ber_bvarray_free( rs->sr_ref );
+	}
+	rs->sr_ref = NULL;
+
+	return -1;
+
+return_error:;
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+	send_ldap_result( op, rs );
+	rs->sr_text = NULL;
+
+	return -1;
+}
+
+static int
+best_guess( Operation *op,
+		struct berval *bv_entryCSN, struct berval *bv_nentryCSN,
+		struct berval *bv_modifyTimestamp, struct berval *bv_nmodifyTimestamp,
+		struct berval *bv_modifiersName, struct berval *bv_nmodifiersName )
+{
+	if ( bv_entryCSN ) {
+		char		csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
+		struct berval	entryCSN;
+	
+		entryCSN.bv_val = csnbuf;
+		entryCSN.bv_len = sizeof( csnbuf );
+		slap_get_csn( NULL, &entryCSN, 0 );
+
+		ber_dupbv( bv_entryCSN, &entryCSN );
+		ber_dupbv( bv_nentryCSN, &entryCSN );
+	}
+
+	if ( bv_modifyTimestamp ) {
+		char		tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+		struct berval timestamp;
+		time_t		currtime;
+
+		/* best guess */
+#if 0
+		currtime = slap_get_time();
+#endif
+		/* maybe we better use the time the operation was initiated */
+		currtime = op->o_time;
+
+		timestamp.bv_val = tmbuf;
+		timestamp.bv_len = sizeof(tmbuf);
+		slap_timestamp( &currtime, &timestamp );
+
+		ber_dupbv( bv_modifyTimestamp, &timestamp );
+		ber_dupbv( bv_nmodifyTimestamp, bv_modifyTimestamp );
+	}
+
+	if ( bv_modifiersName ) {
+		/* best guess */
+		ber_dupbv( bv_modifiersName, &op->o_dn );
+		ber_dupbv( bv_nmodifiersName, &op->o_ndn );
+	}
+
+	return 0;
+}
+
+static int
+lastmod_update( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	Attribute		*a;
+	Modifications		*ml = NULL;
+	struct berval		bv_entryCSN = BER_BVNULL,
+				bv_nentryCSN = BER_BVNULL,
+				bv_modifyTimestamp = BER_BVNULL,
+				bv_nmodifyTimestamp = BER_BVNULL,
+				bv_modifiersName = BER_BVNULL,
+				bv_nmodifiersName = BER_BVNULL,
+				bv_name = BER_BVNULL,
+				bv_nname = BER_BVNULL;
+	enum lastmodType_e	lmt = LASTMOD_UNKNOWN;
+	Entry			*e = NULL;
+	int			rc = -1;
+
+	/* FIXME: timestamp? modifier? */
+	switch ( op->o_tag ) {
+	case LDAP_REQ_ADD:
+		lmt = LASTMOD_ADD;
+		e = op->ora_e;
+		a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
+		if ( a != NULL ) {
+			ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
+			if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+				ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
+			} else {
+				ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
+			}
+		}
+		a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+		if ( a != NULL ) {
+			ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
+			if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+				ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
+			} else {
+				ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
+			}
+		}
+		a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
+		if ( a != NULL ) {
+			ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
+			ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
+		}
+		ber_dupbv( &bv_name, &e->e_name );
+		ber_dupbv( &bv_nname, &e->e_nname );
+		break;
+
+	case LDAP_REQ_DELETE:
+		lmt = LASTMOD_DELETE;
+
+		best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+				&bv_modifyTimestamp, &bv_nmodifyTimestamp,
+				&bv_modifiersName, &bv_nmodifiersName );
+
+		ber_dupbv( &bv_name, &op->o_req_dn );
+		ber_dupbv( &bv_nname, &op->o_req_ndn );
+		break;
+
+	case LDAP_REQ_EXTENDED:
+		lmt = LASTMOD_EXOP;
+
+		/* actually, password change is wrapped around a backend 
+		 * call to modify, so it never shows up as an exop... */
+		best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+				&bv_modifyTimestamp, &bv_nmodifyTimestamp,
+				&bv_modifiersName, &bv_nmodifiersName );
+
+		ber_dupbv( &bv_name, &op->o_req_dn );
+		ber_dupbv( &bv_nname, &op->o_req_ndn );
+		break;
+
+	case LDAP_REQ_MODIFY:
+		lmt = LASTMOD_MODIFY;
+		rc = 3;
+
+		for ( ml = op->orm_modlist; ml; ml = ml->sml_next ) {
+			if ( ad_cmp( ml->sml_desc , slap_schema.si_ad_modifiersName ) == 0 ) {
+				ber_dupbv( &bv_modifiersName, &ml->sml_values[0] );
+				ber_dupbv( &bv_nmodifiersName, &ml->sml_nvalues[0] );
+
+				rc--;
+				if ( !rc ) {
+					break;
+				}
+
+			} else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_entryCSN ) == 0 ) {
+				ber_dupbv( &bv_entryCSN, &ml->sml_values[0] );
+				if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
+					ber_dupbv( &bv_nentryCSN, &ml->sml_nvalues[0] );
+				} else {
+					ber_dupbv( &bv_nentryCSN, &ml->sml_values[0] );
+				}
+
+				rc --;
+				if ( !rc ) {
+					break;
+				}
+
+			} else if ( ad_cmp( ml->sml_desc, slap_schema.si_ad_modifyTimestamp ) == 0 ) {
+				ber_dupbv( &bv_modifyTimestamp, &ml->sml_values[0] );
+				if ( ml->sml_nvalues && !BER_BVISNULL( &ml->sml_nvalues[0] ) ) {
+					ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_nvalues[0] );
+				} else {
+					ber_dupbv( &bv_nmodifyTimestamp, &ml->sml_values[0] );
+				}
+
+				rc --;
+				if ( !rc ) {
+					break;
+				}
+			}
+		}
+
+		/* if rooted at global overlay, opattrs are not yet in place */
+		if ( BER_BVISNULL( &bv_modifiersName ) ) {
+			best_guess( op, NULL, NULL, NULL, NULL, &bv_modifiersName, &bv_nmodifiersName );
+		}
+
+		if ( BER_BVISNULL( &bv_entryCSN ) ) {
+			best_guess( op, &bv_entryCSN, &bv_nentryCSN, NULL, NULL, NULL, NULL );
+		}
+
+		if ( BER_BVISNULL( &bv_modifyTimestamp ) ) {
+			best_guess( op, NULL, NULL, &bv_modifyTimestamp, &bv_nmodifyTimestamp, NULL, NULL );
+		}
+
+		ber_dupbv( &bv_name, &op->o_req_dn );
+		ber_dupbv( &bv_nname, &op->o_req_ndn );
+		break;
+
+	case LDAP_REQ_MODRDN:
+		lmt = LASTMOD_MODRDN;
+		e = NULL;
+
+		if ( op->orr_newSup && !BER_BVISNULL( op->orr_newSup ) ) {
+			build_new_dn( &bv_name, op->orr_newSup, &op->orr_newrdn, NULL );
+			build_new_dn( &bv_nname, op->orr_nnewSup, &op->orr_nnewrdn, NULL );
+
+		} else {
+			struct berval	pdn;
+
+			dnParent( &op->o_req_dn, &pdn );
+			build_new_dn( &bv_name, &pdn, &op->orr_newrdn, NULL );
+
+			dnParent( &op->o_req_ndn, &pdn );
+			build_new_dn( &bv_nname, &pdn, &op->orr_nnewrdn, NULL );
+		}
+
+		if ( on->on_info->oi_orig->bi_entry_get_rw ) {
+			BackendInfo	*bi = op->o_bd->bd_info;
+			int		rc;
+
+			op->o_bd->bd_info = (BackendInfo *)on->on_info->oi_orig;
+			rc = op->o_bd->bd_info->bi_entry_get_rw( op, &bv_name, NULL, NULL, 0, &e );
+			if ( rc == LDAP_SUCCESS ) {
+				a = attr_find( e->e_attrs, slap_schema.si_ad_modifiersName );
+				if ( a != NULL ) {
+					ber_dupbv( &bv_modifiersName, &a->a_vals[0] );
+					ber_dupbv( &bv_nmodifiersName, &a->a_nvals[0] );
+				}
+				a = attr_find( e->e_attrs, slap_schema.si_ad_entryCSN );
+				if ( a != NULL ) {
+					ber_dupbv( &bv_entryCSN, &a->a_vals[0] );
+					if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+						ber_dupbv( &bv_nentryCSN, &a->a_nvals[0] );
+					} else {
+						ber_dupbv( &bv_nentryCSN, &a->a_vals[0] );
+					}
+				}
+				a = attr_find( e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+				if ( a != NULL ) {
+					ber_dupbv( &bv_modifyTimestamp, &a->a_vals[0] );
+					if ( a->a_nvals && !BER_BVISNULL( &a->a_nvals[0] ) ) {
+						ber_dupbv( &bv_nmodifyTimestamp, &a->a_nvals[0] );
+					} else {
+						ber_dupbv( &bv_nmodifyTimestamp, &a->a_vals[0] );
+					}
+				}
+
+				assert( dn_match( &bv_name, &e->e_name ) );
+				assert( dn_match( &bv_nname, &e->e_nname ) );
+
+				op->o_bd->bd_info->bi_entry_release_rw( op, e, 0 );
+			}
+
+			op->o_bd->bd_info = bi;
+
+		}
+
+		/* if !bi_entry_get_rw || bi_entry_get_rw failed for any reason... */
+		if ( e == NULL ) {
+			best_guess( op, &bv_entryCSN, &bv_nentryCSN,
+					&bv_modifyTimestamp, &bv_nmodifyTimestamp,
+					&bv_modifiersName, &bv_nmodifiersName );
+		}
+
+		break;
+
+	default:
+		return -1;
+	}
+	
+	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+
+#if 0
+	fprintf( stderr, "### lastmodDN: %s %s\n", bv_name.bv_val, bv_nname.bv_val );
+#endif
+
+	a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodDN );
+	if ( a == NULL ) {
+		goto error_return;
+	}
+	ch_free( a->a_vals[0].bv_val );
+	a->a_vals[0] = bv_name;
+	ch_free( a->a_nvals[0].bv_val );
+	a->a_nvals[0] = bv_nname;
+
+#if 0
+	fprintf( stderr, "### lastmodType: %s %s\n", lastmodType[ lmt ].bv_val, lastmodType[ lmt ].bv_val );
+#endif
+
+	a = attr_find( lmi->lmi_e->e_attrs, lastmod_schema.lms_ad_lastmodType );
+	if ( a == NULL ) {
+		goto error_return;
+	} 
+	ch_free( a->a_vals[0].bv_val );
+	ber_dupbv( &a->a_vals[0], &lastmodType[ lmt ] );
+	ch_free( a->a_nvals[0].bv_val );
+	ber_dupbv( &a->a_nvals[0], &lastmodType[ lmt ] );
+
+#if 0
+	fprintf( stderr, "### modifiersName: %s %s\n", bv_modifiersName.bv_val, bv_nmodifiersName.bv_val );
+#endif
+
+	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifiersName );
+	if ( a == NULL ) {
+		goto error_return;
+	} 
+	ch_free( a->a_vals[0].bv_val );
+	a->a_vals[0] = bv_modifiersName;
+	ch_free( a->a_nvals[0].bv_val );
+	a->a_nvals[0] = bv_nmodifiersName;
+
+#if 0
+	fprintf( stderr, "### modifyTimestamp: %s %s\n", bv_nmodifyTimestamp.bv_val, bv_modifyTimestamp.bv_val );
+#endif
+
+	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_modifyTimestamp );
+	if ( a == NULL ) {
+		goto error_return;
+	} 
+	ch_free( a->a_vals[0].bv_val );
+	a->a_vals[0] = bv_modifyTimestamp;
+	ch_free( a->a_nvals[0].bv_val );
+	a->a_nvals[0] = bv_nmodifyTimestamp;
+
+#if 0
+	fprintf( stderr, "### entryCSN: %s %s\n", bv_nentryCSN.bv_val, bv_entryCSN.bv_val );
+#endif
+
+	a = attr_find( lmi->lmi_e->e_attrs, slap_schema.si_ad_entryCSN );
+	if ( a == NULL ) {
+		goto error_return;
+	} 
+	ch_free( a->a_vals[0].bv_val );
+	a->a_vals[0] = bv_entryCSN;
+	ch_free( a->a_nvals[0].bv_val );
+	a->a_nvals[0] = bv_nentryCSN;
+
+	rc = 0;
+
+error_return:;
+	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+	
+	return rc;
+}
+
+static int
+lastmod_response( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+	/* don't record failed operations */
+	switch ( rs->sr_err ) {
+	case LDAP_SUCCESS:
+		/* FIXME: other cases? */
+		break;
+
+	default:
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* record only write operations */
+	switch ( op->o_tag ) {
+	case LDAP_REQ_ADD:
+	case LDAP_REQ_MODIFY:
+	case LDAP_REQ_MODRDN:
+	case LDAP_REQ_DELETE:
+		break;
+
+	case LDAP_REQ_EXTENDED:
+		/* if write, process */
+		if ( exop_is_write( op ))
+			break;
+
+		/* fall thru */
+	default:
+		return SLAP_CB_CONTINUE;
+	}
+
+	/* skip if disabled */
+	ldap_pvt_thread_mutex_lock( &lmi->lmi_entry_mutex );
+	if ( !lmi->lmi_enabled ) {
+		ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+		return SLAP_CB_CONTINUE;
+	}
+	ldap_pvt_thread_mutex_unlock( &lmi->lmi_entry_mutex );
+
+	(void)lastmod_update( op, rs );
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+lastmod_db_init( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst		*on = (slap_overinst *)be->bd_info;
+	lastmod_info_t		*lmi;
+
+	if ( lastmod_schema.lms_oc_lastmod == NULL ) {
+		int		i;
+		const char 	*text;
+
+		/* schema integration */
+		for ( i = 0; mat[i].schema; i++ ) {
+			int			code;
+			AttributeDescription	**ad =
+				((AttributeDescription **)&(((char *)&lastmod_schema)[mat[i].offset]));
+			ad[0] = NULL;
+
+			code = register_at( mat[i].schema, ad, 0 );
+			if ( code ) {
+				Debug( LDAP_DEBUG_ANY,
+					"lastmod_init: register_at failed\n" );
+				return -1;
+			}
+			(*ad)->ad_type->sat_flags |= mat[i].flags;
+		}
+
+		for ( i = 0; moc[i].schema; i++ ) {
+			int			code;
+			ObjectClass		**Oc =
+				((ObjectClass **)&(((char *)&lastmod_schema)[moc[i].offset]));
+	
+			code = register_oc( moc[i].schema, Oc, 0 );
+			if ( code ) {
+				Debug( LDAP_DEBUG_ANY,
+					"lastmod_init: register_oc failed\n" );
+				return -1;
+			}
+			(*Oc)->soc_flags |= moc[i].flags;
+		}
+	}
+
+	lmi = (lastmod_info_t *)ch_malloc( sizeof( lastmod_info_t ) );
+
+	memset( lmi, 0, sizeof( lastmod_info_t ) );
+	lmi->lmi_enabled = 1;
+	
+	on->on_bi.bi_private = lmi;
+
+	return 0;
+}
+
+static int
+lastmod_db_config(
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char	**argv
+)
+{
+	slap_overinst		*on = (slap_overinst *)be->bd_info;
+	lastmod_info_t		*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+	if ( strcasecmp( argv[ 0 ], "lastmod-rdnvalue" ) == 0 ) {
+		if ( lmi->lmi_rdnvalue.bv_val ) {
+			/* already defined! */
+			ch_free( lmi->lmi_rdnvalue.bv_val );
+		}
+
+		ber_str2bv( argv[ 1 ], 0, 1, &lmi->lmi_rdnvalue );
+
+	} else if ( strcasecmp( argv[ 0 ], "lastmod-enabled" ) == 0 ) {
+		if ( strcasecmp( argv[ 1 ], "yes" ) == 0 ) {
+			lmi->lmi_enabled = 1;
+
+		} else if ( strcasecmp( argv[ 1 ], "no" ) == 0 ) {
+			lmi->lmi_enabled = 0;
+
+		} else {
+			return -1;
+		}
+
+	} else {
+		return SLAP_CONF_UNKNOWN;
+	}
+
+	return 0;
+}
+
+static int
+lastmod_db_open( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst	*on = (slap_overinst *) be->bd_info;
+	lastmod_info_t	*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+	char		buf[ 8192 ];
+	static char		tmbuf[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+
+	char			csnbuf[ LDAP_PVT_CSNSTR_BUFSIZE ];
+	struct berval		entryCSN;
+	struct berval timestamp;
+
+	if ( !SLAP_LASTMOD( be ) ) {
+		fprintf( stderr, "set \"lastmod on\" to make this overlay effective\n" );
+		return -1;
+	}
+
+	/*
+	 * Start
+	 */
+	timestamp.bv_val = tmbuf;
+	timestamp.bv_len = sizeof(tmbuf);
+	slap_timestamp( &starttime, &timestamp );
+
+	entryCSN.bv_val = csnbuf;
+	entryCSN.bv_len = sizeof( csnbuf );
+	slap_get_csn( NULL, &entryCSN, 0 );
+
+	if ( BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
+		ber_str2bv( "Lastmod", 0, 1, &lmi->lmi_rdnvalue );
+	}
+
+	snprintf( buf, sizeof( buf ),
+			"dn: cn=%s%s%s\n"
+			"objectClass: %s\n"
+			"structuralObjectClass: %s\n"
+			"cn: %s\n"
+			"description: This object contains the last modification to this database\n"
+			"%s: cn=%s%s%s\n"
+			"%s: %s\n"
+			"%s: %s\n"
+			"createTimestamp: %s\n"
+			"creatorsName: %s\n"
+			"entryCSN: %s\n"
+			"modifyTimestamp: %s\n"
+			"modifiersName: %s\n"
+			"hasSubordinates: FALSE\n",
+			lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
+			lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
+			lastmod_schema.lms_oc_lastmod->soc_cname.bv_val,
+			lmi->lmi_rdnvalue.bv_val,
+			lastmod_schema.lms_ad_lastmodDN->ad_cname.bv_val,
+				lmi->lmi_rdnvalue.bv_val, BER_BVISEMPTY( &be->be_suffix[ 0 ] ) ? "" : ",", be->be_suffix[ 0 ].bv_val,
+			lastmod_schema.lms_ad_lastmodType->ad_cname.bv_val, lastmodType[ LASTMOD_ADD ].bv_val,
+			lastmod_schema.lms_ad_lastmodEnabled->ad_cname.bv_val, lmi->lmi_enabled ? "TRUE" : "FALSE",
+			tmbuf,
+			BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val,
+			entryCSN.bv_val,
+			tmbuf,
+			BER_BVISNULL( &be->be_rootdn ) ? SLAPD_ANONYMOUS : be->be_rootdn.bv_val );
+
+#if 0
+	fprintf( stderr, "# entry:\n%s\n", buf );
+#endif
+
+	lmi->lmi_e = str2entry( buf );
+	if ( lmi->lmi_e == NULL ) {
+		return -1;
+	}
+
+	ldap_pvt_thread_mutex_init( &lmi->lmi_entry_mutex );
+
+	return 0;
+}
+
+static int
+lastmod_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	lastmod_info_t	*lmi = (lastmod_info_t *)on->on_bi.bi_private;
+
+	if ( lmi ) {
+		if ( !BER_BVISNULL( &lmi->lmi_rdnvalue ) ) {
+			ch_free( lmi->lmi_rdnvalue.bv_val );
+		}
+
+		if ( lmi->lmi_e ) {
+			entry_free( lmi->lmi_e );
+
+			ldap_pvt_thread_mutex_destroy( &lmi->lmi_entry_mutex );
+		}
+
+		ch_free( lmi );
+	}
+
+	return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst 		lastmod;
+
+int
+lastmod_initialize()
+{
+	lastmod.on_bi.bi_type = "lastmod";
+	lastmod.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	lastmod.on_bi.bi_db_init = lastmod_db_init;
+	lastmod.on_bi.bi_db_config = lastmod_db_config;
+	lastmod.on_bi.bi_db_destroy = lastmod_db_destroy;
+	lastmod.on_bi.bi_db_open = lastmod_db_open;
+
+	lastmod.on_bi.bi_op_add = lastmod_op_func;
+	lastmod.on_bi.bi_op_compare = lastmod_op_func;
+	lastmod.on_bi.bi_op_delete = lastmod_op_func;
+	lastmod.on_bi.bi_op_modify = lastmod_op_func;
+	lastmod.on_bi.bi_op_modrdn = lastmod_op_func;
+	lastmod.on_bi.bi_op_search = lastmod_op_func;
+	lastmod.on_bi.bi_extended = lastmod_op_func;
+
+	lastmod.on_response = lastmod_response;
+
+	return overlay_register( &lastmod );
+}
+
+#if SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return lastmod_initialize();
+}
+#endif /* SLAPD_OVER_LASTMOD == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_LASTMOD) */
diff --git a/contrib/slapd-modules/lastmod/slapo-lastmod.5 b/contrib/slapd-modules/lastmod/slapo-lastmod.5
new file mode 100644
index 0000000..ea0ca23
--- /dev/null
+++ b/contrib/slapd-modules/lastmod/slapo-lastmod.5
@@ -0,0 +1,185 @@
+.\" Copyright 2004-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.TH SLAPO_LASTMOD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.SH NAME
+slapo-lastmod \- Last Modification overlay
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+.LP
+The 
+.B lastmod
+overlay creates a service entry rooted at the suffix of the database
+it's stacked onto, which holds the DN, the modification type,
+the modifiersName and the modifyTimestamp of the last write operation
+performed on that database.
+The lastmod overlay cannot be used when the "lastmod" feature
+is disabled, i.e. "lastmod off" is used.
+.P
+All operations targeted at the DN of the lastmod entry are rejected,
+except reads, i.e. searches with 
+.B base
+scope.
+Regular operations are ignored, unless they result in writing; then,
+in case of success, the lastmod entry is updated accordingly,
+if possible.
+
+.SH CONFIGURATION
+These 
+.B slapd.conf
+configuration options apply to the lastmod overlay. They must appear
+after the
+.B overlay
+directive.
+.TP
+.B lastmod-rdnvalue <RDN value>
+Specify the value of the RDN used for the service entry.  By default
+.I Lastmod
+is used.
+.TP
+.B lastmod-enabled {yes|no}
+Specify whether the overlay must be enabled or not at startup.
+By default, the overlay is enabled; however, by changing the boolean
+value of the attribute
+.IR lastmodEnabled ,
+one can affect the status of the overlay.
+This is useful, for instance, to inhibit the overlay from keeping track
+of large bulk loads or deletions.
+
+.SH OBJECT CLASS
+The 
+.B lastmod
+overlay depends on the
+.B lastmod
+objectClass.  The definition of that class is as follows:
+.LP
+.RS 4
+( 1.3.6.1.4.1.4203.666.3.13 "
+    NAME 'lastmod'
+    DESC 'OpenLDAP per-database last modification monitoring'
+    STRUCTURAL
+    SUP top
+    MUST ( cn $ lastmodDN $ lastmodType )
+    MAY ( description $ seeAlso ) )
+.RE
+
+.SH ATTRIBUTES
+.P
+Each one of the sections below details the meaning and use of a particular
+attribute of this
+.B lastmod
+objectClass.
+Most of the attributes that are specific to the lastmod objectClass are
+operational, since they can logically be altered only by the DSA.
+The most notable exception is the
+.I lastmodEnabled
+attributeType, which can be altered via protocol to change the status
+of the overlay.
+.P
+
+.B lastmodEnabled
+.P
+This attribute contains a boolean flag that determines the status
+of the overlay.  It can be altered via protocol by issuing a modify
+operation that replaces the value of the attribute.
+.LP
+.RS 4
+(  1.3.6.1.4.1.4203.666.1.30
+   NAME 'lastmodEnabled'
+   DESC 'Lastmod overlay state'
+   SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+   EQUALITY booleanMatch
+   SINGLE-VALUE )
+.RE
+
+.SH OPERATIONAL ATTRIBUTES
+.P
+Each one of the sections below details the meaning and use of a particular
+attribute of this
+.B lastmod
+objectClass.
+Most of the attributes that are specific to the lastmod objectClass are
+operational, since they can logically be altered only by the DSA.
+.P
+
+.B lastmodDN
+.P
+This attribute contains the distinguished name of the entry
+that was last modified within the naming context of a database.
+.LP
+.RS 4
+(  1.3.6.1.4.1.4203.666.1.28
+   NAME 'lastmodDN'
+   DESC 'DN of last modification'
+   EQUALITY distinguishedNameMatch
+   SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+   NO-USER-MODIFICATION
+   USAGE directoryOperation )
+.RE
+
+.B lastmodType
+.P
+This attribute contains the type of the modification that occurred
+to the last modified entry.  Legal values are
+.BR add ,
+.BR delete ,
+.BR exop ,
+.BR modify ,
+.B modrdn
+and
+.BR unknown .
+The latter should only be used as a fall-thru in case of unhandled
+request types that are considered equivalent to a write operation.
+.LP
+.RS 4
+(  1.3.6.1.4.1.4203.666.1.29
+   NAME 'lastmodType'
+   DESC 'Type of last modification'
+   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+   EQUALITY caseIgnoreMatch
+   SINGLE-VALUE
+   NO-USER-MODIFICATION
+   USAGE directoryOperation )
+.RE
+
+
+.SH EXAMPLES
+.LP
+.RS
+.nf
+database    mdb
+suffix      dc=example,dc=com
+\...
+overlay     lastmod
+lastmod-rdnvalue "Last Modification"
+.fi
+.RE
+
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd.conf (5),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH BUGS
+It is unclear whether this overlay can safely interoperate 
+with other overlays.
+If the underlying backend does not implement entry_get/entry_release
+handlers, modrdn update can become tricky.
+The code needs some cleanup and more consistent error handling.
+So far, the OIDs for the schema haven't been assigned yet.
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2004 by Pierangelo Masarati in fulfillment
+of requirements from SysNet s.n.c.; this man page has been copied
+from 
+.BR slapo-ppolicy (5),
+and most of the overlays ever written are copied from Howard Chu's
+first overlays.
+.P
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.  
diff --git a/contrib/slapd-modules/noopsrch/Makefile b/contrib/slapd-modules/noopsrch/Makefile
new file mode 100644
index 0000000..2934a32
--- /dev/null
+++ b/contrib/slapd-modules/noopsrch/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2 -Wall
+DEFS = -DSLAPD_OVER_NOOPSRCH=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = noopsrch.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+noopsrch.la: noopsrch.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/noopsrch/noopsrch.c b/contrib/slapd-modules/noopsrch/noopsrch.c
new file mode 100644
index 0000000..24f0f53
--- /dev/null
+++ b/contrib/slapd-modules/noopsrch/noopsrch.c
@@ -0,0 +1,255 @@
+/* noopsrch.c - LDAP Control that counts entries a search would return */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2010-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+/* define SLAPD_OVER_NOOPSRCH=2 to build as run-time loadable module */
+#ifdef SLAPD_OVER_NOOPSRCH
+
+/*
+ * Control OID
+ */
+#define	LDAP_CONTROL_X_NOOPSRCH		"1.3.6.1.4.1.4203.666.5.18"
+
+#include "slap.h"
+#include "ac/string.h"
+
+#define o_noopsrch			o_ctrlflag[noopsrch_cid]
+#define o_ctrlnoopsrch		o_controls[noopsrch_cid]
+
+static int noopsrch_cid;
+static slap_overinst noopsrch;
+
+static int
+noopsrch_parseCtrl (
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "No-op Search control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( !BER_BVISNULL( &ctrl->ldctl_value ) ) {
+		rs->sr_text = "No-op Search control value is present";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	op->o_ctrlnoopsrch = (void *)NULL;
+
+	op->o_noopsrch = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
+	rs->sr_err = LDAP_SUCCESS;
+
+	return rs->sr_err;
+}
+
+int dummy;
+
+typedef struct noopsrch_cb_t {
+	slap_overinst	*nc_on;
+	ber_int_t		nc_nentries;
+	ber_int_t		nc_nsearchref;
+	AttributeName	*nc_save_attrs;
+	int				*nc_pdummy;
+	int				nc_save_slimit;
+} noopsrch_cb_t;
+
+static int
+noopsrch_response( Operation *op, SlapReply *rs )
+{
+	noopsrch_cb_t		*nc = (noopsrch_cb_t *)op->o_callback->sc_private;
+
+	/* if the control is global, limits are not computed yet  */
+	if ( nc->nc_pdummy == &dummy ) {	
+		nc->nc_save_slimit = op->ors_slimit;
+		op->ors_slimit = SLAP_NO_LIMIT;
+		nc->nc_pdummy = NULL;
+	}
+
+	if ( rs->sr_type == REP_SEARCH ) {
+		nc->nc_nentries++;
+#ifdef NOOPSRCH_DEBUG
+		Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_SEARCH): nentries=%d\n", nc->nc_nentries );
+#endif
+		return 0;
+
+	} else if ( rs->sr_type == REP_SEARCHREF ) {
+		nc->nc_nsearchref++;
+		return 0;
+
+	} else if ( rs->sr_type == REP_RESULT ) {
+		BerElementBuffer	berbuf;
+		BerElement			*ber = (BerElement *) &berbuf;
+		struct berval		ctrlval;
+		LDAPControl			*ctrl, *ctrlsp[2];
+		int					rc = rs->sr_err;
+
+		if ( nc->nc_save_slimit >= 0 && nc->nc_nentries >= nc->nc_save_slimit ) {
+			rc = LDAP_SIZELIMIT_EXCEEDED;
+		}
+
+#ifdef NOOPSRCH_DEBUG
+		Debug( LDAP_DEBUG_TRACE, "noopsrch_response(REP_RESULT): err=%d nentries=%d nref=%d\n", rc, nc->nc_nentries, nc->nc_nsearchref );
+#endif
+
+		ber_init2( ber, NULL, LBER_USE_DER );
+
+		ber_printf( ber, "{iii}", rc, nc->nc_nentries, nc->nc_nsearchref );
+		if ( ber_flatten2( ber, &ctrlval, 0 ) == -1 ) {
+			ber_free_buf( ber );
+			if ( op->o_noopsrch == SLAP_CONTROL_CRITICAL ) {
+				return LDAP_CONSTRAINT_VIOLATION;
+			}
+			return SLAP_CB_CONTINUE;
+		}
+
+		ctrl = op->o_tmpcalloc( 1,
+			sizeof( LDAPControl ) + ctrlval.bv_len + 1,
+			op->o_tmpmemctx );
+		ctrl->ldctl_value.bv_val = (char *)&ctrl[ 1 ];
+		ctrl->ldctl_oid = LDAP_CONTROL_X_NOOPSRCH;
+		ctrl->ldctl_iscritical = 0;
+		ctrl->ldctl_value.bv_len = ctrlval.bv_len;
+		AC_MEMCPY( ctrl->ldctl_value.bv_val, ctrlval.bv_val, ctrlval.bv_len );
+		ctrl->ldctl_value.bv_val[ ctrl->ldctl_value.bv_len ] = '\0';
+
+		ber_free_buf( ber );
+
+		ctrlsp[0] = ctrl;
+		ctrlsp[1] = NULL;
+		slap_add_ctrls( op, rs, ctrlsp );
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+noopsrch_cleanup( Operation *op, SlapReply *rs )
+{
+	if ( rs->sr_type == REP_RESULT || rs->sr_err == SLAPD_ABANDON ) {
+		noopsrch_cb_t		*nc = (noopsrch_cb_t *)op->o_callback->sc_private;
+		op->ors_attrs = nc->nc_save_attrs;
+		if ( nc->nc_pdummy == NULL ) {
+			op->ors_slimit = nc->nc_save_slimit;
+		}
+
+		op->o_tmpfree( op->o_callback, op->o_tmpmemctx );
+		op->o_callback = NULL;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+noopsrch_op_search( Operation *op, SlapReply *rs )
+{
+	if ( op->o_noopsrch != SLAP_CONTROL_NONE ) {
+		slap_callback *sc;
+		noopsrch_cb_t *nc;
+
+		sc = op->o_tmpcalloc( 1, sizeof( slap_callback ) + sizeof( noopsrch_cb_t ), op->o_tmpmemctx );
+
+		nc = (noopsrch_cb_t *)&sc[ 1 ];
+		nc->nc_on = (slap_overinst *)op->o_bd->bd_info;
+		nc->nc_nentries = 0;
+		nc->nc_nsearchref = 0;
+		nc->nc_save_attrs = op->ors_attrs;
+		nc->nc_pdummy = &dummy;
+
+		sc->sc_response = noopsrch_response;
+		sc->sc_cleanup = noopsrch_cleanup;
+		sc->sc_private = (void *)nc;
+
+		op->ors_attrs = slap_anlist_no_attrs;
+
+		sc->sc_next = op->o_callback->sc_next;
+                op->o_callback->sc_next = sc;
+	}
+	
+	return SLAP_CB_CONTINUE;
+}
+
+static int noopsrch_cnt;
+
+static int
+noopsrch_db_init( BackendDB *be, ConfigReply *cr)
+{
+	if ( noopsrch_cnt++ == 0 ) {
+		int rc;
+
+		rc = register_supported_control( LDAP_CONTROL_X_NOOPSRCH,
+			SLAP_CTRL_SEARCH | SLAP_CTRL_GLOBAL_SEARCH, NULL,
+			noopsrch_parseCtrl, &noopsrch_cid );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY,
+				"noopsrch_initialize: Failed to register control '%s' (%d)\n",
+				LDAP_CONTROL_X_NOOPSRCH, rc );
+			return rc;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+noopsrch_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	assert( noopsrch_cnt > 0 );
+
+#ifdef SLAP_CONFIG_DELETE
+	overlay_unregister_control( be, LDAP_CONTROL_X_NOOPSRCH );
+	if ( --noopsrch_cnt == 0 ) {
+		unregister_supported_control( LDAP_CONTROL_X_NOOPSRCH );
+	}
+
+#endif /* SLAP_CONFIG_DELETE */
+
+	return 0;
+}
+
+#if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
+static
+#endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
+int
+noopsrch_initialize( void )
+{
+
+	noopsrch.on_bi.bi_type = "noopsrch";
+
+	noopsrch.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	noopsrch.on_bi.bi_db_init = noopsrch_db_init;
+	noopsrch.on_bi.bi_db_destroy = noopsrch_db_destroy;
+	noopsrch.on_bi.bi_op_search = noopsrch_op_search;
+
+	return overlay_register( &noopsrch );
+}
+
+#if SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return noopsrch_initialize();
+}
+#endif /* SLAPD_OVER_NOOPSRCH == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_NOOPSRCH */
diff --git a/contrib/slapd-modules/nops/Makefile b/contrib/slapd-modules/nops/Makefile
new file mode 100644
index 0000000..94a5bcd
--- /dev/null
+++ b/contrib/slapd-modules/nops/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_NOPS=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = nops.la
+MANPAGES = slapo-nops.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+nops.la: nops.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/nops/nops.c b/contrib/slapd-modules/nops/nops.c
new file mode 100644
index 0000000..6dffb6b
--- /dev/null
+++ b/contrib/slapd-modules/nops/nops.c
@@ -0,0 +1,178 @@
+/* nops.c - Overlay to filter idempotent operations */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Copyright 2008 Emmanuel Dreyfus.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the Emmanuel Dreyfus for
+ * inclusion in OpenLDAP Software.
+ */
+#include "portable.h"
+
+#ifdef SLAPD_OVER_NOPS
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "lutil.h"
+#include "slap.h"
+#include "slap-config.h"
+
+static ConfigDriver nops_cf_gen;
+
+static int nops_cf_gen( ConfigArgs *c ) { return 0; }
+
+static void
+nops_rm_mod( Modifications **mods, Modifications *mod ) {
+	Modifications *next, *m;
+
+	next = mod->sml_next;
+	if (*mods == mod) {
+		*mods = next;
+	} else {
+		Modifications *m;
+
+		for (m = *mods; m; m = m->sml_next) {
+			if (m->sml_next == mod) {
+				m->sml_next = next;
+				break;
+			}
+		}
+	}
+
+	mod->sml_next = NULL;
+	slap_mods_free(mod, 1);
+
+	return;
+}
+
+static int
+nops_modify( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
+	Backend *be = op->o_bd;
+	Entry *target_entry = NULL;
+	Modifications *m;
+	int rc;
+	
+	if ((m = op->orm_modlist) == NULL) {
+		op->o_bd->bd_info = (BackendInfo *)(on->on_info);
+		send_ldap_error(op, rs, LDAP_INVALID_SYNTAX,
+				"nops() got null orm_modlist");
+		return(rs->sr_err);
+	}
+
+	op->o_bd = on->on_info->oi_origdb;
+	rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0,  &target_entry);
+	op->o_bd = be;
+
+	if (rc != 0 || target_entry == NULL)
+		return 0;
+        
+	/* 
+	 * For each attribute modification, check if the 
+	 * modification and the old entry are the same.
+	 */
+	while (m) {
+		int i, j;
+		int found;
+		Attribute *a;
+		BerVarray bm;
+		BerVarray bt;
+		Modifications *mc;
+
+		mc = m;
+		m = m->sml_next;
+
+		/* Check only replace sub-operations */
+		if ((mc->sml_op & LDAP_MOD_OP) != LDAP_MOD_REPLACE)
+			continue;
+
+		/* If there is no values, skip */
+		if (((bm = mc->sml_values ) == NULL ) || (bm[0].bv_val == NULL))
+			continue;
+
+		/* If the attribute does not exist in old entry, skip */
+		if ((a = attr_find(target_entry->e_attrs, mc->sml_desc)) == NULL)
+			continue;
+		if ((bt = a->a_vals) == NULL)
+			continue;
+
+		/* For each value replaced, do we find it in old entry? */
+		found = 0;
+		for (i = 0; bm[i].bv_val; i++) {
+			for (j = 0; bt[j].bv_val; j++) {
+				if (bm[i].bv_len != bt[j].bv_len)
+					continue;
+				if (memcmp(bm[i].bv_val, bt[j].bv_val, bt[j].bv_len) != 0)
+					continue;
+
+				found++;
+				break;
+			}
+		}
+
+		/* Did we find as many values as we had in old entry? */
+		if (i != a->a_numvals || found != a->a_numvals)
+			continue;
+
+		/* This is a nop, remove it */
+		Debug(LDAP_DEBUG_TRACE, "removing nop on %s",
+			a->a_desc->ad_cname.bv_val );
+
+		nops_rm_mod(&op->orm_modlist, mc);
+	}
+	if (target_entry) {
+		op->o_bd = on->on_info->oi_origdb;
+		be_entry_release_r(op, target_entry);
+		op->o_bd = be;
+	}
+
+	if ((m = op->orm_modlist) == NULL) {
+		slap_callback *cb = op->o_callback;
+
+		op->o_bd->bd_info = (BackendInfo *)(on->on_info);
+		op->o_callback = NULL;
+                send_ldap_error(op, rs, LDAP_SUCCESS, "");
+		op->o_callback = cb;
+
+		return (rs->sr_err);
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst nops_ovl;
+
+#if SLAPD_OVER_NOPS == SLAPD_MOD_DYNAMIC
+static
+#endif
+int
+nops_initialize( void ) {
+	nops_ovl.on_bi.bi_type = "nops";
+	nops_ovl.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	nops_ovl.on_bi.bi_op_modify = nops_modify;
+	return overlay_register( &nops_ovl );
+}
+
+#if SLAPD_OVER_NOPS == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return nops_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_NOPS) */
+
diff --git a/contrib/slapd-modules/nops/slapo-nops.5 b/contrib/slapd-modules/nops/slapo-nops.5
new file mode 100644
index 0000000..c27915e
--- /dev/null
+++ b/contrib/slapd-modules/nops/slapo-nops.5
@@ -0,0 +1,32 @@
+.TH SLAPO-NOPS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2008 Emmanuel Dreyfus
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-nops \- Remove Null Operations Overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+Some broken client tend to implement modifications as replace operations
+where all attributes are replaced, most of the time by the same values
+they had before. This can cause undesirable load on logs, ACL evaluation, 
+or replication traffic.
+
+This overlay detects idempotent replace operations and filter them out.
+.SH CONFIGURATION
+This overlay had no specific configuration.
+.SH EXAMPLES
+.LP
+.RS
+.nf
+overlay nops
+.RE
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5).
+.SH ACKNOWLEDGEMENTS
+This module was written in 2008 by Emmanuel Dreyfus.
+.so ../Project
diff --git a/contrib/slapd-modules/nssov/Makefile b/contrib/slapd-modules/nssov/Makefile
new file mode 100644
index 0000000..13987c2
--- /dev/null
+++ b/contrib/slapd-modules/nssov/Makefile
@@ -0,0 +1,86 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 2008-2022 The OpenLDAP Foundation.
+# Portions Copyright 2008 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+# Path to the OpenLDAP source tree
+LDAP_SRC=../../..
+
+# Path to the OpenLDAP object tree - same as above unless
+# you're doing out-of-tree builds.
+LDAP_BUILD=$(LDAP_SRC)
+
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+NLDAPD_INC=-Inss-pam-ldapd
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+OPT = -g -O2
+CC = gcc
+DEFS =
+INCS = $(LDAP_INC) $(NLDAPD_INC)
+LIBS = $(LDAP_LIB)
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+sysconfdir = $(prefix)/etc$(ldap_subdir)
+schemadir = $(sysconfdir)/schema
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+all:	nssov.la
+
+XOBJS = tio.lo
+
+OBJS = alias.lo ether.lo group.lo host.lo netgroup.lo network.lo \
+	nssov.lo passwd.lo protocol.lo rpc.lo service.lo shadow.lo pam.lo
+
+MANPAGES = slapo-nssov.5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+tio.lo:	nss-pam-ldapd/tio.c
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $?
+
+$(OBJS):	nssov.h
+
+nssov.la:	$(OBJS) $(XOBJS)
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info 0:0:0 \
+	-rpath $(moduledir) -module -o $@ $(OBJS) $(XOBJS) $(LIBS)
+
+install: install-lib install-man FORCE
+
+install-lib: nssov.la
+	mkdir -p $(DESTDIR)$(moduledir)
+	$(LIBTOOL) --mode=install cp nssov.la $(DESTDIR)$(moduledir)
+	cp ldapns.schema $(DESTDIR)$(schemadir)
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
+clean:
+	rm -f *.*o *.la .libs/*
+	rm -rf .libs
diff --git a/contrib/slapd-modules/nssov/README b/contrib/slapd-modules/nssov/README
new file mode 100644
index 0000000..af8631e
--- /dev/null
+++ b/contrib/slapd-modules/nssov/README
@@ -0,0 +1,134 @@
+This directory contains a slapd overlay, nssov, that handles
+NSS lookup requests through a local Unix Domain socket. It uses the
+same IPC protocol as Arthur de Jong's nss-ldapd, and a complete
+copy of the nss-ldapd source is included here. It also handles
+PAM requests.
+
+To use this code, you will need the client-side stuf library from
+nss-pam-ldapd.  You can get it from:
+http://arthurdejong.org/nss-pam-ldapd
+You will not need the nslcd daemon; this overlay replaces that part.
+To disable building of the nslcd daemon in nss-pam-ldapd, add the
+--disable-nslcd option to the nss-pam-ldapd configure script. You
+should already be familiar with the RFC2307 and RFC2307bis schema
+to use this overlay.  See the nss-pam-ldapd README for more information
+on the schema and which features are supported.
+
+To use the overlay, add:
+
+	include <path to>nis.schema
+
+	moduleload <path to>nssov.so
+	...
+
+	database mdb
+	...
+	overlay nssov
+
+to your slapd configuration file. (The nis.schema file contains
+the original RFC2307 schema. Some modifications will be needed to
+use RFC2307bis.)
+
+The overlay may be configured with Service Search Descriptors (SSDs)
+for each NSS service that will be used. SSDs are configured using
+
+	nssov-ssd <service> <url>
+
+where the <service> may be one of
+	aliases
+	ethers
+	group
+	hosts
+	netgroup
+	networks
+	passwd
+	protocols
+	rpc
+	services
+	shadow
+
+and the <url> must be of the form
+	ldap:///[<basedn>][??[<scope>][?<filter>]]
+
+The <basedn> will default to the first suffix of the current database.
+The <scope> defaults to "subtree". The default <filter> depends on which
+service is being used.
+
+If the local database is actually a proxy to a foreign LDAP server, some
+mapping of schema may be needed. Some simple attribute substitutions may
+be performed using
+
+	nssov-map <service> <orig> <new>
+
+See the nss-ldapd/README for the original attribute names used in this code.
+
+The overlay also supports dynamic configuration in cn=config. The layout
+of the config entry is
+
+	dn: olcOverlay={0}nssov,olcDatabase={1}mdb,cn=config
+	objectClass: olcOverlayConfig
+	objectClass: olcNssOvConfig
+	olcOverlay: {0}nssov
+	olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
+	olcNssMap: passwd uid accountName
+
+which enables the passwd service, and uses the accountName attribute to
+fetch what is usually retrieved from the uid attribute.
+
+PAM authentication, account management, session management, and password
+management are supported.
+
+Authentication is performed using Simple Binds. Since all operations occur
+inside the slapd overlay, "fake" connections are used and they are
+inherently secure. Two methods of mapping the PAM username to an LDAP DN
+are provided:
+  the mapping can be accomplished using slapd's authz-regexp facility. In
+this case, a DN of the form
+	cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+is fed into the regexp matcher. If a match is produced, the resulting DN
+is used.
+  otherwise, the NSS passwd map is invoked (which means it must already
+be configured).
+
+If no DN is found, the overlay returns PAM_USER_UNKNOWN. If the DN is
+found, and Password Policy is supported, then the Bind will use the
+Password Policy control and return expiration information to PAM.
+
+Account management also uses two methods. These methods depend on the
+ldapns.schema included with the nssov source.
+  The first is identical to the method used in PADL's pam_ldap module:
+host and authorizedService attributes may be looked up in the user's entry,
+and checked to determine access. Also a check may be performed to see if
+the user is a member of a particular group. This method is pretty
+inflexible and doesn't scale well to large networks of users, hosts,
+and services.
+  The second uses slapd's ACL engine to check if the user has "compare"
+privilege on an ipHost object whose name matches the current hostname, and
+whose authorizedService attribute matches the current service name. This
+method is preferred, since it allows authorization to be centralized in
+the ipHost entries instead of scattered across the entire user population.
+The ipHost entries must have an authorizedService attribute (e.g. by way
+of the authorizedServiceObject auxiliary class) to use this method.
+
+Session management: the overlay may optionally add a "logged in" attribute
+to a user's entry for successful logins, and delete the corresponding
+value upon logout. The attribute value is of the form
+	<generalizedTime> <host> <service> <tty> (<ruser@rhost>)
+
+Password management: the overlay will perform a PasswordModify exop
+in the server for the given user.
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 1998-2022 The OpenLDAP Foundation.
+Portions Copyright 2008-2009 Howard Chu, Symas Corp. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/nssov/alias.c b/contrib/slapd-modules/nssov/alias.c
new file mode 100644
index 0000000..ae131db
--- /dev/null
+++ b/contrib/slapd-modules/nssov/alias.c
@@ -0,0 +1,116 @@
+/* alias.c - mail alias lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* Vendor-specific attributes and object classes.
+ * (Mainly from Sun.)
+ * ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP top STRUCTURAL
+ *   DESC 'NIS mail alias'
+ *   MUST cn
+ *   MAY rfc822MailMember )
+ */
+
+/* the basic search filter for searches */
+static struct berval alias_filter = BER_BVC("(objectClass=nisMailAlias)");
+
+/* the attributes to request with searches */
+static struct berval alias_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("rfc822MailMember"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(alias)
+
+NSSOV_CBPRIV(alias,
+	struct berval name;
+	char buf[256];);
+
+static int write_alias(nssov_alias_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32,tmp2int32,tmp3int32;
+	struct berval tmparr[2], empty;
+	struct berval *names, *members;
+	Attribute *a;
+	int i;
+
+	/* get the name of the alias */
+	if (BER_BVISNULL(&cbp->name))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
+		if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"alias entry %s does not contain %s value\n",
+				entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		names = a->a_vals;
+	}
+	else
+	{
+		names=tmparr;
+		names[0]=cbp->name;
+		BER_BVZERO(&names[1]);
+	}
+	/* get the members of the alias */
+ 	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[1].an_desc);
+	if ( !a ) {
+		BER_BVZERO( &empty );
+		members = &empty;
+	} else {
+		members = a->a_vals;
+	}
+	/* for each name, write an entry */
+	for (i=0;!BER_BVISNULL(&names[i]);i++)
+	{
+		WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+		WRITE_BERVAL(cbp->fp,&names[i]);
+		WRITE_BVARRAY(cbp->fp,members);
+	}
+	return 0;
+}
+
+NSSOV_CB(alias)
+
+NSSOV_HANDLE(
+	alias,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_alias_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_ALIAS_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	alias,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);,
+	Debug(LDAP_DEBUG,"nssov_alias_all()\n");,
+	NSLCD_ACTION_ALIAS_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/ether.c b/contrib/slapd-modules/nssov/ether.c
new file mode 100644
index 0000000..cb18f1b
--- /dev/null
+++ b/contrib/slapd-modules/nssov/ether.c
@@ -0,0 +1,167 @@
+/* ether.c - ethernet address lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+struct ether_addr {
+  uint8_t ether_addr_octet[6];
+};
+
+/* ( nisSchema.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+ *   DESC 'A device with a MAC address; device SHOULD be
+ *         used as a structural class'
+ *   MAY macAddress )
+ */
+
+/* the basic search filter for searches */
+static struct berval ether_filter = BER_BVC("(objectClass=ieee802Device)");
+
+/* the attributes to request with searches */
+static struct berval ether_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("macAddress"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(ether)
+
+NSSOV_CBPRIV(ether,
+	char buf[256];
+	struct berval name;
+	struct berval addr;);
+
+#define WRITE_ETHER(fp,addr) \
+  {int ao[6]; \
+  sscanf(addr.bv_val,"%02x:%02x:%02x:%02x:%02x:%02x", \
+  	&ao[0], &ao[1], &ao[2], &ao[3], &ao[4], &ao[5] );\
+	tmpaddr.ether_addr_octet[0] = ao[0]; \
+	tmpaddr.ether_addr_octet[1] = ao[1]; \
+	tmpaddr.ether_addr_octet[2] = ao[2]; \
+	tmpaddr.ether_addr_octet[3] = ao[3]; \
+	tmpaddr.ether_addr_octet[4] = ao[4]; \
+	tmpaddr.ether_addr_octet[5] = ao[5]; } \
+  WRITE(fp,&tmpaddr,sizeof(uint8_t[6]));
+
+static int write_ether(nssov_ether_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	struct ether_addr tmpaddr;
+	struct berval tmparr[2];
+	struct berval *names,*ethers;
+	Attribute *a;
+	int i,j;
+
+	/* get the name of the ether entry */
+	if (BER_BVISNULL(&cbp->name))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[0].an_desc);
+		if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
+							entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		names = a->a_vals;
+	}
+	else
+	{
+		names=tmparr;
+		names[0]=cbp->name;
+		BER_BVZERO(&names[1]);
+	}
+	/* get the addresses */
+	if (BER_BVISNULL(&cbp->addr))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[1].an_desc);
+		if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"ether entry %s does not contain %s value\n",
+							entry->e_name.bv_val,cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		ethers = a->a_vals;
+		/* TODO: move parsing of addresses up here */
+	}
+	else
+	{
+		ethers=tmparr;
+		ethers[0]=cbp->addr;
+		BER_BVZERO(&ethers[1]);
+	}
+	/* write entries for all names and addresses */
+	for (i=0;!BER_BVISNULL(&names[i]);i++)
+		for (j=0;!BER_BVISNULL(&ethers[j]);j++)
+		{
+			WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+			WRITE_BERVAL(cbp->fp,&names[i]);
+			WRITE_ETHER(cbp->fp,ethers[j]);
+		}
+	return 0;
+}
+
+NSSOV_CB(ether)
+
+NSSOV_HANDLE(
+	ether,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.addr);
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_ether_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_ETHER_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	ether,byether,
+	struct ether_addr addr;
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.name);
+	READ(fp,&addr,sizeof(uint8_t[6]));
+	cbp.addr.bv_len = snprintf(cbp.buf,sizeof(cbp.buf), "%x:%x:%x:%x:%x:%x",
+		addr.ether_addr_octet[0],
+		addr.ether_addr_octet[1],
+		addr.ether_addr_octet[2],
+		addr.ether_addr_octet[3],
+		addr.ether_addr_octet[4],
+		addr.ether_addr_octet[5]);
+	cbp.addr.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_ether_byether(%s)\n",cbp.addr.bv_val);,
+	NSLCD_ACTION_ETHER_BYETHER,
+	nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
+)
+
+NSSOV_HANDLE(
+	ether,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.addr);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_ether_all()\n");,
+	NSLCD_ACTION_ETHER_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/group.c b/contrib/slapd-modules/nssov/group.c
new file mode 100644
index 0000000..1d93451
--- /dev/null
+++ b/contrib/slapd-modules/nssov/group.c
@@ -0,0 +1,346 @@
+/* group.c - group lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008-2009 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* for gid_t */
+#include <grp.h>
+
+/* ( nisSchema.2.2 NAME 'posixGroup' SUP top STRUCTURAL
+ *   DESC 'Abstraction of a group of accounts'
+ *   MUST ( cn $ gidNumber )
+ *   MAY ( userPassword $ memberUid $ description ) )
+ *
+ * apart from that the above the uniqueMember attributes may be
+ * supported in a coming release (they map to DNs, which is an extra
+ * lookup step)
+ *
+ * using nested groups (groups that are member of a group) is currently
+ * not supported, this may be added in a later release
+ */
+
+/* the basic search filter for searches */
+static struct berval group_filter = BER_BVC("(objectClass=posixGroup)");
+
+/* the attributes to request with searches */
+static struct berval group_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("userPassword"),
+	BER_BVC("gidNumber"),
+	BER_BVC("memberUid"),
+	BER_BVC("uniqueMember"),
+	BER_BVNULL
+};
+
+#define	CN_KEY	0
+#define	PWD_KEY	1
+#define	GID_KEY	2
+#define	UID_KEY	3
+#define	MEM_KEY	4
+
+/* default values for attributes */
+static struct berval default_group_userPassword     = BER_BVC("*"); /* unmatchable */
+
+NSSOV_CBPRIV(group,
+	nssov_info *ni;
+	char buf[256];
+	struct berval name;
+	struct berval gidnum;
+	struct berval user;
+	int wantmembers;);
+
+/* create a search filter for searching a group entry
+	 by member uid, return -1 on errors */
+static int mkfilter_group_bymember(nssov_group_cbp *cbp,struct berval *buf)
+{
+	struct berval dn;
+	/* try to translate uid to DN */
+	nssov_uid2dn(cbp->op,cbp->ni,&cbp->user,&dn);
+	if (BER_BVISNULL(&dn)) {
+		if (cbp->user.bv_len + cbp->mi->mi_filter.bv_len + cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_len + 6 >
+			buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
+			cbp->mi->mi_filter.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val,
+			cbp->user.bv_val );
+	} else { /* also lookup using user DN */
+		if (cbp->user.bv_len + cbp->mi->mi_filter.bv_len + cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_len +
+			dn.bv_len + cbp->mi->mi_attrs[MEM_KEY].an_desc->ad_cname.bv_len + 12 > buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(|(%s=%s)(%s=%s)))",
+			cbp->mi->mi_filter.bv_val,
+			cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val, cbp->user.bv_val,
+			cbp->mi->mi_attrs[MEM_KEY].an_desc->ad_cname.bv_val, dn.bv_val );
+	}
+	return 0;
+}
+
+NSSOV_INIT(group)
+
+/*
+	 Checks to see if the specified name is a valid group name.
+
+	 This test is based on the definition from POSIX (IEEE Std 1003.1, 2004,
+	 3.189 Group Name and 3.276 Portable Filename Character Set):
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_189
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276
+
+	 The standard defines group names valid if they only contain characters from
+	 the set [A-Za-z0-9._-] where the hyphen should not be used as first
+	 character.
+*/
+static int isvalidgroupname(struct berval *name)
+{
+	int i;
+
+	if ( !name->bv_val || !name->bv_len )
+		return 0;
+	/* check first character */
+	if ( ! ( (name->bv_val[0]>='A' && name->bv_val[0] <= 'Z') ||
+					 (name->bv_val[0]>='a' && name->bv_val[0] <= 'z') ||
+					 (name->bv_val[0]>='0' && name->bv_val[0] <= '9') ||
+					 name->bv_val[0]=='.' || name->bv_val[0]=='_' ) )
+		return 0;
+	/* check other characters */
+	for (i=1;i<name->bv_len;i++)
+	{
+#ifndef STRICT_GROUPS
+		/* allow spaces too */
+		if (name->bv_val[i] == ' ') continue;
+#endif
+		if ( ! ( (name->bv_val[i]>='A' && name->bv_val[i] <= 'Z') ||
+						 (name->bv_val[i]>='a' && name->bv_val[i] <= 'z') ||
+						 (name->bv_val[i]>='0' && name->bv_val[i] <= '9') ||
+						 name->bv_val[i]=='.' || name->bv_val[i]=='_' || name->bv_val[i]=='-') )
+			return 0;
+	}
+	/* no test failed so it must be good */
+	return -1;
+}
+
+static int write_group(nssov_group_cbp *cbp,Entry *entry)
+{
+	struct berval tmparr[2], tmpgid[2];
+	struct berval *names,*gids,*members;
+	struct berval passwd = {0};
+	Attribute *a;
+	int i,j,nummembers,rc = 0;
+
+	/* get group name (cn) */
+	if (BER_BVISNULL(&cbp->name))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
+		if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
+					entry->e_name.bv_val, cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		names = a->a_vals;
+	}
+	else
+	{
+		names=tmparr;
+		names[0]=cbp->name;
+		BER_BVZERO(&names[1]);
+	}
+	/* get the group id(s) */
+	if (BER_BVISNULL(&cbp->gidnum))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GID_KEY].an_desc);
+		if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"group entry %s does not contain %s value\n",
+					entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		gids = a->a_vals;
+	}
+	else
+	{
+		gids=tmpgid;
+		gids[0]=cbp->gidnum;
+		BER_BVZERO(&gids[1]);
+	}
+	/* get group passwd (userPassword) (use only first entry) */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[PWD_KEY].an_desc);
+	if (a)
+		get_userpassword(&a->a_vals[0], &passwd);
+	if (BER_BVISNULL(&passwd))
+		passwd=default_group_userPassword;
+	/* get group members (memberUid&uniqueMember) */
+	if (cbp->wantmembers) {
+		Attribute *b;
+		i = 0; j = 0;
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
+		b = attr_find(entry->e_attrs, cbp->mi->mi_attrs[MEM_KEY].an_desc);
+		if ( a )
+			i += a->a_numvals;
+		if ( b )
+			i += b->a_numvals;
+		if ( i ) {
+			members = cbp->op->o_tmpalloc( (i+1) * sizeof(struct berval), cbp->op->o_tmpmemctx );
+			
+			if ( a ) {
+				for (i=0; i<a->a_numvals; i++) {
+					if (isvalidusername(&a->a_vals[i])) {
+						ber_dupbv_x(&members[j],&a->a_vals[i],cbp->op->o_tmpmemctx);
+						j++;
+					}
+				}
+			}
+			a = b;
+			if ( a ) {
+				for (i=0; i<a->a_numvals; i++) {
+					if (nssov_dn2uid(cbp->op,cbp->ni,&a->a_nvals[i],&members[j]))
+						j++;
+				}
+			}
+			nummembers = j;
+			BER_BVZERO(&members[j]);
+		} else {
+			members=NULL;
+			nummembers = 0;
+		}
+
+	} else {
+		members=NULL;
+		nummembers = 0;
+	}
+	/* write entries for all names and gids */
+	for (i=0;!BER_BVISNULL(&names[i]);i++)
+	{
+		if (!isvalidgroupname(&names[i]))
+		{
+			Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains invalid group name: \"%s\"\n",
+													entry->e_name.bv_val,names[i].bv_val );
+		}
+		else
+		{
+			for (j=0;!BER_BVISNULL(&gids[j]);j++)
+			{
+				char *tmp;
+				int tmpint32;
+				gid_t gid;
+				gid = strtol(gids[j].bv_val, &tmp, 0);
+				if ( *tmp ) {
+					Debug(LDAP_DEBUG_ANY,"nssov: group entry %s contains non-numeric %s value: \"%s\"\n",
+						entry->e_name.bv_val, cbp->mi->mi_attrs[GID_KEY].an_desc->ad_cname.bv_val,
+						names[i].bv_val);
+					continue;
+				}
+				WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+				WRITE_BERVAL(cbp->fp,&names[i]);
+				WRITE_BERVAL(cbp->fp,&passwd);
+				WRITE_INT32(cbp->fp,gid);
+				/* write a list of values */
+				WRITE_INT32(cbp->fp,nummembers);
+				if (nummembers)
+				{
+					int k;
+					for (k=0;k<nummembers;k++) {
+						WRITE_BERVAL(cbp->fp,&members[k]);
+					}
+				}
+			}
+		}
+	}
+	/* free and return */
+	if (members!=NULL)
+		ber_bvarray_free_x( members, cbp->op->o_tmpmemctx );
+	return rc;
+}
+
+NSSOV_CB(group)
+
+NSSOV_HANDLE(
+	group,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;
+	if (!isvalidgroupname(&cbp.name)) {
+		Debug(LDAP_DEBUG_ANY,"nssov_group_byname(%s): invalid group name\n",cbp.name.bv_val);
+		return -1;
+	}
+	cbp.wantmembers = 1;
+	cbp.ni = ni;
+	BER_BVZERO(&cbp.gidnum);
+	BER_BVZERO(&cbp.user);,
+	Debug(LDAP_DEBUG_TRACE,"nslcd_group_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_GROUP_BYNAME,
+	nssov_filter_byname(cbp.mi,CN_KEY,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	group,bygid,
+	gid_t gid;
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_INT32(fp,gid);
+	cbp.gidnum.bv_val = cbp.buf;
+	cbp.gidnum.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",gid);
+	cbp.wantmembers = 1;
+	cbp.ni = ni;
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.user);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_group_bygid(%s)\n",cbp.gidnum.bv_val);,
+	NSLCD_ACTION_GROUP_BYGID,
+	nssov_filter_byid(cbp.mi,GID_KEY,&cbp.gidnum,&filter)
+)
+
+NSSOV_HANDLE(
+	group,bymember,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);
+	cbp.user.bv_len = tmpint32;
+	cbp.user.bv_val = cbp.buf;
+	if (!isvalidusername(&cbp.user)) {
+		Debug(LDAP_DEBUG_ANY,"nssov_group_bymember(%s): invalid user name\n",cbp.user.bv_val);
+		return -1;
+	}
+	cbp.wantmembers = 0;
+	cbp.ni = ni;
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.gidnum);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_group_bymember(%s)\n",cbp.user.bv_val);,
+	NSLCD_ACTION_GROUP_BYMEMBER,
+	mkfilter_group_bymember(&cbp,&filter)
+)
+
+NSSOV_HANDLE(
+	group,all,
+	struct berval filter;
+	/* no parameters to read */
+	cbp.wantmembers = 1;
+	cbp.ni = ni;
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.gidnum);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_group_all()\n");,
+	NSLCD_ACTION_GROUP_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/host.c b/contrib/slapd-modules/nssov/host.c
new file mode 100644
index 0000000..008b454
--- /dev/null
+++ b/contrib/slapd-modules/nssov/host.c
@@ -0,0 +1,161 @@
+/* host.c - host lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.6 NAME 'ipHost' SUP top AUXILIARY
+ *	 DESC 'Abstraction of a host, an IP device. The distinguished
+ *				 value of the cn attribute denotes the host's canonical
+ *				 name. Device SHOULD be used as a structural class'
+ *	 MUST ( cn $ ipHostNumber )
+ *	 MAY ( l $ description $ manager ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval host_filter = BER_BVC("(objectClass=ipHost)");
+
+/* the attributes to request with searches */
+static struct berval host_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("ipHostNumber"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(host)
+
+NSSOV_CBPRIV(host,
+	char buf[1024];
+	struct berval name;
+	struct berval addr;);
+
+/* write a single host entry to the stream */
+static int write_host(nssov_host_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	int numaddr,i,numname,dupname;
+	struct berval name,*names,*addrs;
+	Attribute *a;
+
+	/* get the most canonical name */
+	nssov_find_rdnval( &entry->e_nname, cbp->mi->mi_attrs[0].an_desc, &name );
+	/* get the other names for the host */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	names = a->a_vals;
+	numname = a->a_numvals;
+	/* if the name is not yet found, get the first entry from names */
+	if (BER_BVISNULL(&name)) {
+		name=names[0];
+		dupname = 0;
+	} else {
+		dupname = -1;
+		for (i=0; i<numname; i++) {
+			if ( bvmatch(&name, &a->a_nvals[i])) {
+				dupname = i;
+				break;
+			}
+		}
+	}
+	/* get the addresses */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"host entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	addrs = a->a_vals;
+	numaddr = a->a_numvals;
+	/* write the entry */
+	WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+	WRITE_BERVAL(cbp->fp,&name);
+	if ( dupname >= 0 ) {
+		WRITE_INT32(cbp->fp,numname-1);
+	} else {
+		WRITE_INT32(cbp->fp,numname);
+	}
+	for (i=0;i<numname;i++) {
+		if (i == dupname) continue;
+		WRITE_BERVAL(cbp->fp,&names[i]);
+	}
+	WRITE_INT32(cbp->fp,numaddr);
+	for (i=0;i<numaddr;i++)
+	{
+		WRITE_ADDRESS(cbp->fp,&addrs[i]);
+	}
+	return 0;
+}
+
+NSSOV_CB(host)
+
+NSSOV_HANDLE(
+	host,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.addr);
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_host_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_HOST_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	host,byaddr,
+	int af;
+	char addr[64];
+	int len=sizeof(addr);
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.name);
+	READ_ADDRESS(fp,addr,len,af);
+	/* translate the address to a string */
+	if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
+	{
+		Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n");
+		return -1;
+	}
+	cbp.addr.bv_val = cbp.buf;
+	cbp.addr.bv_len = strlen(cbp.buf);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_host_byaddr(%s)\n",cbp.addr.bv_val);,
+	NSLCD_ACTION_HOST_BYADDR,
+	nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
+)
+
+NSSOV_HANDLE(
+	host,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.addr);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_host_all()\n");,
+	NSLCD_ACTION_HOST_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/ldapns.schema b/contrib/slapd-modules/nssov/ldapns.schema
new file mode 100644
index 0000000..f6f7c9f
--- /dev/null
+++ b/contrib/slapd-modules/nssov/ldapns.schema
@@ -0,0 +1,38 @@
+# $OpenLDAP$
+# $Id: ldapns.schema,v 1.3 2009-10-01 19:17:20 tedcheng Exp $
+# LDAP Name Service Additional Schema
+# http://www.iana.org/assignments/gssapi-service-names
+
+#
+# Not part of the distribution: this is a workaround!
+#
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+          DESC 'IANA GSS-API authorized service name'
+          EQUALITY caseIgnoreMatch
+          SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.2 NAME 'loginStatus'
+          DESC 'Currently logged in sessions for a user'
+          EQUALITY caseIgnoreMatch
+          SUBSTR caseIgnoreSubstringsMatch
+          ORDERING caseIgnoreOrderingMatch
+          SYNTAX OMsDirectoryString )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+          DESC 'Auxiliary object class for adding authorizedService attribute'
+          SUP top
+          AUXILIARY
+          MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+          DESC 'Auxiliary object class for adding host attribute'
+          SUP top
+          AUXILIARY
+          MAY host )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.3 NAME 'loginStatusObject'
+          DESC 'Auxiliary object class for login status attribute'
+          SUP top
+          AUXILIARY
+          MAY loginStatus )
diff --git a/contrib/slapd-modules/nssov/netgroup.c b/contrib/slapd-modules/nssov/netgroup.c
new file mode 100644
index 0000000..7211a9a
--- /dev/null
+++ b/contrib/slapd-modules/nssov/netgroup.c
@@ -0,0 +1,199 @@
+/* netgroup.c - netgroup lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+#include <ac/ctype.h>
+
+/* ( nisSchema.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+ *   DESC 'Abstraction of a netgroup. May refer to other netgroups'
+ *   MUST cn
+ *   MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval netgroup_filter = BER_BVC("(objectClass=nisNetgroup)");
+
+/* the attributes to request with searches */
+static struct berval netgroup_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("nisNetgroupTriple"),
+	BER_BVC("memberNisNetgroup"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(netgroup)
+
+NSSOV_CBPRIV(netgroup,
+	char buf[256];
+	struct berval name;);
+
+static int write_string_stripspace_len(TFILE *fp,const char *str,int len)
+{
+	int32_t tmpint32;
+	int i,j;
+	DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"",str);
+	if (str==NULL)
+	{
+		WRITE_INT32(fp,0);
+	}
+	else
+	{
+		/* skip leading spaces */
+		for (i=0;(str[i]!='\0')&&(isspace(str[i]));i++)
+			/* nothing else to do */ ;
+		/* skip trailing spaces */
+		for (j=len;(j>i)&&(isspace(str[j-1]));j--)
+			/* nothing else to do */ ;
+		/* write length of string */
+		WRITE_INT32(fp,j-i);
+		/* write string itself */
+		if (j>i)
+		{
+			WRITE(fp,str+i,j-i);
+		}
+	}
+	/* we're done */
+	return 0;
+}
+
+#define WRITE_STRING_STRIPSPACE_LEN(fp,str,len) \
+	if (write_string_stripspace_len(fp,str,len)) \
+		return -1;
+
+#define WRITE_STRING_STRIPSPACE(fp,str) \
+	WRITE_STRING_STRIPSPACE_LEN(fp,str,strlen(str))
+
+static int write_netgroup_triple(TFILE *fp,const char *triple)
+{
+	int32_t tmpint32;
+	int i;
+	int hostb,hoste,userb,usere,domainb,domaine;
+	/* skip leading spaces */
+	for (i=0;(triple[i]!='\0')&&(isspace(triple[i]));i++)
+		/* nothing else to do */ ;
+	/* we should have a bracket now */
+	if (triple[i]!='(')
+	{
+		Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): entry does not begin with '(' (entry skipped)\n" );
+		return 0;
+	}
+	i++;
+	hostb=i;
+	/* find comma (end of host string) */
+	for (;(triple[i]!='\0')&&(triple[i]!=',');i++)
+		/* nothing else to do */ ;
+	if (triple[i]!=',')
+	{
+		Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n" );
+		return 0;
+	}
+	hoste=i;
+	i++;
+	userb=i;
+	/* find comma (end of user string) */
+	for (;(triple[i]!='\0')&&(triple[i]!=',');i++)
+		/* nothing else to do */ ;
+	if (triple[i]!=',')
+	{
+		Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ',' (entry skipped)\n" );
+		return 0;
+	}
+	usere=i;
+	i++;
+	domainb=i;
+	/* find closing bracket (end of domain string) */
+	for (;(triple[i]!='\0')&&(triple[i]!=')');i++)
+		/* nothing else to do */ ;
+	if (triple[i]!=')')
+	{
+		Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): missing ')' (entry skipped)\n" );
+		return 0;
+	}
+	domaine=i;
+	i++;
+	/* skip trailing spaces */
+	for (;(triple[i]!='\0')&&(isspace(triple[i]));i++)
+		/* nothing else to do */ ;
+	/* if anything is left in the string we have a problem */
+	if (triple[i]!='\0')
+	{
+		Debug(LDAP_DEBUG_ANY,"write_netgroup_triple(): string contains trailing data (entry skipped)\n" );
+		return 0;
+	}
+	/* write strings */
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+	WRITE_INT32(fp,NSLCD_NETGROUP_TYPE_TRIPLE);
+	WRITE_STRING_STRIPSPACE_LEN(fp,triple+hostb,hoste-hostb)
+	WRITE_STRING_STRIPSPACE_LEN(fp,triple+userb,usere-userb)
+	WRITE_STRING_STRIPSPACE_LEN(fp,triple+domainb,domaine-domainb)
+	/* we're done */
+	return 0;
+}
+
+static int write_netgroup(nssov_netgroup_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	int i;
+	Attribute *a;
+
+	/* get the netgroup triples and member */
+	a = attr_find(entry->e_attrs,cbp->mi->mi_attrs[1].an_desc);
+	if ( a ) {
+	/* write the netgroup triples */
+		for (i=0;i<a->a_numvals;i++)
+		{
+			if (write_netgroup_triple(cbp->fp, a->a_vals[i].bv_val))
+				return -1;
+		}
+	}
+	a = attr_find(entry->e_attrs,cbp->mi->mi_attrs[2].an_desc);
+	if ( a ) {
+	/* write netgroup members */
+		for (i=0;i<a->a_numvals;i++)
+		{
+			/* write the result code */
+			WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+			/* write triple indicator */
+			WRITE_INT32(cbp->fp,NSLCD_NETGROUP_TYPE_NETGROUP);
+			/* write netgroup name */
+			if (write_string_stripspace_len(cbp->fp,a->a_vals[i].bv_val,a->a_vals[i].bv_len))
+				return -1;
+		}
+	}
+	/* we're done */
+	return 0;
+}
+
+NSSOV_CB(netgroup)
+
+NSSOV_HANDLE(
+	netgroup,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);,
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;
+	Debug(LDAP_DEBUG_TRACE,"nssov_netgroup_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_NETGROUP_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
diff --git a/contrib/slapd-modules/nssov/network.c b/contrib/slapd-modules/nssov/network.c
new file mode 100644
index 0000000..0f67fa8
--- /dev/null
+++ b/contrib/slapd-modules/nssov/network.c
@@ -0,0 +1,161 @@
+/* network.c - network address lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+#include <ac/socket.h>
+
+/* ( nisSchema.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+ *   DESC 'Abstraction of a network. The distinguished value of
+ *   MUST ( cn $ ipNetworkNumber )
+ *   MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval network_filter = BER_BVC("(objectClass=ipNetwork)");
+
+/* the attributes used in searches */
+static struct berval network_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("ipNetworkNumber"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(network)
+
+NSSOV_CBPRIV(network,
+	char buf[1024];
+	struct berval name;
+	struct berval addr;);
+
+/* write a single network entry to the stream */
+static int write_network(nssov_network_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	int numaddr,i,numname,dupname;
+	struct berval name, *names, *addrs;
+	Attribute *a;
+
+	/* get the most canonical name */
+	nssov_find_rdnval( &entry->e_nname, cbp->mi->mi_attrs[0].an_desc, &name);
+	/* get the other names for the network */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
+			entry->e_name.bv_val,cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	names = a->a_vals;
+	numname = a->a_numvals;
+	/* if the name is not yet found, get the first entry from names */
+	if (BER_BVISNULL(&name)) {
+		name=names[0];
+		dupname = 0;
+	} else {
+		dupname = -1;
+        for (i=0; i<numname; i++) {
+            if ( bvmatch(&name, &a->a_nvals[i])) {
+                dupname = i;
+                break;
+            }
+        }
+	}
+	/* get the addresses */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"network entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	addrs = a->a_vals;
+	numaddr = a->a_numvals;
+	/* write the entry */
+	WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+	WRITE_BERVAL(cbp->fp,&name);
+	if ( dupname >= 0 ) {
+		WRITE_INT32(cbp->fp,numname-1);
+	} else {
+		WRITE_INT32(cbp->fp,numname);
+	}
+	for (i=0;i<numname;i++) {
+		if (i == dupname) continue;
+		WRITE_BERVAL(cbp->fp,&names[i]);
+	}
+	WRITE_INT32(cbp->fp,numaddr);
+	for (i=0;i<numaddr;i++)
+	{
+		WRITE_ADDRESS(cbp->fp,&addrs[i]);
+	}
+	return 0;
+}
+
+NSSOV_CB(network)
+
+NSSOV_HANDLE(
+	network,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.addr);
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_network_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_NETWORK_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	network,byaddr,
+	int af;
+	char addr[64];
+	int len=sizeof(addr);
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.name);
+	READ_ADDRESS(fp,addr,len,af);
+	/* translate the address to a string */
+	if (inet_ntop(af,addr,cbp.buf,sizeof(cbp.buf))==NULL)
+	{
+		Debug(LDAP_DEBUG_ANY,"nssov: unable to convert address to string\n");
+		return -1;
+	}
+	cbp.addr.bv_val = cbp.buf;
+	cbp.addr.bv_len = strlen(cbp.buf);,
+	Debug(LDAP_DEBUG_TRACE,"nslcd_network_byaddr(%s)\n",cbp.addr.bv_val);,
+	NSLCD_ACTION_NETWORK_BYADDR,
+	nssov_filter_byid(cbp.mi,1,&cbp.addr,&filter)
+)
+
+NSSOV_HANDLE(
+	network,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.addr);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_network_all()\n");,
+	NSLCD_ACTION_NETWORK_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/README b/contrib/slapd-modules/nssov/nss-pam-ldapd/README
new file mode 100644
index 0000000..4176ad7
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/README
@@ -0,0 +1,15 @@
+These files were pulled from the nss-pam-ldapd project version 0.9.4.
+Copyright notices are in the individual files.
+
+This is not the full distribution of nss-pam-ldapd, and does not
+include the client-side stub libraries.  Get the latest release of
+nss-pam-ldapd from http://arthurdejong.org/nss-pam-ldapd/ to use
+this overlay.
+
+If your system already has the nss-pam-ldapd stub libraries
+installed, make sure the versions match the version number
+shown above. Otherwise, there may be incompatible differences in
+the protocols being used. Currently nssov requires at least
+version 0.9.0. If your system's version is older, you will need
+to install the client-side stubs from source.
+
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/attrs.h b/contrib/slapd-modules/nssov/nss-pam-ldapd/attrs.h
new file mode 100644
index 0000000..2efedc6
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/attrs.h
@@ -0,0 +1,91 @@
+/*
+   attrs.h - wrapper macros for the gcc __attribute__(()) directive
+
+   Copyright (C) 2007, 2008, 2012 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#ifndef COMPAT__ATTRS_H
+#define COMPAT__ATTRS_H 1
+
+/* macro for testing the version of GCC */
+#define GCC_VERSION(major, minor)                                           \
+  ((__GNUC__ > (major)) || (__GNUC__ == (major) && __GNUC_MINOR__ >= (minor)))
+
+/* These are macros to use some gcc-specific flags in case they're available
+   and otherwise define them to empty strings. This allows us to give
+   the compiler some extra information.
+   See http://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html
+   for a list of attributes supported by gcc */
+
+/* this is used to flag function parameters that are not used in the function
+   body. */
+#if GCC_VERSION(3, 0)
+#define UNUSED(x)   x __attribute__((__unused__))
+#else
+#define UNUSED(x)   x
+#endif
+
+/* this is used to add extra format checking to the function calls as if this
+   was a printf()-like function */
+#if GCC_VERSION(3, 0)
+#define LIKE_PRINTF(format_idx, arg_idx)                                    \
+                    __attribute__((__format__(__printf__, format_idx, arg_idx)))
+#else
+#define LIKE_PRINTF(format_idx, arg_idx) /* no attribute */
+#endif
+
+/* indicates that the function is "pure": its result is purely based on
+   the parameters and has no side effects or used static data */
+#if GCC_VERSION(3, 0)
+#define PURE        __attribute__((__pure__))
+#else
+#define PURE        /* no attribute */
+#endif
+
+/* the function returns a new data structure that has been freshly
+   allocated */
+#if GCC_VERSION(3, 0)
+#define LIKE_MALLOC __attribute__((__malloc__))
+#else
+#define LIKE_MALLOC /* no attribute */
+#endif
+
+/* the function's return value should be used by the caller */
+#if GCC_VERSION(3, 4)
+#define MUST_USE    __attribute__((__warn_unused_result__))
+#else
+#define MUST_USE    /* no attribute */
+#endif
+
+/* the function's return value should be used by the caller */
+#if GCC_VERSION(2, 5)
+#define NORETURN    __attribute__((__noreturn__))
+#else
+#define NORETURN    /* no attribute */
+#endif
+
+/* define __STRING if it's not yet defined */
+#ifndef __STRING
+#ifdef __STDC__
+#define __STRING(x) #x
+#else /* __STDC__ */
+#define __STRING(x) "x"
+#endif /* not __STDC__ */
+#endif /* not __STRING */
+
+#endif /* not COMPAT__ATTRS_H */
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd-prot.h b/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd-prot.h
new file mode 100644
index 0000000..21ec7c2
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd-prot.h
@@ -0,0 +1,391 @@
+/*
+   nslcd-prot.h - helper macros for reading and writing in protocol streams
+
+   Copyright (C) 2006 West Consulting
+   Copyright (C) 2006-2014 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#ifndef COMMON__NSLCD_PROT_H
+#define COMMON__NSLCD_PROT_H 1
+
+#include <arpa/inet.h>
+#include <netinet/in.h>
+
+#include "tio.h"
+
+/* If you use these macros you should define the following macros to
+   handle error conditions (these marcos should clean up and return from the
+   function):
+     ERROR_OUT_WRITEERROR(fp)
+     ERROR_OUT_READERROR(fp)
+     ERROR_OUT_BUFERROR(fp)
+     ERROR_OUT_NOSUCCESS(fp) */
+
+
+/* Debugging marcos that can be used to enable detailed protocol logging,
+   pass -DDEBUG_PROT to do overall protocol debugging, and -DDEBUG_PROT_DUMP
+   to dump the actual bytestream. */
+
+#ifdef DEBUG_PROT
+/* define a debugging macro to output logging */
+#include <string.h>
+#include <errno.h>
+#define DEBUG_PRINT(fmt, arg)                                               \
+  fprintf(stderr, "%s:%d:%s: " fmt "\n", __FILE__, __LINE__,                \
+          __PRETTY_FUNCTION__, arg);
+#else /* DEBUG_PROT */
+/* define an empty debug macro to disable logging */
+#define DEBUG_PRINT(fmt, arg)
+#endif /* not DEBUG_PROT */
+
+#ifdef DEBUG_PROT_DUMP
+/* define a debugging macro to output detailed logging */
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif /* HAVE_STDINT_H */
+static void debug_dump(const void *ptr, size_t size)
+{
+  int i;
+  for (i = 0; i < size; i++)
+    fprintf(stderr, " %02x", ((const uint8_t *)ptr)[i]);
+  fprintf(stderr, "\n");
+}
+#define DEBUG_DUMP(ptr, size)                                               \
+  fprintf(stderr, "%s:%d:%s:", __FILE__, __LINE__, __PRETTY_FUNCTION__);    \
+  debug_dump(ptr, size);
+#else /* DEBUG_PROT_DUMP */
+/* define an empty debug macro to disable logging */
+#define DEBUG_DUMP(ptr, size)
+#endif /* not DEBUG_PROT_DUMP */
+
+
+/* WRITE marcos, used for writing data, on write error they will
+   call the ERROR_OUT_WRITEERROR macro
+   these macros may require the availability of the following
+   variables:
+   int32_t tmpint32; - temporary variable
+   */
+
+#define WRITE(fp, ptr, size)                                                \
+  DEBUG_PRINT("WRITE       : var="__STRING(ptr)" size=%d", (int)size);      \
+  DEBUG_DUMP(ptr, size);                                                    \
+  if (tio_write(fp, ptr, (size_t)size))                                     \
+  {                                                                         \
+    char ebuf[128];                                                         \
+    int saved_errno = errno;                                                \
+    DEBUG_PRINT("WRITE       : var="__STRING(ptr)" error: %s",              \
+                AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)));            \
+    ERROR_OUT_WRITEERROR(fp);                                               \
+  }
+
+#define WRITE_INT32(fp, i)                                                  \
+  DEBUG_PRINT("WRITE_INT32 : var="__STRING(i)" int32=%08x", (int)i);        \
+  tmpint32 = htonl((int32_t)(i));                                           \
+  WRITE(fp, &tmpint32, sizeof(int32_t))
+
+#define WRITE_STRING(fp, str)                                               \
+  DEBUG_PRINT("WRITE_STRING: var="__STRING(str)" string=\"%s\"", (str));    \
+  if ((str) == NULL)                                                        \
+  {                                                                         \
+    WRITE_INT32(fp, 0);                                                     \
+  }                                                                         \
+  else                                                                      \
+  {                                                                         \
+    WRITE_INT32(fp, strlen(str));                                           \
+    tmpint32 = ntohl(tmpint32);                                             \
+    if (tmpint32 > 0)                                                       \
+    {                                                                       \
+      WRITE(fp, (str), tmpint32);                                           \
+    }                                                                       \
+  }
+
+#define WRITE_STRINGLIST(fp, arr)                                           \
+  if ((arr) == NULL)                                                        \
+  {                                                                         \
+    DEBUG_PRINT("WRITE_STRLST: var="__STRING(arr)" num=%d", 0);             \
+    WRITE_INT32(fp, 0);                                                     \
+  }                                                                         \
+  else                                                                      \
+  {                                                                         \
+    /* first determine length of array */                                   \
+    for (tmp3int32 = 0; (arr)[tmp3int32] != NULL; tmp3int32++)              \
+      /* noting */ ;                                                        \
+    /* write number of strings */                                           \
+    DEBUG_PRINT("WRITE_STRLST: var="__STRING(arr)" num=%d", (int)tmp3int32); \
+    WRITE_INT32(fp, tmp3int32);                                             \
+    /* write strings */                                                     \
+    for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++)                 \
+    {                                                                       \
+      WRITE_STRING(fp, (arr)[tmp2int32]);                                   \
+    }                                                                       \
+  }
+
+#define WRITE_STRINGLIST_EXCEPT(fp, arr, not)                               \
+  /* first determine length of array */                                     \
+  tmp3int32 = 0;                                                            \
+  for (tmp2int32 = 0; (arr)[tmp2int32] != NULL; tmp2int32++)                \
+    if (strcmp((arr)[tmp2int32], (not)) != 0)                               \
+      tmp3int32++;                                                          \
+  /* write number of strings (mius one because we intend to skip one) */    \
+  DEBUG_PRINT("WRITE_STRLST: var="__STRING(arr)" num=%d", (int)tmp3int32);  \
+  WRITE_INT32(fp, tmp3int32);                                               \
+  /* write strings */                                                       \
+  for (tmp2int32 = 0; (arr)[tmp2int32] != NULL; tmp2int32++)                \
+  {                                                                         \
+    if (strcmp((arr)[tmp2int32], (not)) != 0)                               \
+    {                                                                       \
+      WRITE_STRING(fp, (arr)[tmp2int32]);                                   \
+    }                                                                       \
+  }
+
+/* READ macros, used for reading data, on read error they will
+   call the ERROR_OUT_READERROR or ERROR_OUT_BUFERROR macro
+   these macros may require the availability of the following
+   variables:
+   int32_t tmpint32; - temporary variable
+   */
+
+#define READ(fp, ptr, size)                                                 \
+  if (tio_read(fp, ptr, (size_t)size))                                      \
+  {                                                                         \
+    char ebuf[128];                                                         \
+    int saved_errno = errno;                                                \
+    DEBUG_PRINT("READ       : var="__STRING(ptr)" error: %s",               \
+                AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)));            \
+    ERROR_OUT_READERROR(fp);                                                \
+  }                                                                         \
+  DEBUG_PRINT("READ       : var="__STRING(ptr)" size=%d", (int)(size));     \
+  DEBUG_DUMP(ptr, size);
+
+#define READ_INT32(fp, i)                                                   \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  (i) = (int32_t)ntohl(tmpint32);                                           \
+  DEBUG_PRINT("READ_INT32 : var="__STRING(i)" int32==%08x", (int)(i));
+
+/* read a string in a fixed-size "normal" buffer */
+#define READ_STRING(fp, buffer)                                             \
+  /* read the size of the string */                                         \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" strlen=%d", tmpint32);   \
+  /* check if read would fit */                                             \
+  if (((size_t)tmpint32) >= sizeof(buffer))                                 \
+  {                                                                         \
+    /* will not fit */                                                      \
+    tmpint32 = (tmpint32 - sizeof(buffer)) + 1;                             \
+    DEBUG_PRINT("READ       : buffer %d bytes too small", tmpint32);        \
+    ERROR_OUT_BUFERROR(fp);                                                 \
+  }                                                                         \
+  /* read string from the stream */                                         \
+  if (tmpint32 > 0)                                                         \
+  {                                                                         \
+    READ(fp, buffer, (size_t)tmpint32);                                     \
+  }                                                                         \
+  /* null-terminate string in buffer */                                     \
+  buffer[tmpint32] = '\0';                                                  \
+  DEBUG_PRINT("READ_STRING: var="__STRING(buffer)" string=\"%s\"", buffer);
+
+
+/* READ BUF macros that read data into a pre-allocated buffer.
+   these macros may require the availability of the following
+   variables:
+   int32_t tmpint32; - temporary variable
+   char *buffer;     - pointer to a buffer for reading strings
+   size_t buflen;    - the size of the buffer
+   size_t bufptr;    - the current position in the buffer
+   */
+
+/* current position in the buffer */
+#define BUF_CUR                                                             \
+  (buffer + bufptr)
+
+/* check that the buffer has sz bytes left in it */
+#define BUF_CHECK(fp, sz)                                                   \
+  if ((bufptr + (size_t)(sz)) > buflen)                                     \
+  {                                                                         \
+    /* will not fit */                                                      \
+    tmpint32 = bufptr + (sz) - (buflen);                                    \
+    DEBUG_PRINT("READ       : buffer %d bytes too small", tmpint32);        \
+    ERROR_OUT_BUFERROR(fp);                                                 \
+  }
+
+/* move the buffer pointer */
+#define BUF_SKIP(sz)                                                        \
+  bufptr += (size_t)(sz);
+
+/* move BUF_CUR forward so that it is aligned to the specified
+   type width */
+#define BUF_ALIGN(fp, type)                                                 \
+  /* figure out number of bytes to skip forward */                         \
+  tmp2int32 = (sizeof(type) - ((BUF_CUR - (char *)NULL) % sizeof(type)))    \
+              % sizeof(type);                                               \
+  /* check and skip */                                                      \
+  BUF_CHECK(fp, tmp2int32);                                                 \
+  BUF_SKIP(tmp2int32);
+
+/* allocate a piece of the buffer to store an array in */
+#define BUF_ALLOC(fp, ptr, type, num)                                       \
+  /* align to the specified type width */                                   \
+  BUF_ALIGN(fp, type);                                                      \
+  /* check that we have enough room */                                      \
+  BUF_CHECK(fp, (size_t)(num) * sizeof(type));                              \
+  /* store the pointer */                                                   \
+  (ptr) = (type *)BUF_CUR;                                                  \
+  /* reserve the space */                                                   \
+  BUF_SKIP((size_t)(num) * sizeof(type));
+
+/* read a binary blob into the buffer */
+#define READ_BUF(fp, ptr, sz)                                               \
+  /* check that there is enough room and read */                            \
+  BUF_CHECK(fp, sz);                                                        \
+  READ(fp, BUF_CUR, (size_t)sz);                                            \
+  /* store pointer and skip */                                              \
+  (ptr) = BUF_CUR;                                                          \
+  BUF_SKIP(sz);
+
+/* read string in the buffer (using buffer, buflen and bufptr)
+   and store the actual location of the string in field */
+#define READ_BUF_STRING(fp, field)                                          \
+  /* read the size of the string */                                         \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" strlen=%d", tmpint32); \
+  /* check if read would fit */                                             \
+  BUF_CHECK(fp, tmpint32 + 1);                                              \
+  /* read string from the stream */                                         \
+  if (tmpint32 > 0)                                                         \
+  {                                                                         \
+    READ(fp, BUF_CUR, (size_t)tmpint32);                                    \
+  }                                                                         \
+  /* null-terminate string in buffer */                                     \
+  BUF_CUR[tmpint32] = '\0';                                                 \
+  DEBUG_PRINT("READ_BUF_STRING: var="__STRING(field)" string=\"%s\"", BUF_CUR); \
+  /* prepare result */                                                      \
+  (field) = BUF_CUR;                                                        \
+  BUF_SKIP(tmpint32 + 1);
+
+/* read an array from a stream and store it as a null-terminated
+   array list (size for the array is allocated) */
+#define READ_BUF_STRINGLIST(fp, arr)                                        \
+  /* read the number of entries */                                          \
+  READ(fp, &tmp3int32, sizeof(int32_t));                                    \
+  tmp3int32 = ntohl(tmp3int32);                                             \
+  DEBUG_PRINT("READ_STRLST: var="__STRING(arr)" num=%d", (int)tmp3int32);   \
+  /* allocate room for *char[num + 1] */                                      \
+  BUF_ALLOC(fp, arr, char *, tmp3int32 + 1);                                \
+  /* read all entries */                                                    \
+  for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++)                   \
+  {                                                                         \
+    READ_BUF_STRING(fp, (arr)[tmp2int32]);                                  \
+  }                                                                         \
+  /* set last entry to NULL */                                              \
+  (arr)[tmp2int32] = NULL;
+
+
+/* SKIP macros for skipping over certain parts of the protocol stream. */
+
+/* skip a number of bytes forward */
+#define SKIP(fp, sz)                                                        \
+  DEBUG_PRINT("READ       : skip %d bytes", (int)(sz));                     \
+  /* read (skip) the specified number of bytes */                           \
+  if (tio_skip(fp, sz))                                                     \
+  {                                                                         \
+    char ebuf[128];                                                         \
+    int saved_errno = errno;                                                \
+    DEBUG_PRINT("READ       : skip error: %s",                              \
+                AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)));            \
+    ERROR_OUT_READERROR(fp);                                                \
+  }
+
+/* read a string from the stream but don't do anything with the result */
+#define SKIP_STRING(fp)                                                     \
+  /* read the size of the string */                                         \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  DEBUG_PRINT("READ_STRING: skip %d bytes", (int)tmpint32);                 \
+  /* read (skip) the specified number of bytes */                           \
+  SKIP(fp, tmpint32);
+
+/* skip a list of strings */
+#define SKIP_STRINGLIST(fp)                                                 \
+  /* read the number of entries */                                          \
+  READ(fp, &tmp3int32, sizeof(int32_t));                                    \
+  tmp3int32 = ntohl(tmp3int32);                                             \
+  DEBUG_PRINT("READ_STRLST: skip %d strings", (int)tmp3int32);              \
+  /* read all entries */                                                    \
+  for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++)                   \
+  {                                                                         \
+    SKIP_STRING(fp);                                                        \
+  }
+
+
+/* These are functions and macros for performing common operations in
+   the nslcd request/response protocol. */
+
+/* returns a socket to the server or NULL on error (see errno),
+   socket should be closed with tio_close() */
+TFILE *nslcd_client_open(void)
+  MUST_USE;
+
+/* generic request code */
+#define NSLCD_REQUEST(fp, action, writefn)                                  \
+  /* open a client socket */                                                \
+  if ((fp = nslcd_client_open()) == NULL)                                   \
+  {                                                                         \
+    ERROR_OUT_OPENERROR;                                                    \
+  }                                                                         \
+  /* write a request header with a request code */                          \
+  WRITE_INT32(fp, (int32_t)NSLCD_VERSION)                                   \
+  WRITE_INT32(fp, (int32_t)action)                                          \
+  /* write the request parameters (if any) */                               \
+  writefn;                                                                  \
+  /* flush the stream */                                                    \
+  if (tio_flush(fp) < 0)                                                    \
+  {                                                                         \
+    char ebuf[128];                                                         \
+    int saved_errno = errno;                                                \
+    DEBUG_PRINT("WRITE_FLUSH : error: %s",                                  \
+                AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)));            \
+    ERROR_OUT_WRITEERROR(fp);                                               \
+  }                                                                         \
+  /* read and check response version number */                              \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  if (tmpint32 != (int32_t)NSLCD_VERSION)                                   \
+  {                                                                         \
+    ERROR_OUT_READERROR(fp);                                                \
+  }                                                                         \
+  /* read and check response request number */                              \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  if (tmpint32 != (int32_t)(action))                                        \
+  {                                                                         \
+    ERROR_OUT_READERROR(fp);                                                \
+  }
+
+/* Read the response code (the result code of the query) from
+   the stream. */
+#define READ_RESPONSE_CODE(fp)                                              \
+  READ(fp, &tmpint32, sizeof(int32_t));                                     \
+  tmpint32 = ntohl(tmpint32);                                               \
+  if (tmpint32 != (int32_t)NSLCD_RESULT_BEGIN)                              \
+  {                                                                         \
+    ERROR_OUT_NOSUCCESS(fp);                                                \
+  }
+
+#endif /* not COMMON__NSLCD_PROT_H */
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h b/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h
new file mode 100644
index 0000000..c7dc013
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/nslcd.h
@@ -0,0 +1,305 @@
+/*
+   nslcd.h - file describing client/server protocol
+
+   Copyright (C) 2006 West Consulting
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#ifndef _NSLCD_H
+#define _NSLCD_H 1
+
+/*
+   The protocol used between the nslcd client and server is a simple binary
+   protocol. It is request/response based where the client initiates a
+   connection, does a single request and closes the connection again. Any
+   mangled or not understood messages will be silently ignored by the server.
+
+   A request looks like:
+     INT32  NSLCD_VERSION
+     INT32  NSLCD_ACTION_*
+     [request parameters if any]
+   A response looks like:
+     INT32  NSLCD_VERSION
+     INT32  NSLCD_ACTION_* (the original request type)
+     [result(s)]
+     INT32  NSLCD_RESULT_END
+   A single result entry looks like:
+     INT32  NSLCD_RESULT_BEGIN
+     [result value(s)]
+   If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL
+   functions) each return value will be preceded by a NSLCD_RESULT_BEGIN
+   value. After the last returned result the server sends
+   NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable,
+   error in the request, etc) the server terminates the connection to signal
+   an error condition (breaking the protocol).
+
+   These are the available basic data types:
+     INT32  - 32-bit integer value
+     TYPE   - a typed field that is transferred using sizeof()
+     STRING - a string length (32bit) followed by the string value (not
+              null-terminated) the string itself is assumed to be UTF-8
+     STRINGLIST - a 32-bit number noting the number of strings followed by
+                  the strings one at a time
+
+   Furthermore the ADDRESS compound data type is defined as:
+     INT32  type of address: e.g. AF_INET or AF_INET6
+     INT32  length of address
+     RAW    the address itself
+   With the ADDRESSLIST using the same construct as with STRINGLIST.
+
+   The protocol uses network byte order for all types.
+*/
+
+/* The current version of the protocol. This protocol should only be
+   updated with major backwards-incompatible changes. */
+#define NSLCD_VERSION 0x00000002
+
+/* Get a NSLCD configuration option. There is one request parameter:
+    INT32   NSLCD_CONFIG_*
+  the result value is:
+    STRING  value, interpretation depending on request */
+#define NSLCD_ACTION_CONFIG_GET        0x00010001
+
+/* return the message, if any, that is presented to the user when password
+   modification through PAM is prohibited */
+#define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE 1
+
+/* Email alias (/etc/aliases) NSS requests. The result values for a
+   single entry are:
+     STRING      alias name
+     STRINGLIST  alias rcpts */
+#define NSLCD_ACTION_ALIAS_BYNAME      0x00020001
+#define NSLCD_ACTION_ALIAS_ALL         0x00020008
+
+/* Ethernet address/name mapping NSS requests. The result values for a
+   single entry are:
+     STRING            ether name
+     TYPE(uint8_t[6])  ether address */
+#define NSLCD_ACTION_ETHER_BYNAME      0x00030001
+#define NSLCD_ACTION_ETHER_BYETHER     0x00030002
+#define NSLCD_ACTION_ETHER_ALL         0x00030008
+
+/* Group and group membership related NSS requests. The result values
+   for a single entry are:
+     STRING       group name
+     STRING       group password
+     INT32        group id
+     STRINGLIST   members (usernames) of the group
+     (not that the BYMEMER call returns an empty members list) */
+#define NSLCD_ACTION_GROUP_BYNAME      0x00040001
+#define NSLCD_ACTION_GROUP_BYGID       0x00040002
+#define NSLCD_ACTION_GROUP_BYMEMBER    0x00040006
+#define NSLCD_ACTION_GROUP_ALL         0x00040008
+
+/* Hostname (/etc/hosts) lookup NSS requests. The result values
+   for an entry are:
+     STRING       host name
+     STRINGLIST   host aliases
+     ADDRESSLIST  host addresses */
+#define NSLCD_ACTION_HOST_BYNAME       0x00050001
+#define NSLCD_ACTION_HOST_BYADDR       0x00050002
+#define NSLCD_ACTION_HOST_ALL          0x00050008
+
+/* Netgroup NSS result entries contain a number of parts. A result entry
+   starts with:
+     STRING  netgroup name
+   followed by zero or more references to other netgroups or netgroup
+   triples. A reference to another netgroup looks like:
+     INT32   NSLCD_NETGROUP_TYPE_NETGROUP
+     STRING  other netgroup name
+   A a netgroup triple looks like:
+     INT32   NSLCD_NETGROUP_TYPE_TRIPLE
+     STRING  host
+     STRING  user
+     STRING  domain
+   A netgroup result entry is terminated by:
+     INT32   NSLCD_NETGROUP_TYPE_END
+   */
+#define NSLCD_ACTION_NETGROUP_BYNAME   0x00060001
+#define NSLCD_ACTION_NETGROUP_ALL      0x00060008
+#define NSLCD_NETGROUP_TYPE_NETGROUP 1
+#define NSLCD_NETGROUP_TYPE_TRIPLE   2
+#define NSLCD_NETGROUP_TYPE_END      3
+
+/* Network name (/etc/networks) NSS requests. Result values for a single
+   entry are:
+     STRING       network name
+     STRINGLIST   network aliases
+     ADDRESSLIST  network addresses */
+#define NSLCD_ACTION_NETWORK_BYNAME    0x00070001
+#define NSLCD_ACTION_NETWORK_BYADDR    0x00070002
+#define NSLCD_ACTION_NETWORK_ALL       0x00070008
+
+/* User account (/etc/passwd) NSS requests. Result values are:
+     STRING       user name
+     STRING       user password
+     INT32        user id
+     INT32        group id
+     STRING       gecos information
+     STRING       home directory
+     STRING       login shell */
+#define NSLCD_ACTION_PASSWD_BYNAME     0x00080001
+#define NSLCD_ACTION_PASSWD_BYUID      0x00080002
+#define NSLCD_ACTION_PASSWD_ALL        0x00080008
+
+/* Protocol information requests. Result values are:
+     STRING      protocol name
+     STRINGLIST  protocol aliases
+     INT32       protocol number */
+#define NSLCD_ACTION_PROTOCOL_BYNAME   0x00090001
+#define NSLCD_ACTION_PROTOCOL_BYNUMBER 0x00090002
+#define NSLCD_ACTION_PROTOCOL_ALL      0x00090008
+
+/* RPC information requests. Result values are:
+     STRING      rpc name
+     STRINGLIST  rpc aliases
+     INT32       rpc number */
+#define NSLCD_ACTION_RPC_BYNAME        0x000a0001
+#define NSLCD_ACTION_RPC_BYNUMBER      0x000a0002
+#define NSLCD_ACTION_RPC_ALL           0x000a0008
+
+/* Service (/etc/services) information requests. The BYNAME and BYNUMBER
+   requests contain an extra protocol string in the request which, if not
+   blank, will filter the services by this protocol. Result values are:
+     STRING      service name
+     STRINGLIST  service aliases
+     INT32       service (port) number
+     STRING      service protocol */
+#define NSLCD_ACTION_SERVICE_BYNAME    0x000b0001
+#define NSLCD_ACTION_SERVICE_BYNUMBER  0x000b0002
+#define NSLCD_ACTION_SERVICE_ALL       0x000b0008
+
+/* Extended user account (/etc/shadow) information requests. Result
+   values for a single entry are:
+     STRING  user name
+     STRING  user password
+     INT32   last password change
+     INT32   mindays
+     INT32   maxdays
+     INT32   warn
+     INT32   inact
+     INT32   expire
+     INT32   flag */
+#define NSLCD_ACTION_SHADOW_BYNAME     0x000c0001
+#define NSLCD_ACTION_SHADOW_ALL        0x000c0008
+
+/* PAM-related requests. The request parameters for all these requests
+   begin with:
+     STRING  user name
+     STRING  service name
+     STRING  ruser
+     STRING  rhost
+     STRING  tty
+   If the user is not known in LDAP no result may be returned (immediately
+   return NSLCD_RESULT_END instead of a PAM error code). */
+
+/* PAM authentication check request. The extra request values are:
+     STRING  password
+   and the result value consists of:
+     INT32   authc NSLCD_PAM_* result code
+     STRING  user name (the canonical user name)
+     INT32   authz NSLCD_PAM_* result code
+     STRING  authorisation error message
+   If the username is empty in this request an attempt is made to
+   authenticate as the administrator (set using rootpwmoddn).
+   Some authorisation checks are already done during authentication so the
+   response also includes authorisation information. */
+#define NSLCD_ACTION_PAM_AUTHC         0x000d0001
+
+/* PAM authorisation check request. The result value consists of:
+     INT32   authz NSLCD_PAM_* result code
+     STRING  authorisation error message
+   The authentication check may have already returned some authorisation
+   information. The authorisation error message, if supplied, will be used
+   by the PAM module instead of a message that is generated by the PAM
+   module itself. */
+#define NSLCD_ACTION_PAM_AUTHZ         0x000d0002
+
+/* PAM session open request. The result value consists of:
+     STRING   session id
+   This session id may be used to close this session with. */
+#define NSLCD_ACTION_PAM_SESS_O        0x000d0003
+
+/* PAM session close request. This request has the following
+   extra request value:
+     STRING   session id
+   and this calls only returns an empty response value. */
+#define NSLCD_ACTION_PAM_SESS_C        0x000d0004
+
+/* PAM password modification request. This requests has the following extra
+   request values:
+     INT32   asroot: 0=oldpasswd is user passwd, 1=oldpasswd is root passwd
+     STRING  old password
+     STRING  new password
+   and returns there extra result values:
+     INT32   NSLCD_PAM_* result code
+     STRING  error message */
+#define NSLCD_ACTION_PAM_PWMOD         0x000d0005
+
+/* User information change request. This request allows one to change
+   their full name and other information. The request parameters for this
+   request are:
+     STRING  user name
+     INT32   asroot: 0=passwd is user passwd, 1=passwd is root passwd
+     STRING  password
+   followed by one or more of the below, terminated by NSLCD_USERMOD_END
+     INT32   NSLCD_USERMOD_*
+     STRING  new value
+   the response consists of one or more of the entries below, terminated
+   by NSLCD_USERMOD_END:
+     INT32   NSLCD_USERMOD_*
+     STRING  response
+   (if the response is blank, the change went OK, otherwise the string
+   contains an error message)
+   */
+#define NSLCD_ACTION_USERMOD           0x000e0001
+
+/* These are the possible values for the NSLCD_ACTION_USERMOD operation
+   above. */
+#define NSLCD_USERMOD_END        0 /* end of change values */
+#define NSLCD_USERMOD_RESULT     1 /* global result value */
+#define NSLCD_USERMOD_FULLNAME   2 /* full name */
+#define NSLCD_USERMOD_ROOMNUMBER 3 /* room number */
+#define NSLCD_USERMOD_WORKPHONE  4 /* office phone number */
+#define NSLCD_USERMOD_HOMEPHONE  5 /* home phone number */
+#define NSLCD_USERMOD_OTHER      6 /* other info */
+#define NSLCD_USERMOD_HOMEDIR    7 /* home directory */
+#define NSLCD_USERMOD_SHELL      8 /* login shell */
+
+/* Request result codes. */
+#define NSLCD_RESULT_BEGIN 1
+#define NSLCD_RESULT_END   2
+
+/* Partial list of PAM result codes. */
+#define NSLCD_PAM_SUCCESS             0 /* everything ok */
+#define NSLCD_PAM_PERM_DENIED         6 /* Permission denied */
+#define NSLCD_PAM_AUTH_ERR            7 /* Authc failure */
+#define NSLCD_PAM_CRED_INSUFFICIENT   8 /* Cannot access authc data */
+#define NSLCD_PAM_AUTHINFO_UNAVAIL    9 /* Cannot retrieve authc info */
+#define NSLCD_PAM_USER_UNKNOWN       10 /* User not known */
+#define NSLCD_PAM_MAXTRIES           11 /* Retry limit reached */
+#define NSLCD_PAM_NEW_AUTHTOK_REQD   12 /* Password expired */
+#define NSLCD_PAM_ACCT_EXPIRED       13 /* Account expired */
+#define NSLCD_PAM_SESSION_ERR        14 /* Cannot make/remove session record */
+#define NSLCD_PAM_AUTHTOK_ERR        20 /* Authentication token manipulation error */
+#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
+#define NSLCD_PAM_IGNORE             25 /* Ignore module */
+#define NSLCD_PAM_ABORT              26 /* Fatal error */
+#define NSLCD_PAM_AUTHTOK_EXPIRED    27 /* authentication token has expired */
+
+#endif /* not _NSLCD_H */
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.c b/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.c
new file mode 100644
index 0000000..012e680
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.c
@@ -0,0 +1,520 @@
+/*
+   tio.c - timed io functions
+   This file is part of the nss-pam-ldapd library.
+
+   Copyright (C) 2007-2014 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+#include "portable.h"
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif /* HAVE_STDINT_H */
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <errno.h>
+#include <string.h>
+#include <signal.h>
+#include <stdio.h>
+#include <limits.h>
+#include <poll.h>
+#include <time.h>
+
+#include "tio.h"
+
+/* for platforms that don't have ETIME use ETIMEDOUT */
+#ifndef ETIME
+#define ETIME ETIMEDOUT
+#endif /* ETIME */
+
+/* structure that holds a buffer
+   the buffer contains the data that is between the application and the
+   file descriptor that is used for efficient transfer
+   the buffer is built up as follows:
+   |.....********......|
+         ^start        ^size
+         ^--len--^           */
+struct tio_buffer {
+  uint8_t *buffer;
+  size_t size;      /* the size of the buffer */
+  size_t maxsize;   /* the maximum size of the buffer */
+  size_t start;     /* the start of the data (before start is unused) */
+  size_t len;       /* size of the data (from the start) */
+};
+
+/* structure that holds all the state for files */
+struct tio_fileinfo {
+  int fd;
+  struct tio_buffer readbuffer;
+  struct tio_buffer writebuffer;
+  int readtimeout;
+  int writetimeout;
+  int read_resettable; /* whether the tio_reset() function can be called */
+#ifdef DEBUG_TIO_STATS
+  /* this is used to collect statistics on the use of the streams
+     and can be used to tune the buffer sizes */
+  size_t byteswritten;
+  size_t bytesread;
+#endif /* DEBUG_TIO_STATS */
+};
+
+/* some older versions of Solaris don't provide CLOCK_MONOTONIC but do have
+   a CLOCK_HIGHRES that has the same properties we need */
+#ifndef CLOCK_MONOTONIC
+#ifdef CLOCK_HIGHRES
+#define CLOCK_MONOTONIC CLOCK_HIGHRES
+#endif /* CLOCK_HIGHRES */
+#endif /* not CLOCK_MONOTONIC */
+
+/* update the timeout to the value that is remaining before the deadline
+   returns the number of milliseconds before the deadline (or a negative
+   value of the deadline has expired) */
+static inline int tio_time_remaining(struct timespec *deadline, int timeout)
+{
+  struct timespec tv;
+  /* if this is the first call, set the deadline and return the full time */
+  if ((deadline->tv_sec == 0) && (deadline->tv_nsec == 0))
+  {
+    if (clock_gettime(CLOCK_MONOTONIC, deadline) == 0)
+    {
+      deadline->tv_sec += timeout / 1000;
+      deadline->tv_nsec += (timeout % 1000) * 1000000;
+    }
+    return timeout;
+  }
+  /* get the current time (fall back to full time on error) */
+  if (clock_gettime(CLOCK_MONOTONIC, &tv))
+    return timeout;
+  /* calculate time remaining in milliseconds */
+  return (deadline->tv_sec - tv.tv_sec) * 1000 +
+         (deadline->tv_nsec - tv.tv_nsec) / 1000000;
+}
+
+/* open a new TFILE based on the file descriptor */
+TFILE *tio_fdopen(int fd, int readtimeout, int writetimeout,
+                  size_t initreadsize, size_t maxreadsize,
+                  size_t initwritesize, size_t maxwritesize)
+{
+  struct tio_fileinfo *fp;
+  fp = (struct tio_fileinfo *)malloc(sizeof(struct tio_fileinfo));
+  if (fp == NULL)
+    return NULL;
+  fp->fd = fd;
+  /* initialize read buffer */
+  fp->readbuffer.buffer = (uint8_t *)malloc(initreadsize);
+  if (fp->readbuffer.buffer == NULL)
+  {
+    free(fp);
+    return NULL;
+  }
+  fp->readbuffer.size = initreadsize;
+  fp->readbuffer.maxsize = maxreadsize;
+  fp->readbuffer.start = 0;
+  fp->readbuffer.len = 0;
+  /* initialize write buffer */
+  fp->writebuffer.buffer = (uint8_t *)malloc(initwritesize);
+  if (fp->writebuffer.buffer == NULL)
+  {
+    free(fp->readbuffer.buffer);
+    free(fp);
+    return NULL;
+  }
+  fp->writebuffer.size = initwritesize;
+  fp->writebuffer.maxsize = maxwritesize;
+  fp->writebuffer.start = 0;
+  fp->writebuffer.len = 0;
+  /* initialize other attributes */
+  fp->readtimeout = readtimeout;
+  fp->writetimeout = writetimeout;
+  fp->read_resettable = 0;
+#ifdef DEBUG_TIO_STATS
+  fp->byteswritten = 0;
+  fp->bytesread = 0;
+#endif /* DEBUG_TIO_STATS */
+  return fp;
+}
+
+/* wait for any activity on the specified file descriptor using
+   the specified deadline */
+static int tio_wait(int fd, short events, int timeout,
+                    struct timespec *deadline)
+{
+  int t;
+  struct pollfd fds[1];
+  int rv;
+  while (1)
+  {
+    fds[0].fd = fd;
+    fds[0].events = events;
+    /* figure out the time we need to wait */
+    if ((t = tio_time_remaining(deadline, timeout)) < 0)
+    {
+      errno = ETIME;
+      return -1;
+    }
+    /* sanity check for moving clock */
+    if (t > timeout)
+      t = timeout;
+    /* wait for activity */
+    rv = poll(fds, 1, t);
+    if (rv > 0)
+      return 0; /* we have activity */
+    else if (rv == 0)
+    {
+      /* no file descriptors were available within the specified time */
+      errno = ETIME;
+      return -1;
+    }
+    else if ((errno != EINTR) && (errno != EAGAIN))
+      /* some error occurred */
+      return -1;
+    /* we just try again on EINTR or EAGAIN */
+  }
+}
+
+/* do a read on the file descriptor, returning the data in the buffer
+   if no data was read in the specified time an error is returned */
+int tio_read(TFILE *fp, void *buf, size_t count)
+{
+  struct timespec deadline = {0, 0};
+  int rv;
+  uint8_t *tmp;
+  size_t newsz;
+  size_t len;
+  /* have a more convenient storage type for the buffer */
+  uint8_t *ptr = (uint8_t *)buf;
+  /* loop until we have returned all the needed data */
+  while (1)
+  {
+    /* check if we have enough data in the buffer */
+    if (fp->readbuffer.len >= count)
+    {
+      if (count > 0)
+      {
+        if (ptr != NULL)
+          memcpy(ptr, fp->readbuffer.buffer + fp->readbuffer.start, count);
+        /* adjust buffer position */
+        fp->readbuffer.start += count;
+        fp->readbuffer.len -= count;
+      }
+      return 0;
+    }
+    /* empty what we have and continue from there */
+    if (fp->readbuffer.len > 0)
+    {
+      if (ptr != NULL)
+      {
+        memcpy(ptr, fp->readbuffer.buffer + fp->readbuffer.start,
+               fp->readbuffer.len);
+        ptr += fp->readbuffer.len;
+      }
+      count -= fp->readbuffer.len;
+      fp->readbuffer.start += fp->readbuffer.len;
+      fp->readbuffer.len = 0;
+    }
+    /* after this point until the read fp->readbuffer.len is 0 */
+    if (!fp->read_resettable)
+    {
+      /* the stream is not resettable, re-use the buffer */
+      fp->readbuffer.start = 0;
+    }
+    else if (fp->readbuffer.start >= (fp->readbuffer.size - 4))
+    {
+      /* buffer is running empty, try to grow buffer */
+      if (fp->readbuffer.size < fp->readbuffer.maxsize)
+      {
+        newsz = fp->readbuffer.size * 2;
+        if (newsz > fp->readbuffer.maxsize)
+          newsz = fp->readbuffer.maxsize;
+        tmp = realloc(fp->readbuffer.buffer, newsz);
+        if (tmp != NULL)
+        {
+          fp->readbuffer.buffer = tmp;
+          fp->readbuffer.size = newsz;
+        }
+      }
+      /* if buffer still does not contain enough room, clear resettable */
+      if (fp->readbuffer.start >= (fp->readbuffer.size - 4))
+      {
+        fp->readbuffer.start = 0;
+        fp->read_resettable = 0;
+      }
+    }
+    /* wait until we have input */
+    if (tio_wait(fp->fd, POLLIN, fp->readtimeout, &deadline))
+      return -1;
+    /* read the input in the buffer */
+    len = fp->readbuffer.size - fp->readbuffer.start;
+#ifdef SSIZE_MAX
+    if (len > SSIZE_MAX)
+      len = SSIZE_MAX;
+#endif /* SSIZE_MAX */
+    rv = read(fp->fd, fp->readbuffer.buffer + fp->readbuffer.start, len);
+    /* check for errors */
+    if (rv == 0)
+    {
+      errno = ECONNRESET;
+      return -1;
+    }
+    else if ((rv < 0) && (errno != EINTR) && (errno != EAGAIN))
+      return -1;        /* something went wrong with the read */
+    else if (rv > 0)
+      fp->readbuffer.len = rv;  /* skip the read part in the buffer */
+#ifdef DEBUG_TIO_STATS
+    fp->bytesread += rv;
+#endif /* DEBUG_TIO_STATS */
+  }
+}
+
+/* Read and discard the specified number of bytes from the stream. */
+int tio_skip(TFILE *fp, size_t count)
+{
+  return tio_read(fp, NULL, count);
+}
+
+/* Read all available data from the stream and empty the read buffer. */
+int tio_skipall(TFILE *fp, int timeout)
+{
+  struct timespec deadline = {0, 0};
+  int rv;
+  size_t len;
+  /* clear the read buffer */
+  fp->readbuffer.start = 0;
+  fp->readbuffer.len = 0;
+  fp->read_resettable = 0;
+  /* read until we can't read no more */
+  len = fp->readbuffer.size;
+#ifdef SSIZE_MAX
+  if (len > SSIZE_MAX)
+    len = SSIZE_MAX;
+#endif /* SSIZE_MAX */
+  while (1)
+  {
+    /* wait until we have input */
+    if (tio_wait(fp->fd, POLLIN, timeout, &deadline))
+      return -1;
+    /* read data from the stream */
+    rv = read(fp->fd, fp->readbuffer.buffer, len);
+    if (rv == 0)
+      return 0; /* end-of-file */
+    if ((rv < 0) && (errno == EWOULDBLOCK))
+      return 0; /* we've ready everything we can without blocking */
+    if ((rv < 0) && (errno != EINTR) && (errno != EAGAIN))
+      return -1; /* something went wrong with the read */
+  }
+}
+
+/* the caller has assured us that we can write to the file descriptor
+   and we give it a shot */
+static int tio_writebuf(TFILE *fp)
+{
+  int rv;
+  /* write the buffer */
+#ifdef MSG_NOSIGNAL
+  rv = send(fp->fd, fp->writebuffer.buffer + fp->writebuffer.start,
+            fp->writebuffer.len, MSG_NOSIGNAL);
+#else /* not MSG_NOSIGNAL */
+  /* on platforms that cannot use send() with masked signals, we change the
+     signal mask and change it back after the write (note that there is a
+     race condition here) */
+  struct sigaction act, oldact;
+  /* set up sigaction */
+  memset(&act, 0, sizeof(struct sigaction));
+  act.sa_sigaction = NULL;
+  act.sa_handler = SIG_IGN;
+  sigemptyset(&act.sa_mask);
+  act.sa_flags = SA_RESTART;
+  /* ignore SIGPIPE */
+  if (sigaction(SIGPIPE, &act, &oldact) != 0)
+    return -1; /* error setting signal handler */
+  /* write the buffer */
+  rv = write(fp->fd, fp->writebuffer.buffer + fp->writebuffer.start,
+             fp->writebuffer.len);
+  /* restore the old handler for SIGPIPE */
+  if (sigaction(SIGPIPE, &oldact, NULL) != 0)
+    return -1; /* error restoring signal handler */
+#endif
+  /* check for errors */
+  if ((rv == 0) || ((rv < 0) && (errno != EINTR) && (errno != EAGAIN)))
+    return -1; /* something went wrong with the write */
+  /* skip the written part in the buffer */
+  if (rv > 0)
+  {
+    fp->writebuffer.start += rv;
+    fp->writebuffer.len -= rv;
+#ifdef DEBUG_TIO_STATS
+    fp->byteswritten += rv;
+#endif /* DEBUG_TIO_STATS */
+    /* reset start if len is 0 */
+    if (fp->writebuffer.len == 0)
+      fp->writebuffer.start = 0;
+    /* move contents of the buffer to the front if it will save enough room */
+    if (fp->writebuffer.start >= (fp->writebuffer.size / 4))
+    {
+      memmove(fp->writebuffer.buffer,
+              fp->writebuffer.buffer + fp->writebuffer.start,
+              fp->writebuffer.len);
+      fp->writebuffer.start = 0;
+    }
+  }
+  return 0;
+}
+
+/* write all the data in the buffer to the stream */
+int tio_flush(TFILE *fp)
+{
+  struct timespec deadline = {0, 0};
+  /* loop until we have written our buffer */
+  while (fp->writebuffer.len > 0)
+  {
+    /* wait until we can write */
+    if (tio_wait(fp->fd, POLLOUT, fp->writetimeout, &deadline))
+      return -1;
+    /* write one block */
+    if (tio_writebuf(fp))
+      return -1;
+  }
+  return 0;
+}
+
+/* try a single write of data in the buffer if the file descriptor
+   will accept data */
+static int tio_flush_nonblock(TFILE *fp)
+{
+  struct pollfd fds[1];
+  int rv;
+  /* see if we can write without blocking */
+  fds[0].fd = fp->fd;
+  fds[0].events = POLLOUT;
+  rv = poll(fds, 1, 0);
+  /* check if any file descriptors were ready (timeout) or we were
+     interrupted */
+  if ((rv == 0) || ((rv < 0) && ((errno == EINTR) || (errno == EAGAIN))))
+    return 0;
+  /* any other errors? */
+  if (rv < 0)
+    return -1;
+  /* so file descriptor will accept writes */
+  return tio_writebuf(fp);
+}
+
+int tio_write(TFILE *fp, const void *buf, size_t count)
+{
+  size_t fr;
+  uint8_t *tmp;
+  size_t newsz;
+  const uint8_t *ptr = (const uint8_t *)buf;
+  /* keep filling the buffer until we have buffered everything */
+  while (count > 0)
+  {
+    /* figure out free size in buffer */
+    fr = fp->writebuffer.size - (fp->writebuffer.start + fp->writebuffer.len);
+    if (count <= fr)
+    {
+      /* the data fits in the buffer */
+      memcpy(fp->writebuffer.buffer + fp->writebuffer.start +
+             fp->writebuffer.len, ptr, count);
+      fp->writebuffer.len += count;
+      return 0;
+    }
+    else if (fr > 0)
+    {
+      /* fill the buffer with data that will fit */
+      memcpy(fp->writebuffer.buffer + fp->writebuffer.start +
+             fp->writebuffer.len, ptr, fr);
+      fp->writebuffer.len += fr;
+      ptr += fr;
+      count -= fr;
+    }
+    /* try to flush some of the data that is in the buffer */
+    if (tio_flush_nonblock(fp))
+      return -1;
+    /* if we have room now, try again */
+    if (fp->writebuffer.size > (fp->writebuffer.start + fp->writebuffer.len))
+      continue;
+    /* try to grow the buffer */
+    if (fp->writebuffer.size < fp->writebuffer.maxsize)
+    {
+      newsz = fp->writebuffer.size * 2;
+      if (newsz > fp->writebuffer.maxsize)
+        newsz = fp->writebuffer.maxsize;
+      tmp = realloc(fp->writebuffer.buffer, newsz);
+      if (tmp != NULL)
+      {
+        fp->writebuffer.buffer = tmp;
+        fp->writebuffer.size = newsz;
+        continue; /* try again */
+      }
+    }
+    /* write the buffer to the stream */
+    if (tio_flush(fp))
+      return -1;
+  }
+  return 0;
+}
+
+int tio_close(TFILE *fp)
+{
+  int retv;
+  /* write any buffered data */
+  retv = tio_flush(fp);
+#ifdef DEBUG_TIO_STATS
+  /* dump statistics to stderr */
+  fprintf(stderr, "DEBUG_TIO_STATS READ=%d WRITTEN=%d\n", fp->bytesread,
+          fp->byteswritten);
+#endif /* DEBUG_TIO_STATS */
+  /* close file descriptor */
+  if (close(fp->fd))
+    retv = -1;
+  /* free any allocated buffers */
+  memset(fp->readbuffer.buffer, 0, fp->readbuffer.size);
+  memset(fp->writebuffer.buffer, 0, fp->writebuffer.size);
+  free(fp->readbuffer.buffer);
+  free(fp->writebuffer.buffer);
+  /* free the tio struct itself */
+  free(fp);
+  /* return the result of the earlier operations */
+  return retv;
+}
+
+void tio_mark(TFILE *fp)
+{
+  /* move any data in the buffer to the start of the buffer */
+  if ((fp->readbuffer.start > 0) && (fp->readbuffer.len > 0))
+  {
+    memmove(fp->readbuffer.buffer,
+            fp->readbuffer.buffer + fp->readbuffer.start, fp->readbuffer.len);
+    fp->readbuffer.start = 0;
+  }
+  /* mark the stream as resettable */
+  fp->read_resettable = 1;
+}
+
+int tio_reset(TFILE *fp)
+{
+  /* check if the stream is (still) resettable */
+  if (!fp->read_resettable)
+    return -1;
+  /* reset the buffer */
+  fp->readbuffer.len += fp->readbuffer.start;
+  fp->readbuffer.start = 0;
+  return 0;
+}
diff --git a/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.h b/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.h
new file mode 100644
index 0000000..95f9812
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nss-pam-ldapd/tio.h
@@ -0,0 +1,83 @@
+/*
+   tio.h - timed io functions
+   This file is part of the nss-pam-ldapd library.
+
+   Copyright (C) 2007, 2008, 2010, 2012, 2013 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+/*
+
+   TODO: Add some documentation here.
+
+   the SIGPIPE signal should be ignored (is ignored in this code)
+
+   This library is not thread safe. You cannot share TFILE objects between
+   threads and expect to be able to read and write from them in different
+   threads. All the state is in the TFILE object so calls to this library on
+   different objects can be done in parallel.
+
+*/
+
+#ifndef COMMON__TIO_H
+#define COMMON__TIO_H
+
+#include <sys/time.h>
+#include <sys/types.h>
+
+#include "attrs.h"
+
+/* This is a generic file handle used for reading and writing
+   (something like FILE from stdio.h). */
+typedef struct tio_fileinfo TFILE;
+
+/* Open a new TFILE based on the file descriptor. The timeout is set for any
+   operation (value in milliseconds). */
+TFILE *tio_fdopen(int fd, int readtimeout, int writetimeout,
+                  size_t initreadsize, size_t maxreadsize,
+                  size_t initwritesize, size_t maxwritesize)
+  LIKE_MALLOC MUST_USE;
+
+/* Read the specified number of bytes from the stream. */
+int tio_read(TFILE *fp, void *buf, size_t count);
+
+/* Read and discard the specified number of bytes from the stream. */
+int tio_skip(TFILE *fp, size_t count);
+
+/* Read all available data from the stream and empty the read buffer. */
+int tio_skipall(TFILE *fp, int timeout);
+
+/* Write the specified buffer to the stream. */
+int tio_write(TFILE *fp, const void *buf, size_t count);
+
+/* Write out all buffered data to the stream. */
+int tio_flush(TFILE *fp);
+
+/* Flush the streams and closes the underlying file descriptor. */
+int tio_close(TFILE *fp);
+
+/* Store the current position in the stream so that we can jump back to it
+   with the tio_reset() function. */
+void tio_mark(TFILE *fp);
+
+/* Rewinds the stream to the point set by tio_mark(). Note that this only
+   resets the read stream and not the write stream. This function returns
+   whether the reset was successful (this function may fail if the buffers
+   were full). */
+int tio_reset(TFILE *fp);
+
+#endif /* COMMON__TIO_H */
diff --git a/contrib/slapd-modules/nssov/nssov.c b/contrib/slapd-modules/nssov/nssov.c
new file mode 100644
index 0000000..c8e4187
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nssov.c
@@ -0,0 +1,1045 @@
+/* nssov.c - nss-ldap overlay for slapd */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * Portions Copyright 2013 by Ted C. Cheng, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+#ifndef SLAPD_OVER_NSSOV
+#define SLAPD_OVER_NSSOV SLAPD_MOD_DYNAMIC
+#endif
+
+#include "slap-config.h"
+
+#include "lutil.h"
+
+#include <ac/errno.h>
+#include <ac/unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+AttributeDescription *nssov_pam_host_ad;
+AttributeDescription *nssov_pam_svc_ad;
+
+/* buffer sizes for I/O */
+#define READBUFFER_MINSIZE 32
+#define READBUFFER_MAXSIZE 64
+#define WRITEBUFFER_MINSIZE 64
+#define WRITEBUFFER_MAXSIZE 64*1024
+
+/* Find the given attribute's value in the RDN of the DN */
+void nssov_find_rdnval(struct berval *dn, AttributeDescription *ad, struct berval *value)
+{
+	struct berval rdn;
+	char *next;
+
+	BER_BVZERO(value);
+	dnRdn( dn, &rdn );
+	do {
+		next = ber_bvchr( &rdn, '+' );
+		if ( rdn.bv_val[ad->ad_cname.bv_len] == '=' &&
+			!ber_bvcmp( &rdn, &ad->ad_cname )) {
+			if ( next )
+				rdn.bv_len = next - rdn.bv_val;
+			value->bv_val = rdn.bv_val + ad->ad_cname.bv_len + 1;
+			value->bv_len = rdn.bv_len - ad->ad_cname.bv_len - 1;
+			break;
+		}
+		if ( !next )
+			break;
+		next++;
+		rdn.bv_len -= next - rdn.bv_val;
+		rdn.bv_val = next;
+	} while (1);
+}
+
+/* create a search filter using a name that requires escaping */
+int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf)
+{
+	char buf2[1024];
+	struct berval bv2 = {sizeof(buf2),buf2};
+
+	/* escape attribute */
+	if (nssov_escape(name,&bv2))
+		return -1;
+	/* build filter */
+	if (bv2.bv_len + mi->mi_filter.bv_len + mi->mi_attrs[key].an_desc->ad_cname.bv_len + 6 >
+		buf->bv_len )
+		return -1;
+	buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
+		mi->mi_filter.bv_val, mi->mi_attrs[key].an_desc->ad_cname.bv_val,
+		bv2.bv_val );
+	return 0;
+}
+
+/* create a search filter using a string converted from an int */
+int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf)
+{
+	/* build filter */
+	if (id->bv_len + mi->mi_filter.bv_len + mi->mi_attrs[key].an_desc->ad_cname.bv_len + 6 >
+		buf->bv_len )
+		return -1;
+	buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
+		mi->mi_filter.bv_val, mi->mi_attrs[key].an_desc->ad_cname.bv_val,
+		id->bv_val );
+	return 0;
+}
+
+void get_userpassword(struct berval *attr,struct berval *pw)
+{
+	int i;
+	/* go over the entries and return the remainder of the value if it
+		 starts with {crypt} or crypt$ */
+	for (i=0;!BER_BVISNULL(&attr[i]);i++)
+	{
+		if (strncasecmp(attr[i].bv_val,"{crypt}",7)==0) {
+			pw->bv_val = attr[i].bv_val + 7;
+			pw->bv_len = attr[i].bv_len - 7;
+			return;
+		}
+		if (strncasecmp(attr[i].bv_val,"crypt$",6)==0) {
+			pw->bv_val = attr[i].bv_val + 6;
+			pw->bv_len = attr[i].bv_len - 6;
+			return;
+		}
+	}
+	/* just return the first value completely */
+	*pw = *attr;
+	/* TODO: support more password formats e.g. SMD5
+		(which is $1$ but in a different format)
+		(any code for this is more than welcome) */
+}
+
+/* this writes a single address to the stream */
+int write_address(TFILE *fp,struct berval *addr)
+{
+	int32_t tmpint32;
+	struct in_addr ipv4addr;
+	struct in6_addr ipv6addr;
+	/* try to parse the address as IPv4 first, fall back to IPv6 */
+	if (inet_pton(AF_INET,addr->bv_val,&ipv4addr)>0)
+	{
+		/* write address type */
+		WRITE_INT32(fp,AF_INET);
+		/* write the address length */
+		WRITE_INT32(fp,sizeof(struct in_addr));
+		/* write the address itself (in network byte order) */
+		WRITE(fp,&ipv4addr,sizeof(struct in_addr));
+	}
+	else if (inet_pton(AF_INET6,addr->bv_val,&ipv6addr)>0)
+	{
+		/* write address type */
+		WRITE_INT32(fp,AF_INET6);
+		/* write the address length */
+		WRITE_INT32(fp,sizeof(struct in6_addr));
+		/* write the address itself (in network byte order) */
+		WRITE(fp,&ipv6addr,sizeof(struct in6_addr));
+	}
+	else
+	{
+		/* failure, log but write simple invalid address
+			 (otherwise the address list is messed up) */
+		/* TODO: have error message in correct format */
+		Debug(LDAP_DEBUG_ANY,"nssov: unparsable address: %s\n",addr->bv_val );
+		/* write an illegal address type */
+		WRITE_INT32(fp,-1);
+		/* write an empty address */
+		WRITE_INT32(fp,0);
+	}
+	/* we're done */
+	return 0;
+}
+
+int read_address(TFILE *fp,char *addr,int *addrlen,int *af)
+{
+	int32_t tmpint32;
+	int len;
+	/* read address family */
+	READ_INT32(fp,*af);
+	if ((*af!=AF_INET)&&(*af!=AF_INET6))
+	{
+		Debug(LDAP_DEBUG_ANY,"nssov: incorrect address family specified: %d\n",*af );
+		return -1;
+	}
+	/* read address length */
+	READ_INT32(fp,len);
+	if ((len>*addrlen)||(len<=0))
+	{
+		Debug(LDAP_DEBUG_ANY,"nssov: address length incorrect: %d\n",len );
+		return -1;
+	}
+	*addrlen=len;
+	/* read address */
+	READ(fp,addr,len);
+	/* we're done */
+	return 0;
+}
+
+int nssov_escape(struct berval *src,struct berval *dst)
+{
+	size_t pos=0;
+	int i;
+	/* go over all characters in source string */
+	for (i=0;i<src->bv_len;i++)
+	{
+		/* check if char will fit */
+		if (pos>=(dst->bv_len-4))
+			return -1;
+		/* do escaping for some characters */
+		switch (src->bv_val[i])
+		{
+			case '*':
+				strcpy(dst->bv_val+pos,"\\2a");
+				pos+=3;
+				break;
+			case '(':
+				strcpy(dst->bv_val+pos,"\\28");
+				pos+=3;
+				break;
+			case ')':
+				strcpy(dst->bv_val+pos,"\\29");
+				pos+=3;
+				break;
+			case '\\':
+				strcpy(dst->bv_val+pos,"\\5c");
+				pos+=3;
+				break;
+			default:
+				/* just copy character */
+				dst->bv_val[pos++]=src->bv_val[i];
+				break;
+		}
+	}
+	/* terminate destination string */
+	dst->bv_val[pos]='\0';
+	dst->bv_len = pos;
+	return 0;
+}
+
+/* read the version information and action from the stream
+   this function returns the read action in location pointer to by action */
+static int read_header(TFILE *fp,int32_t *action)
+{
+  int32_t tmpint32;
+  /* read the protocol version */
+  READ_INT32(fp,tmpint32);
+  if (tmpint32 != (int32_t)NSLCD_VERSION)
+  {
+    Debug( LDAP_DEBUG_TRACE,"nssov: wrong nslcd version id (%d)\n",(int)tmpint32 );
+    return -1;
+  }
+  /* read the request type */
+  READ_INT32(fp,*action);
+  return 0;
+}
+
+int nssov_config(nssov_info *ni,TFILE *fp,Operation *op)
+{
+	int opt;
+	int32_t tmpint32;
+
+	READ_INT32(fp,opt);
+
+	Debug(LDAP_DEBUG_TRACE, "nssov_config (%d)\n",opt );
+
+	WRITE_INT32(fp,NSLCD_VERSION);
+	WRITE_INT32(fp,NSLCD_ACTION_CONFIG_GET);
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+
+	switch (opt) {
+	case NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE:
+		/* request for pam password_prohibit_message */
+		/* nssov_pam prohibits password  */
+		if (!BER_BVISEMPTY(&ni->ni_pam_password_prohibit_message)) {
+			Debug(LDAP_DEBUG_TRACE,"nssov_config(): %s (%s)\n",
+				"password_prohibit_message",
+				ni->ni_pam_password_prohibit_message.bv_val );
+			WRITE_STRING(fp,ni->ni_pam_password_prohibit_message.bv_val);
+		}
+	default:
+		/* all other config options are ignored */
+		break;
+	}
+
+	WRITE_INT32(fp,NSLCD_RESULT_END);
+	return 0;
+}
+
+
+/* read a request message, returns <0 in case of errors,
+   this function closes the socket */
+static void handleconnection(nssov_info *ni,int sock,Operation *op)
+{
+  TFILE *fp;
+  int32_t action;
+  int readtimeout,writetimeout;
+  uid_t uid;
+  gid_t gid;
+  char authid[sizeof("gidNumber=4294967295+uidNumber=424967295,cn=peercred,cn=external,cn=auth")];
+  char peerbuf[8];
+  struct berval peerbv = { sizeof(peerbuf), peerbuf };
+
+  /* log connection */
+  if (LUTIL_GETPEEREID(sock,&uid,&gid,&peerbv)) {
+    char ebuf[128];
+    int saved_errno = errno;
+    Debug( LDAP_DEBUG_TRACE,"nssov: connection from unknown client: %s\n",
+                      AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+  } else {
+    Debug( LDAP_DEBUG_TRACE,"nssov: connection from uid=%d gid=%d\n",
+                      (int)uid,(int)gid );
+  }
+
+  /* Should do authid mapping too */
+  op->o_dn.bv_len = sprintf(authid,"gidNumber=%d+uidNumber=%d,cn=peercred,cn=external,cn=auth",
+	(int)gid, (int)uid );
+  op->o_dn.bv_val = authid;
+  op->o_ndn = op->o_dn;
+
+  /* set the timeouts:
+   * read timeout is half a second because clients should send their request
+   * quickly, write timeout is 60 seconds because clients could be taking some
+   * time to process the results
+   */
+  readtimeout = 500;
+  writetimeout = 60000;
+  /* create a stream object */
+  if ((fp=tio_fdopen(sock,readtimeout,writetimeout,
+                     READBUFFER_MINSIZE,READBUFFER_MAXSIZE,
+                     WRITEBUFFER_MINSIZE,WRITEBUFFER_MAXSIZE))==NULL)
+  {
+    char ebuf[128];
+    int saved_errno = errno;
+    Debug( LDAP_DEBUG_ANY,"nssov: cannot create stream for writing: %s",
+                      AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+    (void)close(sock);
+    return;
+  }
+  /* read request */
+  if (read_header(fp,&action))
+  {
+    (void)tio_close(fp);
+    return;
+  }
+  /* handle request */
+  switch (action)
+  {
+    case NSLCD_ACTION_ALIAS_BYNAME:     (void)nssov_alias_byname(ni,fp,op); break;
+    case NSLCD_ACTION_ALIAS_ALL:        (void)nssov_alias_all(ni,fp,op); break;
+    case NSLCD_ACTION_ETHER_BYNAME:     (void)nssov_ether_byname(ni,fp,op); break;
+    case NSLCD_ACTION_ETHER_BYETHER:    (void)nssov_ether_byether(ni,fp,op); break;
+    case NSLCD_ACTION_ETHER_ALL:        (void)nssov_ether_all(ni,fp,op); break;
+    case NSLCD_ACTION_GROUP_BYNAME:     (void)nssov_group_byname(ni,fp,op); break;
+    case NSLCD_ACTION_GROUP_BYGID:      (void)nssov_group_bygid(ni,fp,op); break;
+    case NSLCD_ACTION_GROUP_BYMEMBER:   (void)nssov_group_bymember(ni,fp,op); break;
+    case NSLCD_ACTION_GROUP_ALL:        (void)nssov_group_all(ni,fp,op); break;
+    case NSLCD_ACTION_HOST_BYNAME:      (void)nssov_host_byname(ni,fp,op); break;
+    case NSLCD_ACTION_HOST_BYADDR:      (void)nssov_host_byaddr(ni,fp,op); break;
+    case NSLCD_ACTION_HOST_ALL:         (void)nssov_host_all(ni,fp,op); break;
+    case NSLCD_ACTION_NETGROUP_BYNAME:  (void)nssov_netgroup_byname(ni,fp,op); break;
+    case NSLCD_ACTION_NETWORK_BYNAME:   (void)nssov_network_byname(ni,fp,op); break;
+    case NSLCD_ACTION_NETWORK_BYADDR:   (void)nssov_network_byaddr(ni,fp,op); break;
+    case NSLCD_ACTION_NETWORK_ALL:      (void)nssov_network_all(ni,fp,op); break;
+    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nssov_passwd_byname(ni,fp,op); break;
+    case NSLCD_ACTION_PASSWD_BYUID:     (void)nssov_passwd_byuid(ni,fp,op); break;
+    case NSLCD_ACTION_PASSWD_ALL:       (void)nssov_passwd_all(ni,fp,op); break;
+    case NSLCD_ACTION_PROTOCOL_BYNAME:  (void)nssov_protocol_byname(ni,fp,op); break;
+    case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nssov_protocol_bynumber(ni,fp,op); break;
+    case NSLCD_ACTION_PROTOCOL_ALL:     (void)nssov_protocol_all(ni,fp,op); break;
+    case NSLCD_ACTION_RPC_BYNAME:       (void)nssov_rpc_byname(ni,fp,op); break;
+    case NSLCD_ACTION_RPC_BYNUMBER:     (void)nssov_rpc_bynumber(ni,fp,op); break;
+    case NSLCD_ACTION_RPC_ALL:          (void)nssov_rpc_all(ni,fp,op); break;
+    case NSLCD_ACTION_SERVICE_BYNAME:   (void)nssov_service_byname(ni,fp,op); break;
+    case NSLCD_ACTION_SERVICE_BYNUMBER: (void)nssov_service_bynumber(ni,fp,op); break;
+    case NSLCD_ACTION_SERVICE_ALL:      (void)nssov_service_all(ni,fp,op); break;
+    case NSLCD_ACTION_SHADOW_BYNAME:    if (uid==0) (void)nssov_shadow_byname(ni,fp,op); break;
+    case NSLCD_ACTION_SHADOW_ALL:       if (uid==0) (void)nssov_shadow_all(ni,fp,op); break;
+	case NSLCD_ACTION_PAM_AUTHC:		(void)pam_authc(ni,fp,op,uid); break;
+	case NSLCD_ACTION_PAM_AUTHZ:		(void)pam_authz(ni,fp,op); break;
+	case NSLCD_ACTION_PAM_SESS_O:		if (uid==0) (void)pam_sess_o(ni,fp,op); break;
+	case NSLCD_ACTION_PAM_SESS_C:		if (uid==0) (void)pam_sess_c(ni,fp,op); break;
+	case NSLCD_ACTION_PAM_PWMOD:		(void)pam_pwmod(ni,fp,op,uid); break;
+	case NSLCD_ACTION_CONFIG_GET:			(void)nssov_config(ni,fp,op); break;
+    default:
+      Debug( LDAP_DEBUG_ANY,"nssov: invalid request id: %d",(int)action );
+      break;
+  }
+  /* we're done with the request */
+  (void)tio_close(fp);
+  return;
+}
+
+/* accept a connection on the socket */
+static void *acceptconn(void *ctx, void *arg)
+{
+	nssov_info *ni = arg;
+	Connection conn = {0};
+	OperationBuffer opbuf;
+	Operation *op;
+	int csock;
+
+	if ( slapd_shutdown )
+		return NULL;
+
+	{
+		struct sockaddr_storage addr;
+		socklen_t alen;
+		int j;
+
+		/* accept a new connection */
+		alen=(socklen_t)sizeof(struct sockaddr_storage);
+		csock=accept(ni->ni_socket,(struct sockaddr *)&addr,&alen);
+		connection_client_enable(ni->ni_conn);
+		if (csock<0)
+		{
+			char ebuf[128];
+			int saved_errno = errno;
+			if ((errno==EINTR)||(errno==EAGAIN)||(errno==EWOULDBLOCK))
+			{
+				Debug( LDAP_DEBUG_TRACE,"nssov: accept() failed (ignored): %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+				return NULL;
+			}
+			Debug( LDAP_DEBUG_ANY,"nssov: accept() failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			return NULL;
+		}
+		/* make sure O_NONBLOCK is not inherited */
+		if ((j=fcntl(csock,F_GETFL,0))<0)
+		{
+			char ebuf[128];
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: fcntl(F_GETFL) failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(csock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return NULL;
+		}
+		if (fcntl(csock,F_SETFL,j&~O_NONBLOCK)<0)
+		{
+			char ebuf[128];
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: fcntl(F_SETFL,~O_NONBLOCK) failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(csock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return NULL;
+		}
+	}
+	connection_fake_init( &conn, &opbuf, ctx );
+	op=&opbuf.ob_op;
+	conn.c_ssf = conn.c_transport_ssf = local_ssf;
+	op->o_bd = ni->ni_db;
+	op->o_tag = LDAP_REQ_SEARCH;
+
+	/* handle the connection */
+	handleconnection(ni,csock,op);
+
+	return NULL;
+}
+
+static slap_verbmasks nss_svcs[] = {
+	{ BER_BVC("aliases"), NM_alias },
+	{ BER_BVC("ethers"), NM_ether },
+	{ BER_BVC("group"), NM_group },
+	{ BER_BVC("hosts"), NM_host },
+	{ BER_BVC("netgroup"), NM_netgroup },
+	{ BER_BVC("networks"), NM_network },
+	{ BER_BVC("passwd"), NM_passwd },
+	{ BER_BVC("protocols"), NM_protocol },
+	{ BER_BVC("rpc"), NM_rpc },
+	{ BER_BVC("services"), NM_service },
+	{ BER_BVC("shadow"), NM_shadow },
+	{ BER_BVNULL, 0 }
+};
+
+static slap_verbmasks pam_opts[] = {
+	{ BER_BVC("userhost"), NI_PAM_USERHOST },
+	{ BER_BVC("userservice"), NI_PAM_USERSVC },
+	{ BER_BVC("usergroup"), NI_PAM_USERGRP },
+	{ BER_BVC("hostservice"), NI_PAM_HOSTSVC },
+	{ BER_BVC("authz2dn"), NI_PAM_SASL2DN },
+	{ BER_BVC("uid2dn"), NI_PAM_UID2DN },
+	{ BER_BVNULL, 0 }
+};
+
+enum {
+	NSS_SSD=1,
+	NSS_MAP,
+	NSS_PAM,
+	NSS_PAMGROUP,
+	NSS_PAMSESS
+};
+
+static ConfigDriver nss_cf_gen;
+
+static ConfigTable nsscfg[] = {
+	{ "nssov-ssd", "service> <url", 3, 3, 0, ARG_MAGIC|NSS_SSD,
+		nss_cf_gen, "(OLcfgCtAt:3.1 NAME 'olcNssSsd' "
+			"DESC 'URL for searches in a given service' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "nssov-map", "service> <orig> <new", 4, 4, 0, ARG_MAGIC|NSS_MAP,
+		nss_cf_gen, "(OLcfgCtAt:3.2 NAME 'olcNssMap' "
+			"DESC 'Map <service> lookups of <orig> attr to <new> attr' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "nssov-pam", "options", 2, 0, 0, ARG_MAGIC|NSS_PAM,
+		nss_cf_gen, "(OLcfgCtAt:3.3 NAME 'olcNssPam' "
+			"DESC 'PAM authentication and authorization options' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "nssov-pam-defhost", "hostname", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+		(void *)offsetof(struct nssov_info, ni_pam_defhost),
+		"(OLcfgCtAt:3.4 NAME 'olcNssPamDefHost' "
+			"DESC 'Default hostname for service checks' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-group-dn", "DN", 2, 2, 0, ARG_MAGIC|ARG_DN|NSS_PAMGROUP,
+		nss_cf_gen, "(OLcfgCtAt:3.5 NAME 'olcNssPamGroupDN' "
+			"DESC 'DN of group in which membership is required' "
+			"EQUALITY distinguishedNameMatch "
+			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-group-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+		(void *)offsetof(struct nssov_info, ni_pam_group_ad),
+		"(OLcfgCtAt:3.6 NAME 'olcNssPamGroupAD' "
+			"DESC 'Member attribute to use for group check' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-min-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+		(void *)offsetof(struct nssov_info, ni_pam_min_uid),
+		"(OLcfgCtAt:3.7 NAME 'olcNssPamMinUid' "
+			"DESC 'Minimum UID allowed to login' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-max-uid", "uid", 2, 2, 0, ARG_OFFSET|ARG_INT,
+		(void *)offsetof(struct nssov_info, ni_pam_max_uid),
+		"(OLcfgCtAt:3.8 NAME 'olcNssPamMaxUid' "
+			"DESC 'Maximum UID allowed to login' "
+			"EQUALITY integerMatch "
+			"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-template-ad", "attr", 2, 2, 0, ARG_OFFSET|ARG_ATDESC,
+		(void *)offsetof(struct nssov_info, ni_pam_template_ad),
+		"(OLcfgCtAt:3.9 NAME 'olcNssPamTemplateAD' "
+			"DESC 'Attribute to use for template login name' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-template", "name", 2, 2, 0, ARG_OFFSET|ARG_BERVAL,
+		(void *)offsetof(struct nssov_info, ni_pam_template),
+		"(OLcfgCtAt:3.10 NAME 'olcNssPamTemplate' "
+			"DESC 'Default template login name' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-session", "service", 2, 2, 0, ARG_MAGIC|NSS_PAMSESS,
+		nss_cf_gen, "(OLcfgCtAt:3.11 NAME 'olcNssPamSession' "
+			"DESC 'Services for which sessions will be recorded' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "nssov-pam-password-prohibit-message",
+		"password_prohibit_message", 2, 2, 0,
+		ARG_OFFSET|ARG_BERVAL,
+		(void *)offsetof(struct nssov_info, ni_pam_password_prohibit_message),
+		"(OLcfgCtAt:3.12 NAME 'olcNssPamPwdProhibitMsg' "
+			"DESC 'Prohibit password modification message' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-pwdmgr-dn",
+		"pwdmgr_dn", 2, 2, 0,
+		ARG_OFFSET|ARG_BERVAL,
+		(void *)offsetof(struct nssov_info, ni_pam_pwdmgr_dn),
+		"(OLcfgCtAt:3.13 NAME 'olcPamPwdmgrDn' "
+			"DESC 'Password Manager DN' "
+			"EQUALITY distinguishedNameMatch "
+			"SYNTAX OMsDN SINGLE-VALUE )", NULL, NULL },
+	{ "nssov-pam-pwdmgr-pwd",
+		"pwdmgr_pwd", 2, 2, 0,
+		ARG_OFFSET|ARG_BERVAL,
+		(void *)offsetof(struct nssov_info, ni_pam_pwdmgr_pwd),
+		"(OLcfgCtAt:3.14 NAME 'olcPamPwdmgrPwd' "
+			"DESC 'Password Manager Pwd' "
+			"EQUALITY octetStringMatch "
+			"SYNTAX OMsOctetString SINGLE-VALUE )", NULL, NULL },
+	{ NULL, NULL, 0,0,0, ARG_IGNORED }
+};
+
+static ConfigOCs nssocs[] = {
+	{ "( OLcfgCtOc:3.1 "
+		"NAME 'olcNssOvConfig' "
+		"DESC 'NSS lookup configuration' "
+		"SUP olcOverlayConfig "
+		"MAY ( olcNssSsd $ olcNssMap $ olcNssPam $ olcNssPamDefHost $ "
+			"olcNssPamGroupDN $ olcNssPamGroupAD $ "
+			"olcNssPamMinUid $ olcNssPamMaxUid $ olcNssPamSession $ "
+			"olcNssPamTemplateAD $ olcNssPamTemplate ) )",
+		Cft_Overlay, nsscfg },
+	{ NULL, 0, NULL }
+};
+
+static int
+nss_cf_gen(ConfigArgs *c)
+{
+	slap_overinst *on = (slap_overinst *)c->bi;
+	nssov_info *ni = on->on_bi.bi_private;
+	nssov_mapinfo *mi;
+	int i, j, rc = 0;
+	slap_mask_t m;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch(c->type) {
+		case NSS_SSD:
+			rc = 1;
+			for (i=NM_alias;i<NM_NONE;i++) {
+				struct berval scope;
+				struct berval ssd;
+				struct berval base;
+
+				mi = &ni->ni_maps[i];
+
+				/* ignore all-default services */
+				if ( mi->mi_scope == LDAP_SCOPE_DEFAULT &&
+					bvmatch( &mi->mi_filter, &mi->mi_filter0 ) &&
+					BER_BVISNULL( &mi->mi_base ))
+					continue;
+
+				if ( BER_BVISNULL( &mi->mi_base ))
+					base = ni->ni_db->be_nsuffix[0];
+				else
+					base = mi->mi_base;
+				ldap_pvt_scope2bv(mi->mi_scope == LDAP_SCOPE_DEFAULT ?
+					LDAP_SCOPE_SUBTREE : mi->mi_scope, &scope);
+				ssd.bv_len = STRLENOF(" ldap:///???") + nss_svcs[i].word.bv_len +
+					base.bv_len + scope.bv_len + mi->mi_filter.bv_len;
+				ssd.bv_val = ch_malloc( ssd.bv_len + 1 );
+				sprintf(ssd.bv_val, "%s ldap:///%s??%s?%s", nss_svcs[i].word.bv_val,
+					base.bv_val, scope.bv_val, mi->mi_filter.bv_val );
+				ber_bvarray_add( &c->rvalue_vals, &ssd );
+				rc = 0;
+			}
+			break;
+		case NSS_MAP:
+			rc = 1;
+			for (i=NM_alias;i<NM_NONE;i++) {
+
+				mi = &ni->ni_maps[i];
+				for (j=0;!BER_BVISNULL(&mi->mi_attrkeys[j]);j++) {
+					if ( ber_bvstrcasecmp(&mi->mi_attrkeys[j],
+						&mi->mi_attrs[j].an_name)) {
+						struct berval map;
+
+						map.bv_len = nss_svcs[i].word.bv_len +
+							mi->mi_attrkeys[j].bv_len +
+							mi->mi_attrs[j].an_desc->ad_cname.bv_len + 2;
+						map.bv_val = ch_malloc(map.bv_len + 1);
+						sprintf(map.bv_val, "%s %s %s", nss_svcs[i].word.bv_val,
+							mi->mi_attrkeys[j].bv_val, mi->mi_attrs[j].an_desc->ad_cname.bv_val );
+						ber_bvarray_add( &c->rvalue_vals, &map );
+						rc = 0;
+					}
+				}
+			}
+			break;
+		case NSS_PAM:
+			rc = mask_to_verbs( pam_opts, ni->ni_pam_opts, &c->rvalue_vals );
+			break;
+		case NSS_PAMGROUP:
+			if (!BER_BVISEMPTY( &ni->ni_pam_group_dn )) {
+				value_add_one( &c->rvalue_vals, &ni->ni_pam_group_dn );
+				value_add_one( &c->rvalue_nvals, &ni->ni_pam_group_dn );
+			} else {
+				rc = 1;
+			}
+			break;
+		case NSS_PAMSESS:
+			if (ni->ni_pam_sessions) {
+				ber_bvarray_dup_x( &c->rvalue_vals, ni->ni_pam_sessions, NULL );
+			} else {
+				rc = 1;
+			}
+			break;
+		}
+		return rc;
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		/* FIXME */
+		return 1;
+	}
+	switch( c->type ) {
+	case NSS_SSD: {
+		LDAPURLDesc *lud;
+
+		i = verb_to_mask(c->argv[1], nss_svcs);
+		if ( i == NM_NONE )
+			return 1;
+
+		mi = &ni->ni_maps[i];
+		rc = ldap_url_parse(c->argv[2], &lud);
+		if ( rc )
+			return 1;
+		do {
+			struct berval base;
+			/* Must be LDAP scheme */
+			if (strcasecmp(lud->lud_scheme,"ldap")) {
+				rc = 1;
+				break;
+			}
+			/* Host part, attrs, and extensions must be empty */
+			if (( lud->lud_host && *lud->lud_host ) ||
+				lud->lud_attrs || lud->lud_exts ) {
+				rc = 1;
+				break;
+			}
+			ber_str2bv( lud->lud_dn,0,0,&base);
+			rc = dnNormalize( 0,NULL,NULL,&base,&mi->mi_base,NULL);
+			if ( rc )
+				break;
+			if ( lud->lud_filter ) {
+				/* steal this */
+				ber_str2bv( lud->lud_filter,0,0,&mi->mi_filter);
+				lud->lud_filter = NULL;
+			}
+			mi->mi_scope = lud->lud_scope;
+		} while(0);
+		ldap_free_urldesc( lud );
+		}
+		break;
+	case NSS_MAP:
+		i = verb_to_mask(c->argv[1], nss_svcs);
+		if ( i == NM_NONE )
+			return 1;
+		rc = 1;
+		mi = &ni->ni_maps[i];
+		for (j=0; !BER_BVISNULL(&mi->mi_attrkeys[j]); j++) {
+			if (!strcasecmp(c->argv[2],mi->mi_attrkeys[j].bv_val)) {
+				AttributeDescription *ad = NULL;
+				const char *text;
+				rc = slap_str2ad( c->argv[3], &ad, &text);
+				if ( rc == 0 ) {
+					mi->mi_attrs[j].an_desc = ad;
+					mi->mi_attrs[j].an_name = ad->ad_cname;
+				}
+				break;
+			}
+		}
+		break;
+	case NSS_PAM:
+		m = ni->ni_pam_opts;
+		i = verbs_to_mask(c->argc, c->argv, pam_opts, &m);
+		if (i == 0) {
+			ni->ni_pam_opts = m;
+			if ((m & NI_PAM_USERHOST) && !nssov_pam_host_ad) {
+				const char *text;
+				i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+				if (i != LDAP_SUCCESS) {
+					snprintf(c->cr_msg, sizeof(c->cr_msg),
+						"nssov: host attr unknown: %s", text);
+					Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg );
+					rc = 1;
+					break;
+				}
+			}
+			if ((m & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) && !nssov_pam_svc_ad) {
+				const char *text;
+				i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+				if (i != LDAP_SUCCESS) {
+					snprintf(c->cr_msg, sizeof(c->cr_msg),
+						"nssov: authorizedService attr unknown: %s", text);
+					Debug(LDAP_DEBUG_ANY,"%s\n",c->cr_msg );
+					rc = 1;
+					break;
+				}
+			}
+		} else {
+			rc = 1;
+		}
+		break;
+	case NSS_PAMGROUP:
+		ni->ni_pam_group_dn = c->value_ndn;
+		ch_free( c->value_dn.bv_val );
+		break;
+	case NSS_PAMSESS:
+		ber_str2bv( c->argv[1], 0, 1, &c->value_bv );
+		ber_bvarray_add( &ni->ni_pam_sessions, &c->value_bv );
+		break;
+	}
+	return rc;
+}
+
+static int
+nssov_db_init(
+	BackendDB *be,
+	ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	nssov_info *ni;
+	int rc;
+
+	rc = nssov_pam_init();
+	if (rc) return rc;
+
+	ni = ch_calloc( 1, sizeof(nssov_info) );
+	on->on_bi.bi_private = ni;
+
+	/* set up map keys */
+	nssov_alias_init(ni);
+	nssov_ether_init(ni);
+	nssov_group_init(ni);
+	nssov_host_init(ni);
+	nssov_netgroup_init(ni);
+	nssov_network_init(ni);
+	nssov_passwd_init(ni);
+	nssov_protocol_init(ni);
+	nssov_rpc_init(ni);
+	nssov_service_init(ni);
+	nssov_shadow_init(ni);
+
+	ni->ni_db = be->bd_self;
+	ni->ni_pam_opts = NI_PAM_UID2DN;
+
+	return 0;
+}
+
+static int
+nssov_db_destroy(
+	BackendDB *be,
+	ConfigReply *cr )
+{
+	return 0;
+}
+
+static int
+nssov_db_open(
+	BackendDB *be,
+	ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	nssov_info *ni = on->on_bi.bi_private;
+	nssov_mapinfo *mi;
+
+	int i, sock;
+	struct sockaddr_un addr;
+
+	/* Set default bases */
+	for (i=0; i<NM_NONE; i++) {
+		if ( BER_BVISNULL( &ni->ni_maps[i].mi_base )) {
+			ber_dupbv( &ni->ni_maps[i].mi_base, &be->be_nsuffix[0] );
+		}
+		if ( ni->ni_maps[i].mi_scope == LDAP_SCOPE_DEFAULT )
+			ni->ni_maps[i].mi_scope = LDAP_SCOPE_SUBTREE;
+	}
+	/* validate attribute maps */
+	mi = ni->ni_maps;
+	for ( i=0; i<NM_NONE; i++,mi++) {
+		const char *text;
+		int j;
+		for (j=0; !BER_BVISNULL(&mi->mi_attrkeys[j]); j++) {
+			/* skip attrs we already validated */
+			if ( mi->mi_attrs[j].an_desc ) continue;
+			if ( slap_bv2ad( &mi->mi_attrs[j].an_name,
+				&mi->mi_attrs[j].an_desc, &text )) {
+				Debug(LDAP_DEBUG_ANY,"nssov: invalid attr \"%s\": %s\n",
+					mi->mi_attrs[j].an_name.bv_val, text );
+				return -1;
+			}
+		}
+		BER_BVZERO(&mi->mi_attrs[j].an_name);
+		mi->mi_attrs[j].an_desc = NULL;
+	}
+
+	/* Find host and authorizedService definitions */
+	if ((ni->ni_pam_opts & NI_PAM_USERHOST) && !nssov_pam_host_ad)
+	{
+		const char *text;
+		i = slap_str2ad("host", &nssov_pam_host_ad, &text);
+		if (i != LDAP_SUCCESS) {
+			Debug(LDAP_DEBUG_ANY,"nssov: host attr unknown: %s\n",
+				text );
+			return -1;
+		}
+	}
+	if ((ni->ni_pam_opts & (NI_PAM_USERSVC|NI_PAM_HOSTSVC)) &&
+		!nssov_pam_svc_ad)
+	{
+		const char *text;
+		i = slap_str2ad("authorizedService", &nssov_pam_svc_ad, &text);
+		if (i != LDAP_SUCCESS) {
+			Debug(LDAP_DEBUG_ANY,"nssov: authorizedService attr unknown: %s\n",
+				text );
+			return -1;
+		}
+	}
+	if ( slapMode & SLAP_SERVER_MODE ) {
+		char ebuf[128];
+		/* make sure /var/run/nslcd exists */
+		if (mkdir(NSLCD_PATH, (mode_t) 0555)) {
+			int saved_errno = errno;
+			Debug(LDAP_DEBUG_TRACE,"nssov: mkdir(%s) failed (ignored): %s\n",
+					NSLCD_PATH, AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+		} else {
+			Debug(LDAP_DEBUG_TRACE,"nssov: created %s\n",NSLCD_PATH );
+		}
+
+		/* create a socket */
+		if ( (sock=socket(PF_UNIX,SOCK_STREAM,0))<0 )
+		{
+			int saved_errno = errno;
+			Debug(LDAP_DEBUG_ANY,"nssov: cannot create socket: %s\n",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			return -1;
+		}
+		/* remove existing named socket */
+		if (unlink(NSLCD_SOCKET)<0)
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_TRACE,"nssov: unlink() of "NSLCD_SOCKET" failed (ignored): %s\n",
+							AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+		}
+		/* create socket address structure */
+		memset(&addr,0,sizeof(struct sockaddr_un));
+		addr.sun_family=AF_UNIX;
+		strncpy(addr.sun_path,NSLCD_SOCKET,sizeof(addr.sun_path));
+		addr.sun_path[sizeof(addr.sun_path)-1]='\0';
+		/* bind to the named socket */
+		if (bind(sock,(struct sockaddr *)&addr,sizeof(struct sockaddr_un)))
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: bind() to "NSLCD_SOCKET" failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(sock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return -1;
+		}
+		/* close the file descriptor on exit */
+		if (fcntl(sock,F_SETFD,FD_CLOEXEC)<0)
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: fcntl(F_SETFL,O_NONBLOCK) failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(sock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return -1;
+		}
+		/* set permissions of socket so anybody can do requests */
+		/* Note: we use chmod() here instead of fchmod() because
+			 fchmod does not work on sockets
+			 http://www.opengroup.org/onlinepubs/009695399/functions/fchmod.html
+			 http://lkml.org/lkml/2005/5/16/11 */
+		if (chmod(NSLCD_SOCKET,(mode_t)0666))
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: chmod(0666) failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(sock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return -1;
+		}
+		/* start listening for connections */
+		if (listen(sock,SOMAXCONN)<0)
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_ANY,"nssov: listen() failed: %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			if (close(sock)) {
+				saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"nssov: problem closing socket: %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			return -1;
+		}
+		ni->ni_socket = sock;
+		ni->ni_conn = connection_client_setup( sock, acceptconn, ni );
+	}
+
+	return 0;
+}
+
+static int
+nssov_db_close(
+	BackendDB *be,
+	ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	nssov_info *ni = on->on_bi.bi_private;
+
+	if ( slapMode & SLAP_SERVER_MODE ) {
+		char ebuf[128];
+		/* close socket if it's still in use */
+		if (ni->ni_socket >= 0)
+		{
+			if (close(ni->ni_socket)) {
+				int saved_errno = errno;
+				Debug( LDAP_DEBUG_ANY,"problem closing server socket (ignored): %s",
+					AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+			}
+			ni->ni_socket = -1;
+		}
+		/* remove existing named socket */
+		if (unlink(NSLCD_SOCKET)<0)
+		{
+			int saved_errno = errno;
+			Debug( LDAP_DEBUG_TRACE,"unlink() of "NSLCD_SOCKET" failed (ignored): %s",
+				AC_STRERROR_R(saved_errno, ebuf, sizeof(ebuf)) );
+		}
+	}
+	return 0;
+}
+
+static slap_overinst nssov;
+
+int
+nssov_initialize( void )
+{
+	int rc;
+
+	nssov.on_bi.bi_type = "nssov";
+	nssov.on_bi.bi_db_init = nssov_db_init;
+	nssov.on_bi.bi_db_destroy = nssov_db_destroy;
+	nssov.on_bi.bi_db_open = nssov_db_open;
+	nssov.on_bi.bi_db_close = nssov_db_close;
+
+	nssov.on_bi.bi_cf_ocs = nssocs;
+
+	rc = config_register_schema( nsscfg, nssocs );
+	if ( rc ) return rc;
+
+	return overlay_register(&nssov);
+}
+
+#if SLAPD_OVER_NSSOV == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return nssov_initialize();
+}
+#endif
diff --git a/contrib/slapd-modules/nssov/nssov.h b/contrib/slapd-modules/nssov/nssov.h
new file mode 100644
index 0000000..ce1ecd7
--- /dev/null
+++ b/contrib/slapd-modules/nssov/nssov.h
@@ -0,0 +1,348 @@
+/* nssov.h - NSS overlay header file */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Howard Chu.
+ * Portions Copyright 2013 Ted C. Cheng, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#ifndef NSSOV_H
+#define NSSOV_H
+
+#ifndef NSLCD_PATH
+#define	NSLCD_PATH	"/var/run/nslcd"
+#endif
+
+#ifndef NSLCD_SOCKET
+#define NSLCD_SOCKET	NSLCD_PATH "/socket"
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "nslcd.h"
+#include "nslcd-prot.h"
+#include "tio.h"
+#include "attrs.h"
+
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include "portable.h"
+#include "slap.h"
+#include <ac/string.h>
+
+/* selectors for different maps */
+enum nssov_map_selector
+{
+  NM_alias,
+  NM_ether,
+  NM_group,
+  NM_host,
+  NM_netgroup,
+  NM_network,
+  NM_passwd,
+  NM_protocol,
+  NM_rpc,
+  NM_service,
+  NM_shadow,
+  NM_NONE
+};
+
+typedef struct nssov_mapinfo {
+	struct berval mi_base;
+	int mi_scope;
+	struct berval mi_filter0;
+	struct berval mi_filter;
+	struct berval *mi_attrkeys;
+	AttributeName *mi_attrs;
+} nssov_mapinfo;
+
+typedef struct nssov_info
+{
+	/* search timelimit */
+	int ni_timelimit;
+	struct nssov_mapinfo ni_maps[NM_NONE];
+	int ni_socket;
+	Connection *ni_conn;
+	BackendDB *ni_db;
+
+	/* PAM authz support... */
+	slap_mask_t ni_pam_opts;
+	struct berval ni_pam_group_dn;
+	AttributeDescription *ni_pam_group_ad;
+	int ni_pam_min_uid;
+	int ni_pam_max_uid;
+	AttributeDescription *ni_pam_template_ad;
+	struct berval ni_pam_template;
+	struct berval ni_pam_defhost;
+	struct berval *ni_pam_sessions;
+	struct berval ni_pam_password_prohibit_message;
+	struct berval ni_pam_pwdmgr_dn;
+	struct berval ni_pam_pwdmgr_pwd;
+} nssov_info;
+
+#define NI_PAM_USERHOST		1	/* old style host checking */
+#define NI_PAM_USERSVC		2	/* old style service checking */
+#define NI_PAM_USERGRP		4	/* old style group checking */
+#define NI_PAM_HOSTSVC		8	/* new style authz checking */
+#define NI_PAM_SASL2DN		0x10	/* use sasl2dn */
+#define NI_PAM_UID2DN		0x20	/* use uid2dn */
+
+#define	NI_PAM_OLD	(NI_PAM_USERHOST|NI_PAM_USERSVC|NI_PAM_USERGRP)
+#define	NI_PAM_NEW	NI_PAM_HOSTSVC
+
+extern AttributeDescription *nssov_pam_host_ad;
+extern AttributeDescription *nssov_pam_svc_ad;
+
+/* Read the default configuration file. */
+void nssov_cfg_init(nssov_info *ni,const char *fname);
+
+/* macros for basic read and write operations, the following
+   ERROR_OUT* marcos define the action taken on errors
+   the stream is not closed because the caller closes the
+   stream */
+
+#define ERROR_OUT_WRITEERROR(fp) \
+  Debug(LDAP_DEBUG_ANY,"nssov: error writing to client\n"); \
+  return -1;
+
+#define ERROR_OUT_READERROR(fp) \
+  Debug(LDAP_DEBUG_ANY,"nssov: error reading from client\n"); \
+  return -1;
+
+#define ERROR_OUT_BUFERROR(fp) \
+  Debug(LDAP_DEBUG_ANY,"nssov: client supplied argument too large\n"); \
+  return -1;
+
+#define WRITE_BERVAL(fp, bv)                                                   \
+  DEBUG_PRINT("WRITE_BERVAL: var="__STRING(bv)" bv_val=\"%s\"", (bv)->bv_val); \
+  if ((bv) == NULL)                                                            \
+  {                                                                            \
+    WRITE_INT32(fp, 0);                                                        \
+  }                                                                            \
+  else                                                                         \
+  {                                                                            \
+    WRITE_INT32(fp, (bv)->bv_len);                                             \
+    tmpint32 = ntohl(tmpint32);                                                \
+    if (tmpint32 > 0)                                                          \
+    {                                                                          \
+      WRITE(fp, (bv)->bv_val, tmpint32);                                       \
+    }                                                                          \
+  }                                                                            \
+
+#define WRITE_BVARRAY(fp, arr)                                                 \
+  if ((arr) == NULL)                                                           \
+  {                                                                            \
+    DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d", 0);               \
+    WRITE_INT32(fp, 0);                                                        \
+  }                                                                            \
+  else                                                                         \
+  {                                                                            \
+    /* first determine length of array */                                      \
+    for (tmp3int32 = 0; (arr)[tmp3int32].bv_val != NULL; tmp3int32++)          \
+      /* nothing */ ;                                                          \
+    /* write number of strings */                                              \
+    DEBUG_PRINT("WRITE_BVARRAY: var="__STRING(arr)" num=%d", (int)tmp3int32);  \
+    WRITE_INT32(fp, tmp3int32);                                                \
+    /* write strings */                                                        \
+    for (tmp2int32 = 0; tmp2int32 < tmp3int32; tmp2int32++)                    \
+    {                                                                          \
+      WRITE_BERVAL(fp, &(arr)[tmp2int32]);                                     \
+    }                                                                          \
+  }                                                                            \
+
+/* Find the given attribute's value in the RDN of the DN. */
+void nssov_find_rdnval(struct berval *dn,AttributeDescription *ad,struct berval *value);
+
+/* This tries to get the user password attribute from the entry.
+   It will try to return an encrypted password as it is used in /etc/passwd,
+   /etc/group or /etc/shadow depending upon what is in the directory.
+   This function will return NULL if no passwd is found and will return the
+   literal value in the directory if conversion is not possible. */
+void get_userpassword(struct berval *attr, struct berval *pw);
+
+/* write out an address, parsing the addr value */
+int write_address(TFILE *fp,struct berval *addr);
+
+/* a helper macro to write out addresses and bail out on errors */
+#define WRITE_ADDRESS(fp,addr) \
+  if (write_address(fp,addr)) \
+    return -1;
+
+/* read an address from the stream */
+int read_address(TFILE *fp,char *addr,int *addrlen,int *af);
+
+/* helper macro to read an address from the stream */
+#define READ_ADDRESS(fp,addr,len,af) \
+  len=(int)sizeof(addr); \
+  if (read_address(fp,addr,&(len),&(af))) \
+    return -1;
+
+/* checks to see if the specified string is a valid username */
+int isvalidusername(struct berval *name);
+
+/* transforms the DN into a uid doing an LDAP lookup if needed */
+int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid);
+
+/* transforms the uid into a DN by doing an LDAP lookup */
+int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn);
+int nssov_name2dn_cb(Operation *op, SlapReply *rs);
+
+/* Escapes characters in a string for use in a search filter. */
+int nssov_escape(struct berval *src,struct berval *dst);
+
+int nssov_filter_byname(nssov_mapinfo *mi,int key,struct berval *name,struct berval *buf);
+int nssov_filter_byid(nssov_mapinfo *mi,int key,struct berval *id,struct berval *buf);
+
+void nssov_alias_init(nssov_info *ni);
+void nssov_ether_init(nssov_info *ni);
+void nssov_group_init(nssov_info *ni);
+void nssov_host_init(nssov_info *ni);
+void nssov_netgroup_init(nssov_info *ni);
+void nssov_network_init(nssov_info *ni);
+void nssov_passwd_init(nssov_info *ni);
+void nssov_protocol_init(nssov_info *ni);
+void nssov_rpc_init(nssov_info *ni);
+void nssov_service_init(nssov_info *ni);
+void nssov_shadow_init(nssov_info *ni);
+
+int nssov_pam_init(void);
+
+/* these are the different functions that handle the database
+   specific actions, see nslcd.h for the action descriptions */
+int nssov_alias_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_alias_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_ether_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_ether_byether(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_ether_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_group_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_group_bygid(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_group_bymember(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_group_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_host_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_host_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_host_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_netgroup_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_network_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_network_byaddr(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_network_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_passwd_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_passwd_byuid(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_passwd_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_protocol_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_protocol_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_protocol_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_rpc_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_rpc_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_rpc_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_service_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_service_bynumber(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_service_all(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_shadow_byname(nssov_info *ni,TFILE *fp,Operation *op);
+int nssov_shadow_all(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid);
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op);
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid);
+
+/* config initialization */
+#define NSSOV_INIT(db) \
+ void nssov_##db##_init(nssov_info *ni) \
+ { \
+	nssov_mapinfo *mi = &ni->ni_maps[NM_##db]; \
+	int i; \
+	for (i=0;!BER_BVISNULL(&db##_keys[i]);i++); \
+	i++; \
+	mi->mi_attrs = ch_malloc( i*sizeof(AttributeName)); \
+	for (i=0;!BER_BVISNULL(&db##_keys[i]);i++) { \
+		mi->mi_attrs[i].an_name = db##_keys[i]; \
+		mi->mi_attrs[i].an_desc = NULL; \
+	} \
+	mi->mi_scope = LDAP_SCOPE_DEFAULT; \
+	mi->mi_filter0 = db##_filter; \
+	ber_dupbv( &mi->mi_filter, &mi->mi_filter0 ); \
+	mi->mi_filter = db##_filter; \
+	mi->mi_attrkeys = db##_keys; \
+	BER_BVZERO(&mi->mi_base); \
+ }
+
+/* param structure for search callback */
+#define NSSOV_CBPRIV(db,parms) \
+  typedef struct nssov_##db##_cbp { \
+  	nssov_mapinfo *mi; \
+	TFILE *fp; \
+	Operation *op; \
+	parms \
+  } nssov_##db##_cbp
+
+/* callback for writing search results */
+#define NSSOV_CB(db) \
+  static int nssov_##db##_cb(Operation *op, SlapReply *rs) \
+  { \
+    if ( rs->sr_type == REP_SEARCH ) { \
+    nssov_##db##_cbp *cbp = op->o_callback->sc_private; \
+  	if (write_##db(cbp,rs->sr_entry)) return LDAP_OTHER; \
+  } \
+  return LDAP_SUCCESS; \
+  } \
+
+/* macro for generating service handling code */
+#define NSSOV_HANDLE(db,fn,readfn,logcall,action,mkfilter) \
+  int nssov_##db##_##fn(nssov_info *ni,TFILE *fp,Operation *op) \
+  { \
+    /* define common variables */ \
+    int32_t tmpint32; \
+	nssov_##db##_cbp cbp; \
+	slap_callback cb = {0}; \
+	SlapReply rs = {REP_RESULT}; \
+	cbp.mi = &ni->ni_maps[NM_##db]; \
+	cbp.fp = fp; \
+	cbp.op = op; \
+    /* read request parameters */ \
+    readfn; \
+    /* log call */ \
+    logcall; \
+    /* write the response header */ \
+    WRITE_INT32(fp,NSLCD_VERSION); \
+    WRITE_INT32(fp,action); \
+    /* prepare the search filter */ \
+    if (mkfilter) \
+    { \
+      Debug(LDAP_DEBUG_ANY,"nssov_" __STRING(db) "_" __STRING(fn) "(): filter buffer too small"); \
+      return -1; \
+    } \
+	cb.sc_private = &cbp; \
+	op->o_callback = &cb; \
+	cb.sc_response = nssov_##db##_cb; \
+	slap_op_time( &op->o_time, &op->o_tincr ); \
+	op->o_req_dn = cbp.mi->mi_base; \
+	op->o_req_ndn = cbp.mi->mi_base; \
+	op->ors_scope = cbp.mi->mi_scope; \
+	op->ors_filterstr = filter; \
+	op->ors_filter = str2filter_x( op, filter.bv_val ); \
+	op->ors_attrs = cbp.mi->mi_attrs; \
+	op->ors_tlimit = SLAP_NO_LIMIT; \
+	op->ors_slimit = SLAP_NO_LIMIT; \
+    /* do the internal search */ \
+	op->o_bd->be_search( op, &rs ); \
+	filter_free_x( op, op->ors_filter, 1 ); \
+	WRITE_INT32(fp,NSLCD_RESULT_END); \
+    return 0; \
+  }
+
+#endif /* NSSOV_H */
diff --git a/contrib/slapd-modules/nssov/pam.c b/contrib/slapd-modules/nssov/pam.c
new file mode 100644
index 0000000..1d416c7
--- /dev/null
+++ b/contrib/slapd-modules/nssov/pam.c
@@ -0,0 +1,862 @@
+/* pam.c - pam processing routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * Portions Copyright 2013 by Ted C. Cheng, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "nssov.h"
+#include "lutil.h"
+
+#undef ldap_debug	/* silence a warning in ldap-int.h */
+#include "../../../libraries/libldap/ldap-int.h"	/* for ldap_ld_free */
+
+static int ppolicy_cid;
+static AttributeDescription *ad_loginStatus;
+
+struct paminfo {
+	struct berval uid;
+	struct berval dn;
+	struct berval svc;
+	struct berval ruser;
+	struct berval rhost;
+	struct berval tty;
+	struct berval pwd;
+	int authz;
+	struct berval msg;
+	int ispwdmgr;
+};
+
+static int pam_bindcb(
+	Operation *op, SlapReply *rs)
+{
+	struct paminfo *pi = op->o_callback->sc_private;
+	LDAPControl *ctrl = ldap_control_find(LDAP_CONTROL_PASSWORDPOLICYRESPONSE,
+		rs->sr_ctrls, NULL);
+	if (ctrl) {
+		LDAP *ld;
+		ber_int_t expire, grace;
+		LDAPPasswordPolicyError error;
+
+		ldap_create(&ld);
+		if (ld) {
+			int rc = ldap_parse_passwordpolicy_control(ld,ctrl,
+				&expire,&grace,&error);
+			if (rc == LDAP_SUCCESS) {
+				if (expire >= 0) {
+					char *unit = "seconds";
+					if (expire > 60) {
+						expire /= 60;
+						unit = "minutes";
+					}
+					if (expire > 60) {
+						expire /= 60;
+						unit = "hours";
+					}
+					if (expire > 24) {
+						expire /= 24;
+						unit = "days";
+					}
+#if 0	/* Who warns about expiration so far in advance? */
+					if (expire > 7) {
+						expire /= 7;
+						unit = "weeks";
+					}
+					if (expire > 4) {
+						expire /= 4;
+						unit = "months";
+					}
+					if (expire > 12) {
+						expire /= 12;
+						unit = "years";
+					}
+#endif
+					pi->msg.bv_len = sprintf(pi->msg.bv_val,
+						"\nWARNING: Password expires in %d %s\n", expire, unit);
+				} else if (grace > 0) {
+					pi->msg.bv_len = sprintf(pi->msg.bv_val,
+						"Password expired; %d grace logins remaining",
+						grace);
+					pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+				} else if (error != PP_noError) {
+					ber_str2bv(ldap_passwordpolicy_err2txt(error), 0, 0,
+						&pi->msg);
+					switch (error) {
+					case PP_passwordExpired:
+						/* report this during authz */
+						rs->sr_err = LDAP_SUCCESS;
+						/* fallthru */
+					case PP_changeAfterReset:
+						pi->authz = NSLCD_PAM_NEW_AUTHTOK_REQD;
+					}
+				}
+			}
+			ldap_ld_free(ld,0,NULL,NULL);
+		}
+	}
+	return LDAP_SUCCESS;
+}
+
+static int pam_uid2dn(nssov_info *ni, Operation *op,
+	struct paminfo *pi)
+{
+	struct berval sdn;
+
+	BER_BVZERO(&pi->dn);
+
+	if (!isvalidusername(&pi->uid)) {
+		Debug(LDAP_DEBUG_ANY,"nssov_pam_uid2dn(%s): invalid user name\n",
+			pi->uid.bv_val ? pi->uid.bv_val : "NULL" );
+		return NSLCD_PAM_USER_UNKNOWN;
+	}
+
+	if (ni->ni_pam_opts & NI_PAM_SASL2DN) {
+		int hlen = global_host_bv.bv_len;
+
+		/* cn=<service>+uid=<user>,cn=<host>,cn=pam,cn=auth */
+		sdn.bv_len = pi->uid.bv_len + pi->svc.bv_len + hlen +
+			STRLENOF( "cn=+uid=,cn=,cn=pam,cn=auth" );
+		sdn.bv_val = op->o_tmpalloc( sdn.bv_len + 1, op->o_tmpmemctx );
+		sprintf(sdn.bv_val, "cn=%s+uid=%s,cn=%s,cn=pam,cn=auth",
+			pi->svc.bv_val, pi->uid.bv_val, global_host_bv.bv_val);
+		slap_sasl2dn(op, &sdn, &pi->dn, 0);
+		op->o_tmpfree( sdn.bv_val, op->o_tmpmemctx );
+	}
+
+	/* If no luck, do a basic uid search */
+	if (BER_BVISEMPTY(&pi->dn) && (ni->ni_pam_opts & NI_PAM_UID2DN)) {
+		nssov_uid2dn(op, ni, &pi->uid, &pi->dn);
+		if (!BER_BVISEMPTY(&pi->dn)) {
+			sdn = pi->dn;
+			dnNormalize( 0, NULL, NULL, &sdn, &pi->dn, op->o_tmpmemctx );
+		}
+	}
+	if (BER_BVISEMPTY(&pi->dn)) {
+		return NSLCD_PAM_USER_UNKNOWN;
+	}
+	return 0;
+}
+
+int pam_do_bind(nssov_info *ni,TFILE *fp,Operation *op,
+	struct paminfo *pi)
+{
+	int rc;
+	slap_callback cb = {0};
+	SlapReply rs = {REP_RESULT};
+
+	pi->msg.bv_val = pi->pwd.bv_val;
+	pi->msg.bv_len = 0;
+	pi->authz = NSLCD_PAM_SUCCESS;
+
+	if (!pi->ispwdmgr) {
+
+		rc = pam_uid2dn(ni, op, pi);
+		if (rc) goto finish;
+
+		if (BER_BVISEMPTY(&pi->pwd)) {
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto finish;
+		}
+
+		/* Should only need to do this once at open time, but there's always
+		 * the possibility that ppolicy will get loaded later.
+		 */
+		if (!ppolicy_cid) {
+			rc = slap_find_control_id(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+				&ppolicy_cid);
+		}
+		/* of course, 0 is a valid cid, but it won't be ppolicy... */
+		if (ppolicy_cid) {
+			op->o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_NONCRITICAL;
+		}
+	}
+
+	cb.sc_response = pam_bindcb;
+	cb.sc_private = pi;
+	op->o_callback = &cb;
+	op->o_dn.bv_val[0] = 0;
+	op->o_dn.bv_len = 0;
+	op->o_ndn.bv_val[0] = 0;
+	op->o_ndn.bv_len = 0;
+	op->o_tag = LDAP_REQ_BIND;
+	op->o_protocol = LDAP_VERSION3;
+	op->orb_method = LDAP_AUTH_SIMPLE;
+	op->orb_cred = pi->pwd;
+	op->o_req_dn = pi->dn;
+	op->o_req_ndn = pi->dn;
+	slap_op_time( &op->o_time, &op->o_tincr );
+	rc = op->o_bd->be_bind( op, &rs );
+	memset(pi->pwd.bv_val,0,pi->pwd.bv_len);
+	/* quirk: on successful bind, caller has to send result. we need
+	 * to make sure callbacks run.
+	 */
+	if (rc == LDAP_SUCCESS)
+		send_ldap_result(op, &rs);
+	switch(rs.sr_err) {
+	case LDAP_SUCCESS: rc = NSLCD_PAM_SUCCESS; break;
+	case LDAP_INVALID_CREDENTIALS: rc = NSLCD_PAM_AUTH_ERR; break;
+	default: rc = NSLCD_PAM_AUTH_ERR; break;
+	}
+finish:
+	Debug(LDAP_DEBUG_ANY,"pam_do_bind (%s): rc (%d)\n",
+		pi->dn.bv_val ? pi->dn.bv_val : "NULL", rc );
+	return rc;
+}
+
+int pam_authc(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid)
+{
+	int32_t tmpint32;
+	int rc;
+	char uidc[32];
+	char svcc[256];
+	char ruserc[32];
+	char rhostc[256];
+	char ttyc[256];
+	char pwdc[256];
+	struct paminfo pi;
+
+
+	READ_STRING(fp,uidc);
+	pi.uid.bv_val = uidc;
+	pi.uid.bv_len = tmpint32;
+	READ_STRING(fp,svcc);
+	pi.svc.bv_val = svcc;
+	pi.svc.bv_len = tmpint32;
+	READ_STRING(fp,ruserc);
+	pi.ruser.bv_val = ruserc;
+	pi.ruser.bv_len = tmpint32;
+	READ_STRING(fp,rhostc);
+	pi.rhost.bv_val = rhostc;
+	pi.rhost.bv_len = tmpint32;
+	READ_STRING(fp,ttyc);
+	pi.tty.bv_val = ttyc;
+	pi.tty.bv_len = tmpint32;
+	READ_STRING(fp,pwdc);
+	pi.pwd.bv_val = pwdc;
+	pi.pwd.bv_len = tmpint32;
+
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(%s)\n",
+			pi.uid.bv_val ? pi.uid.bv_val : "NULL" );
+
+	BER_BVZERO(&pi.msg);
+	pi.ispwdmgr = 0;
+
+	/* if service is "passwd" and "nssov-pam-password-prohibit-message */
+	/* is set, deny the auth request */
+	if (!strcmp(svcc, "passwd") &&
+		!BER_BVISEMPTY(&ni->ni_pam_password_prohibit_message)) {
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(): %s (%s)\n",
+			"password_prohibit_message for passwd",
+			ni->ni_pam_password_prohibit_message.bv_val );
+		ber_str2bv(ni->ni_pam_password_prohibit_message.bv_val, 0, 0, &pi.msg);
+		pi.authz = NSLCD_PAM_PERM_DENIED;
+		rc = NSLCD_PAM_PERM_DENIED;
+		goto finish;
+	}
+
+	/* if username is null, pwdmgr password preliminary check */
+	if (BER_BVISEMPTY(&pi.uid)) {
+		if (BER_BVISEMPTY(&ni->ni_pam_pwdmgr_dn)) {
+			/* pwdmgr dn not configured */
+			Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(prelim check): %s\n",
+				"pwdmgr dn not configured" );
+			ber_str2bv("pwdmgr dn not configured", 0, 0, &pi.msg);
+			pi.authz = NSLCD_PAM_PERM_DENIED;
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto finish;
+		} else if (calleruid != 0) {
+			Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(prelim check): %s\n",
+				"caller is not root" );
+			ber_str2bv("only root may do that", 0, 0, &pi.msg);
+			pi.authz = NSLCD_PAM_PERM_DENIED;
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto finish;
+		} else {
+			/* use pwdmgr dn */
+			ber_str2bv(ni->ni_pam_pwdmgr_dn.bv_val, 0, 0, &pi.dn);
+		}
+
+		/* use pwdmgr pwd if configured */
+		if (BER_BVISEMPTY(&pi.pwd)) {
+			if (BER_BVISEMPTY(&ni->ni_pam_pwdmgr_pwd)) {
+				Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(prelim check): %s\n",
+					"no pwdmgr pwd" );
+				ber_str2bv("pwdmgr pwd not configured", 0, 0, &pi.msg);
+				pi.authz = NSLCD_PAM_PERM_DENIED;
+				rc = NSLCD_PAM_PERM_DENIED;
+				goto finish;
+			}
+			/* use configured pwdmgr pwd */
+			memset((void *) pwdc, 0, 256);
+			strncpy(pi.pwd.bv_val, ni->ni_pam_pwdmgr_pwd.bv_val,
+					ni->ni_pam_pwdmgr_pwd.bv_len);
+			pi.pwd.bv_len = ni->ni_pam_pwdmgr_pwd.bv_len;
+		}
+		pi.ispwdmgr = 1;
+	}
+
+
+	rc = pam_do_bind(ni, fp, op, &pi);
+
+finish:
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_authc(%s): rc (%d)\n",
+		pi.dn.bv_val ? pi.dn.bv_val : "NULL",rc );
+	WRITE_INT32(fp,NSLCD_VERSION);
+	WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHC);
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+	WRITE_INT32(fp,rc);
+	WRITE_BERVAL(fp,&pi.uid);
+	WRITE_INT32(fp,pi.authz);	/* authz */
+	WRITE_BERVAL(fp,&pi.msg);	/* authzmsg */
+	WRITE_INT32(fp,NSLCD_RESULT_END);
+	return 0;
+}
+
+static struct berval grpmsg =
+	BER_BVC("Access denied by group check");
+static struct berval hostmsg =
+	BER_BVC("Access denied for this host");
+static struct berval svcmsg =
+	BER_BVC("Access denied for this service");
+static struct berval uidmsg =
+	BER_BVC("Access denied by UID check");
+
+static int pam_compare_cb(Operation *op, SlapReply *rs)
+{
+	if (rs->sr_err == LDAP_COMPARE_TRUE)
+		op->o_callback->sc_private = (void *)1;
+	return LDAP_SUCCESS;
+}
+
+int pam_authz(nssov_info *ni,TFILE *fp,Operation *op)
+{
+	struct berval authzmsg = BER_BVNULL;
+	int32_t tmpint32;
+	char uidc[32];
+	char svcc[256];
+	char ruserc[32];
+	char rhostc[256];
+	char ttyc[256];
+	int rc;
+	struct paminfo pi;
+	Entry *e = NULL;
+	Attribute *a;
+	slap_callback cb = {0};
+
+	READ_STRING(fp,uidc);
+	pi.uid.bv_val = uidc;
+	pi.uid.bv_len = tmpint32;
+	READ_STRING(fp,svcc);
+	pi.svc.bv_val = svcc;
+	pi.svc.bv_len = tmpint32;
+	READ_STRING(fp,ruserc);
+	pi.ruser.bv_val = ruserc;
+	pi.ruser.bv_len = tmpint32;
+	READ_STRING(fp,rhostc);
+	pi.rhost.bv_val = rhostc;
+	pi.rhost.bv_len = tmpint32;
+	READ_STRING(fp,ttyc);
+	pi.tty.bv_val = ttyc;
+	pi.tty.bv_len = tmpint32;
+
+	rc = pam_uid2dn(ni, op, &pi);
+	if (rc) goto finish;
+
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(%s)\n",
+			pi.dn.bv_val ? pi.dn.bv_val : "NULL" );
+
+	/* See if they have access to the host and service */
+	if ((ni->ni_pam_opts & NI_PAM_HOSTSVC) && nssov_pam_svc_ad) {
+		AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+		struct berval hostdn = BER_BVNULL;
+		struct berval odn = op->o_ndn;
+		SlapReply rs = {REP_RESULT};
+		op->o_dn = pi.dn;
+		op->o_ndn = pi.dn;
+		{
+			nssov_mapinfo *mi = &ni->ni_maps[NM_host];
+			char fbuf[1024];
+			struct berval filter = {sizeof(fbuf),fbuf};
+			SlapReply rs2 = {REP_RESULT};
+
+			/* Lookup the host entry */
+			nssov_filter_byname(mi,0,&global_host_bv,&filter);
+			cb.sc_private = &hostdn;
+			cb.sc_response = nssov_name2dn_cb;
+			op->o_callback = &cb;
+			op->o_req_dn = mi->mi_base;
+			op->o_req_ndn = mi->mi_base;
+			op->ors_scope = mi->mi_scope;
+			op->ors_filterstr = filter;
+			op->ors_filter = str2filter_x(op, filter.bv_val);
+			op->ors_attrs = slap_anlist_no_attrs;
+			op->ors_tlimit = SLAP_NO_LIMIT;
+			op->ors_slimit = 2;
+			rc = op->o_bd->be_search(op, &rs2);
+			filter_free_x(op, op->ors_filter, 1);
+
+			if (BER_BVISEMPTY(&hostdn) &&
+				!BER_BVISEMPTY(&ni->ni_pam_defhost)) {
+				filter.bv_len = sizeof(fbuf);
+				filter.bv_val = fbuf;
+				rs_reinit(&rs2, REP_RESULT);
+				nssov_filter_byname(mi,0,&ni->ni_pam_defhost,&filter);
+				op->ors_filterstr = filter;
+				op->ors_filter = str2filter_x(op, filter.bv_val);
+				rc = op->o_bd->be_search(op, &rs2);
+				filter_free_x(op, op->ors_filter, 1);
+			}
+
+			/* no host entry, no default host -> deny */
+			if (BER_BVISEMPTY(&hostdn)) {
+				rc = NSLCD_PAM_PERM_DENIED;
+				authzmsg = hostmsg;
+				goto finish;
+			}
+		}
+
+		cb.sc_response = pam_compare_cb;
+		cb.sc_private = NULL;
+		op->o_tag = LDAP_REQ_COMPARE;
+		op->o_req_dn = hostdn;
+		op->o_req_ndn = hostdn;
+		ava.aa_desc = nssov_pam_svc_ad;
+		ava.aa_value = pi.svc;
+		op->orc_ava = &ava;
+		rc = op->o_bd->be_compare( op, &rs );
+		if ( cb.sc_private == NULL ) {
+			authzmsg = svcmsg;
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto finish;
+		}
+		op->o_dn = odn;
+		op->o_ndn = odn;
+	}
+
+	/* See if they're a member of the group */
+	if ((ni->ni_pam_opts & NI_PAM_USERGRP) &&
+		!BER_BVISEMPTY(&ni->ni_pam_group_dn) &&
+		ni->ni_pam_group_ad) {
+		AttributeAssertion ava = ATTRIBUTEASSERTION_INIT;
+		SlapReply rs = {REP_RESULT};
+		op->o_callback = &cb;
+		cb.sc_response = pam_compare_cb;
+		cb.sc_private = NULL;
+		op->o_tag = LDAP_REQ_COMPARE;
+		op->o_req_dn = ni->ni_pam_group_dn;
+		op->o_req_ndn = ni->ni_pam_group_dn;
+		ava.aa_desc = ni->ni_pam_group_ad;
+		ava.aa_value = pi.dn;
+		op->orc_ava = &ava;
+		rc = op->o_bd->be_compare( op, &rs );
+		if ( cb.sc_private == NULL ) {
+			authzmsg = grpmsg;
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto finish;
+		}
+	}
+
+	/* We need to check the user's entry for these bits */
+	if ((ni->ni_pam_opts & (NI_PAM_USERHOST|NI_PAM_USERSVC)) ||
+		ni->ni_pam_template_ad ||
+		ni->ni_pam_min_uid || ni->ni_pam_max_uid ) {
+		rc = be_entry_get_rw( op, &pi.dn, NULL, NULL, 0, &e );
+		if (rc != LDAP_SUCCESS) {
+			rc = NSLCD_PAM_USER_UNKNOWN;
+			goto finish;
+		}
+	}
+	if ((ni->ni_pam_opts & NI_PAM_USERHOST) && nssov_pam_host_ad) {
+		a = attr_find(e->e_attrs, nssov_pam_host_ad);
+		if (!a || attr_valfind( a,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+			SLAP_MR_VALUE_OF_SYNTAX,
+			&global_host_bv, NULL, op->o_tmpmemctx )) {
+			rc = NSLCD_PAM_PERM_DENIED;
+			authzmsg = hostmsg;
+			goto finish;
+		}
+	}
+	if ((ni->ni_pam_opts & NI_PAM_USERSVC) && nssov_pam_svc_ad) {
+		a = attr_find(e->e_attrs, nssov_pam_svc_ad);
+		if (!a || attr_valfind( a,
+			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+			SLAP_MR_VALUE_OF_SYNTAX,
+			&pi.svc, NULL, op->o_tmpmemctx )) {
+			rc = NSLCD_PAM_PERM_DENIED;
+			authzmsg = svcmsg;
+			goto finish;
+		}
+	}
+
+/* from passwd.c */
+#define UIDN_KEY	2
+
+	if (ni->ni_pam_min_uid || ni->ni_pam_max_uid) {
+		int id;
+		char *tmp;
+		nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
+		a = attr_find(e->e_attrs, mi->mi_attrs[UIDN_KEY].an_desc);
+		if (!a) {
+			rc = NSLCD_PAM_PERM_DENIED;
+			authzmsg = uidmsg;
+			goto finish;
+		}
+		id = (int)strtol(a->a_vals[0].bv_val,&tmp,0);
+		if (a->a_vals[0].bv_val[0] == '\0' || *tmp != '\0') {
+			rc = NSLCD_PAM_PERM_DENIED;
+			authzmsg = uidmsg;
+			goto finish;
+		}
+		if ((ni->ni_pam_min_uid && id < ni->ni_pam_min_uid) ||
+			(ni->ni_pam_max_uid && id > ni->ni_pam_max_uid)) {
+			rc = NSLCD_PAM_PERM_DENIED;
+			authzmsg = uidmsg;
+			goto finish;
+		}
+	}
+
+	if (ni->ni_pam_template_ad) {
+		a = attr_find(e->e_attrs, ni->ni_pam_template_ad);
+		if (a)
+			pi.uid = a->a_vals[0];
+		else if (!BER_BVISEMPTY(&ni->ni_pam_template))
+			pi.uid = ni->ni_pam_template;
+	}
+	rc = NSLCD_PAM_SUCCESS;
+
+finish:
+	WRITE_INT32(fp,NSLCD_VERSION);
+	WRITE_INT32(fp,NSLCD_ACTION_PAM_AUTHZ);
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+	WRITE_INT32(fp,rc);
+	WRITE_BERVAL(fp,&authzmsg);
+	WRITE_INT32(fp,NSLCD_RESULT_END);
+	if (e) {
+		be_entry_release_r(op, e);
+	}
+	switch (rc) {
+	case NSLCD_PAM_SUCCESS:
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(): success\n" );
+		break;
+	case NSLCD_PAM_PERM_DENIED:
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_authz(): %s\n",
+			authzmsg.bv_val ? authzmsg.bv_val : "NULL" );
+		break;
+	default:
+		Debug(LDAP_DEBUG_TRACE,
+			"nssov_pam_authz(): permission denied, rc (%d)\n",
+			rc );
+	}
+	return 0;
+}
+
+static int pam_sess(nssov_info *ni,TFILE *fp,Operation *op,int action)
+{
+	int32_t tmpint32;
+	char svcc[256];
+	char uidc[32];
+	char ttyc[32];
+	char rhostc[256];
+	char ruserc[32];
+	char sessionID[64];
+	struct paminfo pi;
+	slap_callback cb = {0};
+	SlapReply rs = {REP_RESULT};
+	char timebuf[LDAP_LUTIL_GENTIME_BUFSIZE];
+	struct berval timestamp, bv[2], *nbv;
+	time_t stamp;
+	Modifications mod;
+	int rc = 0;
+
+	READ_STRING(fp,uidc);
+	pi.uid.bv_val = uidc;
+	pi.uid.bv_len = tmpint32;
+	READ_STRING(fp,svcc);
+	pi.svc.bv_val = svcc;
+	pi.svc.bv_len = tmpint32;
+	READ_STRING(fp,ruserc);
+	pi.ruser.bv_val = ruserc;
+	pi.ruser.bv_len = tmpint32;
+	READ_STRING(fp,rhostc);
+	pi.rhost.bv_val = rhostc;
+	pi.rhost.bv_len = tmpint32;
+	READ_STRING(fp,ttyc);
+	pi.tty.bv_val = ttyc;
+	pi.tty.bv_len = tmpint32;
+
+	if (action==NSLCD_ACTION_PAM_SESS_O) {
+		slap_op_time( &op->o_time, &op->o_tincr );
+		timestamp.bv_len = sizeof(timebuf);
+		timestamp.bv_val = timebuf;
+		stamp = op->o_time;
+		slap_timestamp( &stamp, &timestamp );
+	} else {
+		READ_STRING(fp,sessionID);
+		timestamp.bv_val = sessionID;
+		timestamp.bv_len = tmpint32;
+	}
+
+	rc = pam_uid2dn(ni, op, &pi);
+	if (rc) goto done;
+
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(%s)\n",
+		action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', pi.dn.bv_val );
+
+	if (!ni->ni_pam_sessions) {
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_sess_%c(): %s\n",
+			action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c',
+			"pam session(s) not configured, ignored" );
+		rc = -1;
+		goto done;
+	}
+
+	{
+		int i, found=0;
+		for (i=0; !BER_BVISNULL(&ni->ni_pam_sessions[i]); i++) {
+			if (ni->ni_pam_sessions[i].bv_len != pi.svc.bv_len)
+				continue;
+			if (!strcasecmp(ni->ni_pam_sessions[i].bv_val, pi.svc.bv_val)) {
+				found = 1;
+				break;
+			}
+		}
+		if (!found) {
+			Debug(LDAP_DEBUG_TRACE,
+				"nssov_pam_sess_%c(): service(%s) not configured, ignored\n",
+				action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c',
+				pi.svc.bv_val );
+			rc = -1;
+			goto done;
+		}
+	}
+
+	bv[0].bv_len = timestamp.bv_len + global_host_bv.bv_len + pi.svc.bv_len +
+		pi.tty.bv_len + pi.ruser.bv_len + pi.rhost.bv_len + STRLENOF("    (@)");
+	bv[0].bv_val = op->o_tmpalloc( bv[0].bv_len+1, op->o_tmpmemctx );
+	sprintf(bv[0].bv_val, "%s %s %s %s (%s@%s)",
+		timestamp.bv_val, global_host_bv.bv_val, pi.svc.bv_val, pi.tty.bv_val,
+		pi.ruser.bv_val, pi.rhost.bv_val);
+
+	Debug(LDAP_DEBUG_TRACE, "nssov_pam_sess_%c(): loginStatus (%s) \n",
+			action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c', bv[0].bv_val );
+	
+	mod.sml_numvals = 1;
+	mod.sml_values = bv;
+	BER_BVZERO(&bv[1]);
+	attr_normalize( ad_loginStatus, bv, &nbv, op->o_tmpmemctx );
+	mod.sml_nvalues = nbv;
+	mod.sml_desc = ad_loginStatus;
+	mod.sml_op = action == NSLCD_ACTION_PAM_SESS_O ? LDAP_MOD_ADD :
+		LDAP_MOD_DELETE;
+	mod.sml_flags = SLAP_MOD_INTERNAL;
+	mod.sml_next = NULL;
+
+	cb.sc_response = slap_null_cb;
+	op->o_callback = &cb;
+	op->o_tag = LDAP_REQ_MODIFY;
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+	op->orm_modlist = &mod;
+	op->orm_no_opattrs = 1;
+	op->o_req_dn = pi.dn;
+	op->o_req_ndn = pi.dn;
+	if (op->o_bd->be_modify( op, &rs ) != LDAP_SUCCESS) {
+		Debug(LDAP_DEBUG_TRACE,
+			"nssov_pam_sess_%c(): modify op failed\n",
+			action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c' );
+		rc = -1;
+	}
+
+	if ( mod.sml_next ) {
+		slap_mods_free( mod.sml_next, 1 );
+	}
+	ber_bvarray_free_x( nbv, op->o_tmpmemctx );
+
+done:;
+
+	if (rc == 0) {
+		Debug(LDAP_DEBUG_TRACE,
+			"nssov_pam_sess_%c(): success\n",
+			action==NSLCD_ACTION_PAM_SESS_O ? 'o' : 'c' );
+	}
+	WRITE_INT32(fp,NSLCD_VERSION);
+	WRITE_INT32(fp,action);
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+	if (action==NSLCD_ACTION_PAM_SESS_O)
+		WRITE_STRING(fp,timestamp.bv_val);
+	WRITE_INT32(fp,NSLCD_RESULT_END);
+	return 0;
+}
+
+int pam_sess_o(nssov_info *ni,TFILE *fp,Operation *op)
+{
+	return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_O);
+}
+
+int pam_sess_c(nssov_info *ni,TFILE *fp,Operation *op)
+{
+	return pam_sess(ni,fp,op,NSLCD_ACTION_PAM_SESS_C);
+}
+
+int pam_pwmod(nssov_info *ni,TFILE *fp,Operation *op,uid_t calleruid)
+{
+	struct berval npw;
+	int32_t tmpint32;
+	char uidc[32];
+	char svcc[256];
+	char ruserc[32];
+	char rhostc[256];
+	char ttyc[256];
+	int asroot;
+	char opwc[256];
+	char npwc[256];
+	struct paminfo pi;
+	int rc;
+
+	READ_STRING(fp,uidc);
+	pi.uid.bv_val = uidc;
+	pi.uid.bv_len = tmpint32;
+	READ_STRING(fp,svcc);
+	pi.svc.bv_val = svcc;
+	pi.svc.bv_len = tmpint32;
+	READ_STRING(fp,ruserc);
+	pi.ruser.bv_val = svcc;
+	pi.ruser.bv_len = tmpint32;
+	READ_STRING(fp,rhostc);
+	pi.rhost.bv_val = svcc;
+	pi.rhost.bv_len = tmpint32;
+	READ_STRING(fp,ttyc);
+	pi.tty.bv_val = svcc;
+	pi.tty.bv_len = tmpint32;
+	READ_INT32(fp, asroot);
+	READ_STRING(fp,opwc);
+	pi.pwd.bv_val = opwc;
+	pi.pwd.bv_len = tmpint32;
+	READ_STRING(fp,npwc);
+	npw.bv_val = npwc;
+	npw.bv_len = tmpint32;
+
+	rc = pam_uid2dn(ni, op, &pi);
+	if (rc) goto done;
+
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(%s), %s %s\n",
+		pi.dn.bv_val ? pi.dn.bv_val : "NULL",
+		pi.uid.bv_val ? pi.uid.bv_val : "NULL",
+		asroot ? "as root" : "as user");
+
+	BER_BVZERO(&pi.msg);
+	pi.ispwdmgr = 0;
+
+	/* nssov_pam prohibits password mod */
+	if (!BER_BVISEMPTY(&ni->ni_pam_password_prohibit_message)) {
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(): %s (%s)\n",
+			"password_prohibit_message",
+			ni->ni_pam_password_prohibit_message.bv_val );
+		ber_str2bv(ni->ni_pam_password_prohibit_message.bv_val, 0, 0, &pi.msg);
+		rc = NSLCD_PAM_PERM_DENIED;
+		goto done;
+	}
+
+	if (asroot) {
+		if (BER_BVISEMPTY(&ni->ni_pam_pwdmgr_dn)) {
+			Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
+				"pwdmgr not configured" );
+			ber_str2bv("pwdmgr not configured", 0, 0, &pi.msg);
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto done;
+		}
+		if (calleruid != 0) {
+			Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(): %s\n",
+				"caller is not root" );
+			ber_str2bv("only root may do that", 0, 0, &pi.msg);
+			rc = NSLCD_PAM_PERM_DENIED;
+			goto done;
+		}
+		/* root user requesting pwmod */
+		pi.ispwdmgr = 1;
+	}
+
+	if (!pi.ispwdmgr && BER_BVISEMPTY(&pi.pwd)) {
+		Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), %s\n",
+			"not pwdmgr and old pwd empty" );
+		ber_str2bv("must provide old password", 0, 0, &pi.msg);
+		rc = NSLCD_PAM_PERM_DENIED;
+		goto done;
+	}
+
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	struct berval bv;
+	SlapReply rs = {REP_RESULT};
+	slap_callback cb = {0};
+
+	ber_init_w_nullc(ber, LBER_USE_DER);
+	ber_printf(ber, "{");
+	if (!BER_BVISEMPTY(&pi.dn))
+		ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_ID,
+			&pi.dn);
+	/* supply old pwd whenever it's given */
+	if (!BER_BVISEMPTY(&pi.pwd))
+		ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_OLD,
+			&pi.pwd);
+	if (!BER_BVISEMPTY(&npw))
+		ber_printf(ber, "tO", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW,
+			&npw);
+	ber_printf(ber, "N}");
+	ber_flatten2(ber, &bv, 0);
+	op->o_tag = LDAP_REQ_EXTENDED;
+	op->ore_reqoid = slap_EXOP_MODIFY_PASSWD;
+	op->ore_reqdata = &bv;
+
+	if (pi.ispwdmgr) {
+		/* root user changing end-user passwords */
+		op->o_dn = ni->ni_pam_pwdmgr_dn;
+		op->o_ndn = ni->ni_pam_pwdmgr_dn;
+	} else {
+		/* end-user self-pwd-mod */
+		op->o_dn = pi.dn;
+		op->o_ndn = pi.dn;
+	}
+	op->o_callback = &cb;
+	op->o_conn->c_authz_backend = op->o_bd;
+	cb.sc_response = slap_null_cb;
+	op->o_bd = frontendDB;
+	rc = op->o_bd->be_extended(op, &rs);
+	if (rs.sr_text)
+		ber_str2bv(rs.sr_text, 0, 0, &pi.msg);
+	if (rc == LDAP_SUCCESS)
+		rc = NSLCD_PAM_SUCCESS;
+	else
+		rc = NSLCD_PAM_PERM_DENIED;
+
+done:;
+	Debug(LDAP_DEBUG_TRACE,"nssov_pam_pwmod(), rc (%d)\n", rc );
+	WRITE_INT32(fp,NSLCD_VERSION);
+	WRITE_INT32(fp,NSLCD_ACTION_PAM_PWMOD);
+	WRITE_INT32(fp,NSLCD_RESULT_BEGIN);
+	WRITE_INT32(fp,rc);
+	WRITE_BERVAL(fp,&pi.msg);
+	return 0;
+}
+
+int nssov_pam_init()
+{
+	int code = 0;
+	const char *text;
+	if (!ad_loginStatus)
+		code = slap_str2ad("loginStatus", &ad_loginStatus, &text);
+
+	return code;
+}
diff --git a/contrib/slapd-modules/nssov/passwd.c b/contrib/slapd-modules/nssov/passwd.c
new file mode 100644
index 0000000..137106d
--- /dev/null
+++ b/contrib/slapd-modules/nssov/passwd.c
@@ -0,0 +1,435 @@
+/* passwd.c - password lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.0 NAME 'posixAccount' SUP top AUXILIARY
+ *	 DESC 'Abstraction of an account with POSIX attributes'
+ *	 MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+ *	 MAY ( userPassword $ loginShell $ gecos $ description ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval passwd_filter = BER_BVC("(objectClass=posixAccount)");
+
+/* the attributes used in searches */
+static struct berval passwd_keys[] = {
+	BER_BVC("uid"),
+	BER_BVC("userPassword"),
+	BER_BVC("uidNumber"),
+	BER_BVC("gidNumber"),
+	BER_BVC("gecos"),
+	BER_BVC("cn"),
+	BER_BVC("homeDirectory"),
+	BER_BVC("loginShell"),
+	BER_BVC("objectClass"),
+	BER_BVNULL
+};
+
+#define UID_KEY	0
+#define	PWD_KEY	1
+#define UIDN_KEY	2
+#define GIDN_KEY	3
+#define GEC_KEY	4
+#define CN_KEY	5
+#define DIR_KEY	6
+#define SHL_KEY	7
+
+/* default values for attributes */
+static struct berval default_passwd_userPassword	= BER_BVC("*"); /* unmatchable */
+static struct berval default_passwd_homeDirectory	= BER_BVC("");
+static struct berval default_passwd_loginShell		= BER_BVC("");
+
+static struct berval shadow_passwd = BER_BVC("x");
+
+NSSOV_INIT(passwd)
+
+/*
+	 Checks to see if the specified name is a valid user name.
+
+	 This test is based on the definition from POSIX (IEEE Std 1003.1, 2004, 3.426 User Name
+	 and 3.276 Portable Filename Character Set):
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_426
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276
+
+	 The standard defines user names valid if they contain characters from
+	 the set [A-Za-z0-9._-] where the hyphen should not be used as first
+	 character. As an extension this test allows the dolar '$' sign as the last
+	 character to support Samba special accounts.
+*/
+int isvalidusername(struct berval *bv)
+{
+	int i;
+	char *name = bv->bv_val;
+	if ((name==NULL)||(name[0]=='\0'))
+		return 0;
+	/* check first character */
+	if ( ! ( (name[0]>='A' && name[0] <= 'Z') ||
+					 (name[0]>='a' && name[0] <= 'z') ||
+					 (name[0]>='0' && name[0] <= '9') ||
+					 name[0]=='.' || name[0]=='_' ) )
+		return 0;
+	/* check other characters */
+	for (i=1;i<bv->bv_len;i++)
+	{
+		if ( name[i]=='$' )
+		{
+			/* if the char is $ we require it to be the last char */
+			if (name[i+1]!='\0')
+				return 0;
+		}
+		else if ( ! ( (name[i]>='A' && name[i] <= 'Z') ||
+									(name[i]>='a' && name[i] <= 'z') ||
+									(name[i]>='0' && name[i] <= '9') ||
+									name[i]=='.' || name[i]=='_'	|| name[i]=='-') )
+			return 0;
+	}
+	/* no test failed so it must be good */
+	return -1;
+}
+
+/* return 1 on success */
+int nssov_dn2uid(Operation *op,nssov_info *ni,struct berval *dn,struct berval *uid)
+{
+	nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
+	AttributeDescription *ad = mi->mi_attrs[UID_KEY].an_desc;
+	Entry *e;
+
+	/* check for empty string */
+	if (!dn->bv_len)
+		return 0;
+	/* try to look up uid within DN string */
+	if (!strncmp(dn->bv_val,ad->ad_cname.bv_val,ad->ad_cname.bv_len) &&
+		dn->bv_val[ad->ad_cname.bv_len] == '=')
+	{
+		struct berval bv, rdn;
+		dnRdn(dn, &rdn);
+		/* check if it is valid */
+		bv.bv_val = dn->bv_val + ad->ad_cname.bv_len + 1;
+		bv.bv_len = rdn.bv_len - ad->ad_cname.bv_len - 1;
+		if (!isvalidusername(&bv))
+			return 0;
+		ber_dupbv_x( uid, &bv, op->o_tmpmemctx );
+		return 1;
+	}
+	/* look up the uid from the entry itself */
+	if (be_entry_get_rw( op, dn, NULL, ad, 0, &e) == LDAP_SUCCESS)
+	{
+		Attribute *a = attr_find(e->e_attrs, ad);
+		if (a) {
+			ber_dupbv_x(uid, &a->a_vals[0], op->o_tmpmemctx);
+		}
+		be_entry_release_r(op, e);
+		if (a)
+			return 1;
+	}
+	return 0;
+}
+
+int nssov_name2dn_cb(Operation *op,SlapReply *rs)
+{
+	if ( rs->sr_type == REP_SEARCH )
+	{
+		struct berval *bv = op->o_callback->sc_private;
+		if ( !BER_BVISNULL(bv)) {
+			op->o_tmpfree( bv->bv_val, op->o_tmpmemctx );
+			BER_BVZERO(bv);
+			return LDAP_ALREADY_EXISTS;
+		}
+		ber_dupbv_x(bv, &rs->sr_entry->e_name, op->o_tmpmemctx);
+	}
+	return LDAP_SUCCESS;
+}
+
+int nssov_uid2dn(Operation *op,nssov_info *ni,struct berval *uid,struct berval *dn)
+{
+	nssov_mapinfo *mi = &ni->ni_maps[NM_passwd];
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf),fbuf};
+	slap_callback cb = {0};
+	SlapReply rs = {REP_RESULT};
+	Operation op2;
+	int rc;
+
+	/* if it isn't a valid username, just bail out now */
+	if (!isvalidusername(uid))
+		return 0;
+	/* we have to look up the entry */
+	nssov_filter_byid(mi,UID_KEY,uid,&filter);
+	BER_BVZERO(dn);
+	cb.sc_private = dn;
+	cb.sc_response = nssov_name2dn_cb;
+	op2 = *op;
+	op2.o_callback = &cb;
+	op2.o_req_dn = mi->mi_base;
+	op2.o_req_ndn = mi->mi_base;
+	op2.ors_scope = mi->mi_scope;
+	op2.ors_filterstr = filter;
+	op2.ors_filter = str2filter_x( op, filter.bv_val );
+	op2.ors_attrs = slap_anlist_no_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
+	rc = op2.o_bd->be_search( &op2, &rs );
+	filter_free_x( op, op2.ors_filter, 1 );
+	return rc == LDAP_SUCCESS && !BER_BVISNULL(dn);
+}
+
+/* the maximum number of uidNumber attributes per entry */
+#define MAXUIDS_PER_ENTRY 5
+
+NSSOV_CBPRIV(passwd,
+	char buf[256];
+	struct berval name;
+	struct berval id;);
+
+static struct berval shadowclass = BER_BVC("shadowAccount");
+
+static int write_passwd(nssov_passwd_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	struct berval tmparr[2], tmpuid[2];
+	char *tmp;
+	struct berval *names;
+	struct berval *uids;
+	struct berval passwd = {0};
+	gid_t gid;
+	struct berval gecos;
+	struct berval homedir;
+	struct berval shell;
+	Attribute *a;
+	int i,j;
+	int use_shadow = 0;
+	/* get the usernames for this entry */
+	if (BER_BVISNULL(&cbp->name))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
+		if (!a)
+		{
+			Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		names = a->a_vals;
+	}
+	else
+	{
+		names=tmparr;
+		names[0]=cbp->name;
+		BER_BVZERO(&names[1]);
+	}
+	/* get the password for this entry */
+	a = attr_find(entry->e_attrs, slap_schema.si_ad_objectClass);
+	if ( a ) {
+		for ( i=0; i<a->a_numvals; i++) {
+			if ( bvmatch( &shadowclass, &a->a_nvals[i] )) {
+				use_shadow = 1;
+				break;
+			}
+		}
+	}
+	if ( use_shadow )
+	{
+		/* if the entry has a shadowAccount entry, point to that instead */
+		passwd = shadow_passwd;
+	}
+	else
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[PWD_KEY].an_desc);
+		if (a)
+			get_userpassword(&a->a_vals[0], &passwd);
+		if (BER_BVISNULL(&passwd))
+			passwd=default_passwd_userPassword;
+	}
+	/* get the uids for this entry */
+	if (BER_BVISNULL(&cbp->id))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UIDN_KEY].an_desc);
+        if ( !a )
+		{
+			Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		uids = a->a_vals;
+	}
+	else
+	{
+		uids = tmpuid;
+		uids[0] = cbp->id;
+		BER_BVZERO(&uids[1]);
+	}
+	/* get the gid for this entry */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GIDN_KEY].an_desc);
+	if (!a)
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	else if (a->a_numvals != 1)
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val );
+	}
+	gid=(gid_t)strtol(a->a_vals[0].bv_val,&tmp,0);
+	if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0'))
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s contains non-numeric %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[GIDN_KEY].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	/* get the gecos for this entry (fall back to cn) */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[GEC_KEY].an_desc);
+	if (!a)
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[CN_KEY].an_desc);
+	if (!a || !a->a_numvals)
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s or %s value\n",
+			entry->e_name.bv_val,
+			cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
+			cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
+		return 0;
+	}
+	else if (a->a_numvals > 1)
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s or %s values\n",
+			entry->e_name.bv_val,
+			cbp->mi->mi_attrs[GEC_KEY].an_desc->ad_cname.bv_val,
+			cbp->mi->mi_attrs[CN_KEY].an_desc->ad_cname.bv_val);
+	}
+	gecos=a->a_vals[0];
+	/* get the home directory for this entry */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[DIR_KEY].an_desc);
+	if (!a)
+	{
+		Debug(LDAP_DEBUG_ANY,"passwd entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val );
+		homedir=default_passwd_homeDirectory;
+	}
+	else
+	{
+		if (a->a_numvals > 1)
+		{
+			Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[DIR_KEY].an_desc->ad_cname.bv_val );
+		}
+		homedir=a->a_vals[0];
+		if (homedir.bv_val[0]=='\0')
+			homedir=default_passwd_homeDirectory;
+	}
+	/* get the shell for this entry */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[SHL_KEY].an_desc);
+	if (!a)
+	{
+		shell=default_passwd_loginShell;
+	}
+	else
+	{
+		if (a->a_numvals > 1)
+		{
+			Debug(LDAP_DEBUG_ANY,"passwd entry %s contains multiple %s values\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[SHL_KEY].an_desc->ad_cname.bv_val );
+		}
+		shell=a->a_vals[0];
+		if (shell.bv_val[0]=='\0')
+			shell=default_passwd_loginShell;
+	}
+	/* write the entries */
+	for (i=0;!BER_BVISNULL(&names[i]);i++)
+	{
+		if (!isvalidusername(&names[i]))
+		{
+			Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains invalid user name: \"%s\"\n",
+				entry->e_name.bv_val,names[i].bv_val );
+		}
+		else
+		{
+			for (j=0;!BER_BVISNULL(&uids[j]);j++)
+			{
+				char *tmp;
+				uid_t uid;
+				uid = strtol(uids[j].bv_val, &tmp, 0);
+				if ( *tmp ) {
+					Debug(LDAP_DEBUG_ANY,"nssov: passwd entry %s contains non-numeric %s value: \"%s\"\n",
+						entry->e_name.bv_val, cbp->mi->mi_attrs[UIDN_KEY].an_desc->ad_cname.bv_val,
+						names[i].bv_val);
+					continue;
+				}
+				WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+				WRITE_BERVAL(cbp->fp,&names[i]);
+				WRITE_BERVAL(cbp->fp,&passwd);
+				WRITE_INT32(cbp->fp,uid);
+				WRITE_INT32(cbp->fp,gid);
+				WRITE_BERVAL(cbp->fp,&gecos);
+				WRITE_BERVAL(cbp->fp,&homedir);
+				WRITE_BERVAL(cbp->fp,&shell);
+			}
+		}
+	}
+	return 0;
+}
+
+NSSOV_CB(passwd)
+
+NSSOV_HANDLE(
+	passwd,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;
+	if (!isvalidusername(&cbp.name)) {
+		Debug(LDAP_DEBUG_ANY,"nssov_passwd_byname(%s): invalid user name\n",cbp.name.bv_val);
+		return -1;
+	}
+	BER_BVZERO(&cbp.id); ,
+	Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_PASSWD_BYNAME,
+	nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	passwd,byuid,
+	uid_t uid;
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_INT32(fp,uid);
+	cbp.id.bv_val = cbp.buf;
+	cbp.id.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",uid);
+	BER_BVZERO(&cbp.name);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_passwd_byuid(%s)\n",cbp.id.bv_val);,
+	NSLCD_ACTION_PASSWD_BYUID,
+	nssov_filter_byid(cbp.mi,UIDN_KEY,&cbp.id,&filter)
+)
+
+NSSOV_HANDLE(
+	passwd,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);
+	BER_BVZERO(&cbp.id);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_passwd_all()\n");,
+	NSLCD_ACTION_PASSWD_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/protocol.c b/contrib/slapd-modules/nssov/protocol.c
new file mode 100644
index 0000000..1d131ca
--- /dev/null
+++ b/contrib/slapd-modules/nssov/protocol.c
@@ -0,0 +1,156 @@
+/* protocol.c - network protocol lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/*
+ * ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+ *   DESC 'Abstraction of an IP protocol. Maps a protocol number
+ *         to one or more names. The distinguished value of the cn
+ *         attribute denotes the protocol's canonical name'
+ *   MUST ( cn $ ipProtocolNumber )
+ *    MAY description )
+ */
+
+/* the basic search filter for searches */
+static struct berval protocol_filter = BER_BVC("(objectClass=ipProtocol)");
+
+/* the attributes used in searches */
+static struct berval protocol_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("ipProtocolNumber"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(protocol)
+
+NSSOV_CBPRIV(protocol,
+	char buf[256];
+	struct berval name;
+	struct berval numb;);
+
+static int write_protocol(nssov_protocol_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	int i,numname,dupname,proto;
+	struct berval name,*names;
+	Attribute *a;
+	char *tmp;
+
+	/* get the most canonical name */
+	nssov_find_rdnval( &entry->e_nname, cbp->mi->mi_attrs[0].an_desc, &name );
+	/* get the other names for the protocol */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	names = a->a_vals;
+	numname = a->a_numvals;
+	/* if the name is not yet found, get the first entry from names */
+	if (BER_BVISNULL(&name)) {
+		name=names[0];
+		dupname = 0;
+	} else {
+		dupname = -1;
+		for (i=0; i<numname; i++) {
+			if ( bvmatch(&name, &a->a_nvals[i])) {
+				dupname = i;
+				break;
+			}
+		}
+	}
+	/* get the protocol number */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"protocol entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	} else if ( a->a_numvals > 1 ) {
+		Debug(LDAP_DEBUG_ANY,"protocol entry %s contains multiple %s values\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+	}
+	proto=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
+	if (*tmp)
+	{
+		Debug(LDAP_DEBUG_ANY,"protocol entry %s contains non-numeric %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	/* write the entry */
+	WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+	WRITE_BERVAL(cbp->fp,&name);
+	if ( dupname >= 0 ) {
+		WRITE_INT32(cbp->fp,numname-1);
+	} else {
+		WRITE_INT32(cbp->fp,numname);
+	}
+	for (i=0;i<numname;i++) {
+		if (i == dupname) continue;
+		WRITE_BERVAL(cbp->fp,&names[i]);
+	}
+	WRITE_INT32(cbp->fp,proto);
+	return 0;
+}
+
+NSSOV_CB(protocol)
+
+NSSOV_HANDLE(
+	protocol,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	BER_BVZERO(&cbp.numb);
+	READ_STRING(fp,cbp.buf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_protocol_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_PROTOCOL_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	protocol,bynumber,
+	int protocol;
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_INT32(fp,protocol);
+	cbp.numb.bv_val = cbp.buf;
+	cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",protocol);
+	BER_BVZERO(&cbp.name);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_protocol_bynumber(%s)\n",cbp.numb.bv_val);,
+	NSLCD_ACTION_PROTOCOL_BYNUMBER,
+	nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
+)
+
+NSSOV_HANDLE(
+	protocol,all,
+	struct berval filter;
+	/* no parameters to read */,
+	Debug(LDAP_DEBUG_TRACE,"nssov_protocol_all()\n");,
+	NSLCD_ACTION_PROTOCOL_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/rpc.c b/contrib/slapd-modules/nssov/rpc.c
new file mode 100644
index 0000000..7d2045f
--- /dev/null
+++ b/contrib/slapd-modules/nssov/rpc.c
@@ -0,0 +1,158 @@
+/* rpc.c - rpc lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+ *	 DESC 'Abstraction of an Open Network Computing (ONC)
+ *				 [RFC1057] Remote Procedure Call (RPC) binding.
+ *				 This class maps an ONC RPC number to a name.
+ *				 The distinguished value of the cn attribute denotes
+ *				 the RPC service's canonical name'
+ *	 MUST ( cn $ oncRpcNumber )
+ *	 MAY description )
+ */
+
+/* the basic search filter for searches */
+static struct berval rpc_filter = BER_BVC("(objectClass=oncRpc)");
+
+/* the attributes to request with searches */
+static struct berval rpc_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("oncRpcNumber"),
+	BER_BVNULL
+};
+
+NSSOV_INIT(rpc)
+
+NSSOV_CBPRIV(rpc,
+	char buf[256];
+	struct berval name;
+	struct berval numb;);
+
+/* write a single rpc entry to the stream */
+static int write_rpc(nssov_rpc_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	int i,numname,dupname,number;
+	struct berval name,*names;
+	Attribute *a;
+	char *tmp;
+
+	/* get the most canonical name */
+	nssov_find_rdnval( &entry->e_nname, cbp->mi->mi_attrs[0].an_desc, &name );
+	/* get the other names for the rpc */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	names = a->a_vals;
+	numname = a->a_numvals;
+	/* if the name is not yet found, get the first entry from names */
+	if (BER_BVISNULL(&name)) {
+		name=names[0];
+		dupname = 0;
+	} else {
+		dupname = -1;
+		for (i=0; i<numname; i++) {
+			if ( bvmatch(&name, &a->a_nvals[i])) {
+				dupname = i;
+				break;
+			}
+		}
+	}
+	/* get the rpc number */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"rpc entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	} else if ( a->a_numvals > 1 ) {
+		Debug(LDAP_DEBUG_ANY,"rpc entry %s contains multiple %s values\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+	}
+	number=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
+	if (*tmp)
+	{
+		Debug(LDAP_DEBUG_ANY,"rpc entry %s contains non-numeric %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	/* write the entry */
+	WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+	WRITE_BERVAL(cbp->fp,&name);
+	if ( dupname >= 0 ) {
+		WRITE_INT32(cbp->fp,numname-1);
+	} else {
+		WRITE_INT32(cbp->fp,numname);
+	}
+	for (i=0;i<numname;i++) {
+		if (i == dupname) continue;
+		WRITE_BERVAL(cbp->fp,&names[i]);
+	}
+	WRITE_INT32(cbp->fp,number);
+	return 0;
+}
+
+NSSOV_CB(rpc)
+
+NSSOV_HANDLE(
+	rpc,byname,
+	char fbuf[1024];
+    struct berval filter = {sizeof(fbuf)};
+    filter.bv_val = fbuf;
+    BER_BVZERO(&cbp.numb);
+    READ_STRING(fp,cbp.buf);
+    cbp.name.bv_len = tmpint32;
+    cbp.name.bv_val = cbp.buf;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_rpc_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_RPC_BYNAME,
+	nssov_filter_byname(cbp.mi,0,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	rpc,bynumber,
+	int number;
+	char fbuf[1024];
+    struct berval filter = {sizeof(fbuf)};
+    filter.bv_val = fbuf;
+	READ_INT32(fp,number);
+	cbp.numb.bv_val = cbp.buf;
+	cbp.numb.bv_len = snprintf(cbp.buf,sizeof(cbp.buf),"%d",number);
+	BER_BVZERO(&cbp.name);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_rpc_bynumber(%s)\n",cbp.numb.bv_val);,
+	NSLCD_ACTION_RPC_BYNUMBER,
+	nssov_filter_byid(cbp.mi,1,&cbp.numb,&filter)
+)
+
+NSSOV_HANDLE(
+	rpc,all,
+	struct berval filter;
+	/* no parameters to read */,
+	Debug(LDAP_DEBUG_TRACE,"nssov_rpc_all()\n");,
+	NSLCD_ACTION_RPC_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/service.c b/contrib/slapd-modules/nssov/service.c
new file mode 100644
index 0000000..d3704e4
--- /dev/null
+++ b/contrib/slapd-modules/nssov/service.c
@@ -0,0 +1,250 @@
+/* service.c - service lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.3 NAME 'ipService' SUP top STRUCTURAL
+ *	 DESC 'Abstraction an Internet Protocol service.
+ *				 Maps an IP port and protocol (such as tcp or udp)
+ *				 to one or more names; the distinguished value of
+ *				 the cn attribute denotes the service's canonical
+ *				 name'
+ *	 MUST ( cn $ ipServicePort $ ipServiceProtocol )
+ *	 MAY ( description ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval service_filter = BER_BVC("(objectClass=ipService)");
+
+/* the attributes to request with searches */
+static struct berval service_keys[] = {
+	BER_BVC("cn"),
+	BER_BVC("ipServicePort"),
+	BER_BVC("ipServiceProtocol"),
+	BER_BVNULL
+};
+
+static int mkfilter_service_byname(nssov_mapinfo *mi,struct berval *name,
+								 struct berval *protocol,struct berval *buf)
+{
+	char buf2[1024],buf3[1024];
+	struct berval bv2 = {sizeof(buf2),buf2};
+	struct berval bv3 = {sizeof(buf3),buf3};
+
+	/* escape attributes */
+	if (nssov_escape(name,&bv2))
+		return -1;
+	if (!BER_BVISNULL(protocol)) {
+		if (nssov_escape(protocol,&bv3))
+			return -1;
+		if (bv2.bv_len + mi->mi_filter.bv_len + mi->mi_attrs[0].an_desc->ad_cname.bv_len +
+			bv3.bv_len + mi->mi_attrs[2].an_desc->ad_cname.bv_len + 9 > buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s)(%s=%s))",
+			mi->mi_filter.bv_val,
+			mi->mi_attrs[0].an_desc->ad_cname.bv_val, bv2.bv_val,
+			mi->mi_attrs[2].an_desc->ad_cname.bv_val, bv3.bv_val );
+	} else {
+		if (bv2.bv_len + mi->mi_filter.bv_len + mi->mi_attrs[0].an_desc->ad_cname.bv_len + 6 >
+			buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
+			mi->mi_filter.bv_val, mi->mi_attrs[0].an_desc->ad_cname.bv_val,
+			bv2.bv_val );
+	}
+	return 0;
+}
+
+static int mkfilter_service_bynumber(nssov_mapinfo *mi,struct berval *numb,
+								 struct berval *protocol,struct berval *buf)
+{
+	char buf2[1024];
+	struct berval bv2 = {sizeof(buf2),buf2};
+
+	/* escape attribute */
+	if (!BER_BVISNULL(protocol)) {
+		if (nssov_escape(protocol,&bv2))
+			return -1;
+		if (numb->bv_len + mi->mi_filter.bv_len + mi->mi_attrs[1].an_desc->ad_cname.bv_len +
+			bv2.bv_len + mi->mi_attrs[2].an_desc->ad_cname.bv_len + 9 > buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s)(%s=%s))",
+			mi->mi_filter.bv_val,
+			mi->mi_attrs[1].an_desc->ad_cname.bv_val, numb->bv_val,
+			mi->mi_attrs[2].an_desc->ad_cname.bv_val, bv2.bv_val );
+	} else {
+		if (numb->bv_len + mi->mi_filter.bv_len + mi->mi_attrs[1].an_desc->ad_cname.bv_len + 6 >
+			buf->bv_len )
+			return -1;
+		buf->bv_len = snprintf(buf->bv_val, buf->bv_len, "(&%s(%s=%s))",
+			mi->mi_filter.bv_val, mi->mi_attrs[1].an_desc->ad_cname.bv_val,
+			numb->bv_val );
+	}
+	return 0;
+}
+
+NSSOV_INIT(service)
+
+NSSOV_CBPRIV(service,
+	char nbuf[256];
+	char pbuf[256];
+	struct berval name;
+	struct berval prot;);
+
+static int write_service(nssov_service_cbp *cbp,Entry *entry)
+{
+	int32_t tmpint32;
+	struct berval name,*names,*protos;
+	struct berval tmparr[2];
+	Attribute *a;
+	char *tmp;
+	int port;
+	int i,numname,dupname,numprot;
+
+	/* get the most canonical name */
+	nssov_find_rdnval( &entry->e_nname, cbp->mi->mi_attrs[0].an_desc, &name );
+	/* get the other names for the rpc */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[0].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[0].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	names = a->a_vals;
+	numname = a->a_numvals;
+	/* if the name is not yet found, get the first entry from names */
+	if (BER_BVISNULL(&name)) {
+		name=names[0];
+		dupname = 0;
+	} else {
+		dupname = -1;
+		for (i=0; i<numname; i++) {
+			if ( bvmatch(&name, &a->a_nvals[i])) {
+				dupname = i;
+				break;
+			}
+		}
+	}
+	/* get the service number */
+	a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[1].an_desc );
+	if ( !a || !a->a_vals )
+	{
+		Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	} else if ( a->a_numvals > 1 ) {
+		Debug(LDAP_DEBUG_ANY,"service entry %s contains multiple %s values\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+	}
+	port=(int)strtol(a->a_vals[0].bv_val,&tmp,0);
+	if (*tmp)
+	{
+		Debug(LDAP_DEBUG_ANY,"service entry %s contains non-numeric %s value\n",
+			entry->e_name.bv_val, cbp->mi->mi_attrs[1].an_desc->ad_cname.bv_val );
+		return 0;
+	}
+	/* get protocols */
+	if (BER_BVISNULL(&cbp->prot))
+	{
+		a = attr_find( entry->e_attrs, cbp->mi->mi_attrs[2].an_desc );
+		if ( !a || !a->a_vals )
+		{
+			Debug(LDAP_DEBUG_ANY,"service entry %s does not contain %s value\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[2].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		protos = a->a_vals;
+		numprot = a->a_numvals;
+	}
+	else
+	{
+		protos=tmparr;
+		protos[0]=cbp->prot;
+		BER_BVZERO(&protos[1]);
+		numprot = 1;
+	}
+	/* write the entries */
+	for (i=0;i<numprot;i++)
+	{
+		int j;
+		WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+		WRITE_BERVAL(cbp->fp,&name);
+		if ( dupname >= 0 ) {
+			WRITE_INT32(cbp->fp,numname-1);
+		} else {
+			WRITE_INT32(cbp->fp,numname);
+		}
+		for (j=0;j<numname;j++) {
+			if (j == dupname) continue;
+			WRITE_BERVAL(cbp->fp,&names[j]);
+		}
+		WRITE_INT32(cbp->fp,port);
+		WRITE_BERVAL(cbp->fp,&protos[i]);
+	}
+	return 0;
+}
+
+NSSOV_CB(service)
+
+NSSOV_HANDLE(
+	service,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.nbuf);
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.nbuf;
+	READ_STRING(fp,cbp.pbuf);
+	cbp.prot.bv_len = tmpint32;
+	cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_service_byname(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val ? cbp.prot.bv_val : "");,
+	NSLCD_ACTION_SERVICE_BYNAME,
+	mkfilter_service_byname(cbp.mi,&cbp.name,&cbp.prot,&filter)
+)
+
+NSSOV_HANDLE(
+	service,bynumber,
+	int number;
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_INT32(fp,number);
+	cbp.name.bv_val = cbp.nbuf;
+	cbp.name.bv_len = snprintf(cbp.nbuf,sizeof(cbp.nbuf),"%d",number);
+	READ_STRING(fp,cbp.pbuf);
+	cbp.prot.bv_len = tmpint32;
+	cbp.prot.bv_val = tmpint32 ? cbp.pbuf : NULL;,
+	Debug(LDAP_DEBUG_TRACE,"nssov_service_bynumber(%s,%s)\n",cbp.name.bv_val,cbp.prot.bv_val);,
+	NSLCD_ACTION_SERVICE_BYNUMBER,
+	mkfilter_service_bynumber(cbp.mi,&cbp.name,&cbp.prot,&filter)
+)
+
+NSSOV_HANDLE(
+	service,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.prot);,
+	Debug(LDAP_DEBUG_TRACE,"nssov_service_all()\n");,
+	NSLCD_ACTION_SERVICE_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/shadow.c b/contrib/slapd-modules/nssov/shadow.c
new file mode 100644
index 0000000..477ce50
--- /dev/null
+++ b/contrib/slapd-modules/nssov/shadow.c
@@ -0,0 +1,257 @@
+/* shadow.c - shadow account lookup routines */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 
+ *
+ * Copyright 2008-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This code references portions of the nss-ldapd package
+ * written by Arthur de Jong. The nss-ldapd code was forked
+ * from the nss-ldap library written by Luke Howard.
+ */
+
+#include "nssov.h"
+
+/* ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ *	 DESC 'Additional attributes for shadow passwords'
+ *	 MUST uid
+ *	 MAY ( userPassword $ shadowLastChange $ shadowMin
+ *				 shadowMax $ shadowWarning $ shadowInactive $
+ *				 shadowExpire $ shadowFlag $ description ) )
+ */
+
+/* the basic search filter for searches */
+static struct berval shadow_filter = BER_BVC("(objectClass=shadowAccount)");
+
+/* the attributes to request with searches */
+static struct berval shadow_keys[] = {
+	BER_BVC("uid"),
+	BER_BVC("userPassword"),
+	BER_BVC("shadowLastChange"),
+	BER_BVC("shadowMin"),
+	BER_BVC("shadowMax"),
+	BER_BVC("shadowWarning"),
+	BER_BVC("shadowInactive"),
+	BER_BVC("shadowExpire"),
+	BER_BVC("shadowFlag"),
+	BER_BVNULL
+};
+
+#define UID_KEY	0
+#define PWD_KEY	1
+#define CHG_KEY	2
+#define MIN_KEY	3
+#define MAX_KEY 4
+#define WRN_KEY 5
+#define INA_KEY 6
+#define EXP_KEY 7
+#define FLG_KEY 8
+
+/* default values for attributes */
+static struct berval default_shadow_userPassword		 = BER_BVC("*"); /* unmatchable */
+static int default_nums[] = { 0,0,
+	-1, /* LastChange */
+	-1, /* Min */
+	-1, /* Max */
+	-1, /* Warning */
+	-1, /* Inactive */
+	-1, /* Expire */
+	0 /* Flag */
+};
+
+NSSOV_INIT(shadow)
+
+static long to_date(struct berval *date,AttributeDescription *attr)
+{
+	long value;
+	char *tmp;
+	/* do some special handling for date values on AD */
+	if (strcasecmp(attr->ad_cname.bv_val,"pwdLastSet")==0)
+	{
+		char buffer[8];
+		size_t l;
+		/* we expect an AD 64-bit datetime value;
+			 we should do date=date/864000000000-134774
+			 but that causes problems on 32-bit platforms,
+			 first we divide by 1000000000 by stripping the
+			 last 9 digits from the string and going from there */
+		l=date->bv_len-9;
+		if (l<1 || l>(sizeof(buffer)-1))
+			return 0; /* error */
+		strncpy(buffer,date->bv_val,l);
+		buffer[l]='\0';
+		value=strtol(buffer,&tmp,0);
+		if ((buffer[0]=='\0')||(*tmp!='\0'))
+		{
+			Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
+				attr->ad_cname.bv_val );
+			return 0;
+		}
+		return value/864-134774;
+		/* note that AD does not have expiry dates but a lastchangeddate
+			 and some value that needs to be added */
+	}
+	value=strtol(date->bv_val,&tmp,0);
+	if ((date->bv_val[0]=='\0')||(*tmp!='\0'))
+	{
+		Debug(LDAP_DEBUG_ANY,"shadow entry contains non-numeric %s value\n",
+			attr->ad_cname.bv_val );
+		return 0;
+	}
+	return value;
+}
+
+#ifndef UF_DONT_EXPIRE_PASSWD
+#define UF_DONT_EXPIRE_PASSWD 0x10000
+#endif
+
+#define GET_OPTIONAL_LONG(var,key) \
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[key].an_desc); \
+	if ( !a || BER_BVISNULL(&a->a_vals[0])) \
+		var = default_nums[key]; \
+	else \
+	{ \
+		if (a->a_numvals > 1) \
+		{ \
+			Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
+				entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val); \
+		} \
+		var=strtol(a->a_vals[0].bv_val,&tmp,0); \
+		if ((a->a_vals[0].bv_val[0]=='\0')||(*tmp!='\0')) \
+		{ \
+			Debug(LDAP_DEBUG_ANY,"shadow entry %s contains non-numeric %s value\n", \
+				entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val); \
+			return 0; \
+		} \
+	}
+
+#define GET_OPTIONAL_DATE(var,key) \
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[key].an_desc); \
+	if ( !a || BER_BVISNULL(&a->a_vals[0])) \
+		var = default_nums[key]; \
+	else \
+	{ \
+		if (a->a_numvals > 1) \
+		{ \
+			Debug(LDAP_DEBUG_ANY,"shadow entry %s contains multiple %s values\n", \
+				entry->e_name.bv_val, cbp->mi->mi_attrs[key].an_desc->ad_cname.bv_val); \
+		} \
+		var=to_date(&a->a_vals[0],cbp->mi->mi_attrs[key].an_desc); \
+	}
+
+NSSOV_CBPRIV(shadow,
+	char buf[256];
+	struct berval name;);
+
+static int write_shadow(nssov_shadow_cbp *cbp,Entry *entry)
+{
+	struct berval tmparr[2];
+	struct berval *names;
+	Attribute *a;
+	char *tmp;
+	struct berval passwd = {0};
+	long lastchangedate;
+	long mindays;
+	long maxdays;
+	long warndays;
+	long inactdays;
+	long expiredate;
+	unsigned long flag;
+	int i;
+	int32_t tmpint32;
+	/* get username */
+	if (BER_BVISNULL(&cbp->name))
+	{
+		a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[UID_KEY].an_desc);
+		if (!a)
+		{
+			Debug(LDAP_DEBUG_ANY,"shadow entry %s does not contain %s value\n",
+				entry->e_name.bv_val, cbp->mi->mi_attrs[UID_KEY].an_desc->ad_cname.bv_val );
+			return 0;
+		}
+		names = a->a_vals;
+	}
+	else
+	{
+		names=tmparr;
+		names[0]=cbp->name;
+		BER_BVZERO(&names[1]);
+	}
+	/* get password */
+	a = attr_find(entry->e_attrs, cbp->mi->mi_attrs[PWD_KEY].an_desc);
+	if ( a )
+		get_userpassword(&a->a_vals[0], &passwd);
+	if (BER_BVISNULL(&passwd))
+		passwd=default_shadow_userPassword;
+	/* get lastchange date */
+	GET_OPTIONAL_DATE(lastchangedate,CHG_KEY);
+	/* get mindays */
+	GET_OPTIONAL_LONG(mindays,MIN_KEY);
+	/* get maxdays */
+	GET_OPTIONAL_LONG(maxdays,MAX_KEY);
+	/* get warndays */
+	GET_OPTIONAL_LONG(warndays,WRN_KEY);
+	/* get inactdays */
+	GET_OPTIONAL_LONG(inactdays,INA_KEY);
+	/* get expire date */
+	GET_OPTIONAL_LONG(expiredate,EXP_KEY);
+	/* get flag */
+	GET_OPTIONAL_LONG(flag,FLG_KEY);
+	/* if we're using AD handle the flag specially */
+	if (strcasecmp(cbp->mi->mi_attrs[CHG_KEY].an_desc->ad_cname.bv_val,"pwdLastSet")==0)
+	{
+		if (flag&UF_DONT_EXPIRE_PASSWD)
+			maxdays=99999;
+		flag=0;
+	}
+	/* write the entries */
+	for (i=0;!BER_BVISNULL(&names[i]);i++)
+	{
+		WRITE_INT32(cbp->fp,NSLCD_RESULT_BEGIN);
+		WRITE_BERVAL(cbp->fp,&names[i]);
+		WRITE_BERVAL(cbp->fp,&passwd);
+		WRITE_INT32(cbp->fp,lastchangedate);
+		WRITE_INT32(cbp->fp,mindays);
+		WRITE_INT32(cbp->fp,maxdays);
+		WRITE_INT32(cbp->fp,warndays);
+		WRITE_INT32(cbp->fp,inactdays);
+		WRITE_INT32(cbp->fp,expiredate);
+		WRITE_INT32(cbp->fp,flag);
+	}
+	return 0;
+}
+
+NSSOV_CB(shadow)
+
+NSSOV_HANDLE(
+	shadow,byname,
+	char fbuf[1024];
+	struct berval filter = {sizeof(fbuf)};
+	filter.bv_val = fbuf;
+	READ_STRING(fp,cbp.buf);,
+	cbp.name.bv_len = tmpint32;
+	cbp.name.bv_val = cbp.buf;
+	Debug(LDAP_DEBUG_ANY,"nssov_shadow_byname(%s)\n",cbp.name.bv_val);,
+	NSLCD_ACTION_SHADOW_BYNAME,
+	nssov_filter_byname(cbp.mi,UID_KEY,&cbp.name,&filter)
+)
+
+NSSOV_HANDLE(
+	shadow,all,
+	struct berval filter;
+	/* no parameters to read */
+	BER_BVZERO(&cbp.name);,
+	Debug(LDAP_DEBUG_ANY,"nssov_shadow_all()\n");,
+	NSLCD_ACTION_SHADOW_ALL,
+	(filter=cbp.mi->mi_filter,0)
+)
diff --git a/contrib/slapd-modules/nssov/slapo-nssov.5 b/contrib/slapd-modules/nssov/slapo-nssov.5
new file mode 100644
index 0000000..6128de9
--- /dev/null
+++ b/contrib/slapd-modules/nssov/slapo-nssov.5
@@ -0,0 +1,316 @@
+.TH SLAPO-NSSOV 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1998-2022 The OpenLDAP Foundation, All Rights Reserved.
+.\" Copying restrictions apply.  See the COPYRIGHT file.
+.\" $OpenLDAP$
+.SH NAME
+slapo-nssov \- NSS and PAM requests through a local Unix Domain socket
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+The
+.B nssov 
+overlay to
+.BR slapd (8)
+services NSS and PAM requests through a local Unix Domain socket. 
+It uses the same IPC protocol as Arthur de Jong's nss-pam-ldapd.
+An extract of the nss-ldapd source is included along with the
+nssov source code to allow the overlay to communicate with the
+nss-pam-ldapd client stubs.
+.LP
+Using a separate IPC protocol for NSS and PAM requests eliminates the
+libldap dependencies/clashes that the current pam_ldap/nss_ldap solutions
+all suffer from. Both the original nss-ldapd and this nssov solution
+are free from these library issues.
+.LP
+Unlike nss-pam-ldapd, since this overlay executes inside slapd it allows for
+the possibility of sophisticated caching, without any of the weaknesses of
+nscd and other related caching solutions. E.g., a remote LDAP database can
+be accessed using back-ldap with proxy caching (see
+.BR slapd-ldap (5)
+and
+.BR slapo-pcache (5)
+) to leverage back-ldap's
+connection pooling as well as pcache's persistent caching, to provide
+high performance and a measure of support for disconnected operation.
+Alternatively, cache considerations can be completely eliminated by running
+a regular database with syncrepl to maintain synchronization with a remote
+LDAP database.
+.LP
+Another major benefit of nssov is that it allows all security policy to be 
+administered centrally via LDAP, instead of having fragile rules scattered 
+across multiple flat files. As such, there is no client-side configuration at 
+all for the NSS/PAM stub libraries. (The stubs talk to the server via a Unix
+domain socket whose path is hardcoded to NSLCDPATH). As a side benefit,
+this can finally eliminate the perpetual confusion between OpenLDAP's
+ldap.conf file in ETCDIR/ldap.conf and the similarly named files typically
+used by pam_ldap and nss_ldap.
+.LP
+User authentication is performed by internal simple Binds. User authorization 
+leverages the slapd ACL engine, which offers much more power and flexibility 
+than the simple group/hostname checks in the old pam_ldap code.
+.LP
+To use this code, you will need the client-side stub library from
+nss-pam-ldapd.  You can get it from:
+http://arthurdejong.org/nss-pam-ldapd
+You will not need the nslcd daemon; this overlay replaces that part.
+To disable building of the nslcd daemon in nss-pam-ldapd, add the
+--disable-nslcd option to the nss-pam-ldapd configure script. You
+should already be familiar with the RFC2307 and RFC2307bis schema
+to use this overlay.  See the nss-pam-ldapd README for more information
+on the schema and which features are supported.
+.LP
+You will also need to include the nis.schema in your slapd configuration
+for RFC2307 support. If you wish to use RFC2307bis you will need a slightly
+different schema. You will also need the ldapns.schema for PAM authorization
+management.
+.LP
+You must select
+.B ldap
+in the appropriate services in
+.I /etc/nsswitch.conf
+in order for these NSS features to take effect. Likewise, you must
+enable
+.B pam_ldap
+for the authenticate, account, session, and password services in
+.I /etc/pam.conf
+or
+.I /etc/pam.d
+for these PAM features to take effect.
+
+.TP
+.B overlay nssov
+This directive adds the nssov overlay to the current backend.
+.TP
+.B nssov-ssd <service> <url>
+This directive configures a Service Search Descriptor (SSD) for each NSS
+service that will be used.  The <service> may be one of
+.RS
+.nf
+    aliases
+    ethers
+    group
+    hosts
+    netgroup
+    networks
+    passwd
+    protocols
+    rpc
+    services
+    shadow
+.fi
+.RE
+and the <url> must be of the form
+.RS
+.TP
+.B ldap:///[<basedn>][??[<scope>][?<filter>]]
+.RE
+The 
+.B <basedn> 
+will default to the first suffix of the current database.
+The 
+.B <scope> 
+defaults to "subtree". The default 
+.B <filter> 
+depends on which service is being used.
+.TP
+.B nssov-map <service> <orig> <new>
+If the local database is actually a proxy to a foreign LDAP server, some
+mapping of schema may be needed. This directive allows some simple attribute
+substitutions to be performed. See the 
+.B nss-ldapd/README 
+for the original attribute names used in this code.
+.TP
+.B nssov-pam <option> [...]
+This directive determines a number of PAM behaviors. Multiple options may
+be used at once, and available levels are:
+.RS
+.RS
+.PD 0
+.TP
+.B userhost
+check host attribute in user entry for authorization
+.TP
+.B userservice
+check authorizedService attribute in user entry for authorization
+.TP
+.B usergroup
+check that user is a member of specific group for authorization
+.TP
+.B hostservice
+check authorizedService attribute in host entry for authorization
+.TP
+.B authz2dn
+use authz-regexp mapping to map uid to LDAP DN
+.TP
+.B uid2dn
+use NSS passwd SSD to map uid to LDAP DN
+.PD
+.RE
+
+Setting the
+.BR userhost ,
+.BR userservice ,
+and
+.B usergroup
+options duplicates the original pam_ldap authorization behavior.
+
+The recommended approach is to use
+.B hostservice
+instead. In this case, ipHost entries must be created for all hosts
+being managed, and they must also have the authorizedServiceObject
+class to allow authorizedService attributes to be used. Also the
+NSS host SSD must be configured so that ipHost entries can be found.
+Authorization is checked by performing an LDAP Compare operation
+looking for the PAM service name in the authorizedService attribute.
+.B slapd
+ACLs should be set to grant or deny
+.B Compare
+privilege to the appropriate users or groups as desired.
+
+If the
+.B authz2dn
+option is set then authz-regexp mappings will be used to map the
+PAM username to an LDAP DN. The authentication DN will be of the
+form
+.RS
+.B cn=<service>+uid=<user>,cn=<hostname>,cn=pam,cn=auth
+.RE
+
+If no mapping is found for this authentication DN, then this
+mapping will be ignored.
+
+If the
+.B uid2dn
+option is set then the NSS passwd SSD will be used to map the
+PAM username to an LDAP DN. The passwd SSD must have already been
+configured for this mapping to succeed.
+
+If neither the authz2dn nor the uid2dn mapping succeeds, the module
+will return a PAM_USER_UNKNOWN failure code. If both options are set,
+the authz mapping is attempted first; if it succeeds the uid2dn mapping
+will be skipped.
+
+By default only the
+.B uid2dn
+option is set.
+.RE
+.TP
+.B nssov-pam-defhost <hostname>
+Specify a default hostname to check if an ipHost entry for the current
+hostname cannot be found. This setting is only relevant if the 
+.B hostservice
+option has been set.
+.TP
+.B nssov-pam-group-dn <DN>
+Specify the DN of an LDAP group to check for authorization. The LDAP user
+must be a member of this group for the login to be allowed. There is no
+default value. This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-group-ad <attribute>
+Specify the attribute to use for group membership checks.
+There is no default value.  This setting is only relevant if the
+.B usergroup
+option has been set.
+.TP
+.B nssov-pam-min-uid <integer>
+Specify a minimum uid that is allowed to login. Users with a uidNumber
+lower than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-max-uid <integer>
+Specify a maximum uid that is allowed to login. Users with a uidNumber
+higher than this value will be denied access. The default is zero, which
+disables this setting.
+.TP
+.B nssov-pam-template-ad <attribute>
+Specify an attribute to check in a user's entry for a template login name.
+The template login feature is used by FreeBSD's PAM framework. It can be
+viewed as a form of proxying, where a user can authenticate with one
+username/password pair, but is assigned the identity and credentials of
+the template user. This setting is disabled by default.
+.TP
+.B nssov-pam-template <name>
+Specify a default username to be used if no template attribute is found
+in the user's entry. The
+.B nssov-pam-template-ad
+directive must be configured for this setting to have any effect.
+.TP
+.B nssov-pam-session <service>
+Specify a PAM service name whose sessions will be recorded. For the
+configured services, logins will be recorded in the
+.TP
+.B nssov-pam-password-prohibit-message <message>
+Disable password change service and return the specified message to
+users.
+.TP
+.B nssov-pam-pwdmgr-dn <dn>
+Specify the dn of the password manager.
+.TP
+.B nssov-pam-pwdmgr-pwd <pwd>
+Specify the pwd of the password manager.
+.TP
+.B loginStatus
+operational attribute of the user's entry. The attribute's values are
+of the form
+.RS
+.RS
+.B <generalizedTime> <host> <service> <tty> (<ruser@rhost>)
+.RE
+.RE
+Upon logout the corresponding value will be deleted. This feature allows
+a single LDAP Search to be used to check which users are logged in across
+all the hosts of a network. The rootdn of the database is used to perform
+the updates of the loginStatus attribute, so a rootdn must already be
+configured for this feature to work. By default no services are configured.
+.LP
+The PAM functions support LDAP Password Policy as well. If the password
+policy overlay is in use (see
+.BR slapo-ppolicy (5)),
+policy
+information (e.g. password expiration, password quality, etc.)
+may be returned to the PAM client as a result of authentication,
+account management, and password modification requests.
+
+The overlay also supports dynamic configuration in cn=config. An example
+of the config entry is
+.LP 
+.RS
+.nf
+    dn: olcOverlay={0}nssov,ocDatabase={1}mdb,cn=config
+    objectClass: olcOverlayConfig
+    objectClass: olcNssOvConfig
+    olcOverlay: {0}nssov
+    olcNssSsd: passwd ldap:///ou=users,dc=example,dc=com??one
+    olcNssMap: passwd uid accountName
+    olcNssPam: hostservice uid2dn
+    olcNssPamDefHost: defaulthost
+    olcNssPamMinUid: 500
+    olcNssPamMaxUid: 32000
+    olcNssPamSession: login
+    olcNssPamSession: sshd
+.fi
+.RE
+.LP
+which enables the passwd service, and uses the accountName attribute to
+fetch what is usually retrieved from the uid attribute. It also enables
+some PAM authorization controls, and specifies that the PAM
+.B login
+and
+.B sshd
+services should have their logins recorded.
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapd\-ldap (5),
+.BR slapo\-pcache (5),
+.BR slapo\-ppolicy (5),
+.BR slapd (8).
+.SH AUTHOR
+Howard Chu, inspired by nss-ldapd by Arthur de Jong and pam_ldap by Luke Howard
+Enhancements by Ted C. Cheng, Symas Corp.
diff --git a/contrib/slapd-modules/passwd/Makefile b/contrib/slapd-modules/passwd/Makefile
new file mode 100644
index 0000000..6346496
--- /dev/null
+++ b/contrib/slapd-modules/passwd/Makefile
@@ -0,0 +1,70 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = pw-kerberos.la pw-netscape.la pw-radius.la pw-apr1.la
+MANPAGES = slapd-pw-radius.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+pw-kerberos.la:	kerberos.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? -lkrb5
+
+pw-netscape.la:	netscape.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $?
+
+pw-radius.la:	radius.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? -lradius
+
+pw-apr1.la:	apr1.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $?
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/passwd/README b/contrib/slapd-modules/passwd/README
new file mode 100644
index 0000000..069555f
--- /dev/null
+++ b/contrib/slapd-modules/passwd/README
@@ -0,0 +1,69 @@
+This directory contains native slapd plugins for password mechanisms that
+are not actively supported by the project. Currently this includes the
+Kerberos, Netscape MTA-MD5 and RADIUS password mechanisms. The Apache
+APR1 MD5 and BSD/Paul Henning Kamp MD5 mechanisms are also included.
+
+To use the Kerberos plugin, add:
+
+moduleload pw-kerberos.so
+
+to your slapd configuration file.
+
+To use the Netscape plugin, add:
+
+moduleload pw-netscape.so
+
+to your slapd configuration file.
+
+To use the APR1/BSD/MD5 plugin, add:
+
+moduleload pw-apr1.so
+
+to your slapd configuration file.
+
+To use the RADIUS plugin, add:
+
+moduleload pw-radius.so
+
+to your slapd configuration file; optionally, the path to a configuration
+file can be appended in the form
+
+moduleload pw-radius.so config="/etc/radius.conf"
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -DHAVE_KRB5 -o pw-kerberos.so kerberos.c
+
+Replace HAVE_KRB5 with HAVE_KRB4 if you want to use Kerberos IV.
+If your Kerberos header files are not in the C compiler's
+default path, you will need to add a "-I" directive for that as well.
+
+The corresponding command for the Netscape plugin would be:
+
+gcc -shared -I../../../include -Wall -g -o pw-netscape.so netscape.c
+
+The corresponding command for the RADIUS plugin would be:
+
+gcc -shared -I../../../include -Wall -g -o pw-radius.so radius.c -lradius
+
+(Actually, you might want to statically link the RADIUS client library
+libradius.a into the module).
+
+The corresponding command for the APR1 plugin would be:
+
+gcc -shared -I../../../include -Wall -g -o pw-apr1.so apr1.c
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2004-2022 The OpenLDAP Foundation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/passwd/apr1-atol.pl b/contrib/slapd-modules/passwd/apr1-atol.pl
new file mode 100644
index 0000000..d6eaee7
--- /dev/null
+++ b/contrib/slapd-modules/passwd/apr1-atol.pl
@@ -0,0 +1,29 @@
+#!/usr/bin/perl -w

+

+# Apache $apr1$ to OpenLDAP {APR1} hash converter

+# (C) 2011 Devin J. Pohly

+# You may use this code freely.  It would be nice to be credited.

+

+use MIME::Base64;

+

+while (<>) {

+	($user, $hash) = split(/:/, $_);

+	unless ($hash =~ /^\$apr1\$/) {

+		print STDERR "Not an Apache MD5 hash\n";

+		exit 1;

+	}

+

+	chomp $hash;

+	($_,$_,$salt,$hash) = split(/\$/, $hash);

+

+	$hash =~ tr|./0-9A-Za-z|A-Za-z0-9+/|;

+	$hash .= "AA";

+	$hash =~ s/(.)(.)(.)(.)/$4$3$2$1/gs;

+	$hash = decode_base64($hash);

+	$hash =~ s/(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)..(.)/$1$4$7$10$13$15$2$5$8$11$14$16$3$6$9$12/s;

+	$hash .= $salt;

+	$hash = encode_base64($hash);

+	chop $hash;

+

+	print "$user:{APR1}$hash\n";

+}
\ No newline at end of file
diff --git a/contrib/slapd-modules/passwd/apr1-ltoa.pl b/contrib/slapd-modules/passwd/apr1-ltoa.pl
new file mode 100644
index 0000000..ee628ec
--- /dev/null
+++ b/contrib/slapd-modules/passwd/apr1-ltoa.pl
@@ -0,0 +1,31 @@
+#!/usr/bin/perl -w

+

+# OpenLDAP {APR1} to Apache $apr1$ hash converter

+# (C) 2011 Devin J. Pohly

+# You may use this code freely.  It would be nice to be credited.

+

+use MIME::Base64;

+

+while (<>) {

+	($user, $hash) = split(/:/, $_);

+	unless ($hash =~ /^{APR1}/) {

+		print STDERR "Not an Apache MD5 hash\n";

+		next;

+	}

+

+	chomp $hash;

+	$hash = decode_base64(substr($hash, 6));

+	($hash, $salt) = (substr($hash, 0, 16), substr($hash, 16));

+	$hash = $hash;

+	$hash =~ s/(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)(.)/$1$7$13$2$8$14$3$9$15$4$10$16$5$11$6\0\0$12/s;

+	$hash = encode_base64($hash);

+	chomp $hash;

+	$hash =~ s/(.)(.)(.)(.)/$4$3$2$1/gs;

+	unless ($hash =~ /AA$/) {

+		#print "Problem with hash\n";

+		next;

+	}

+	$hash =~ s/AA$//;

+	$hash =~ tr|A-Za-z0-9+/|./0-9A-Za-z|;

+	print "$user:\$apr1\$$salt\$$hash\n"

+}
\ No newline at end of file
diff --git a/contrib/slapd-modules/passwd/apr1.c b/contrib/slapd-modules/passwd/apr1.c
new file mode 100644
index 0000000..36880f3
--- /dev/null
+++ b/contrib/slapd-modules/passwd/apr1.c
@@ -0,0 +1,236 @@
+/* $OpenLDAP$ */
+/*
+ * This file is derived from OpenLDAP Software. All of the modifications to
+ * OpenLDAP Software represented in the following file were developed by
+ * Devin J. Pohly <djpohly@gmail.com>. I have not assigned rights and/or
+ * interest in this work to any party.
+ *
+ * The extensions to OpenLDAP Software herein are subject to the following
+ * notice:
+ *
+ * Copyright 2011 Devin J. Pohly
+ * Portions Copyright 2011 Howard Chu
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP Public
+ * License.
+ *
+ * A portion of this code is used in accordance with the Beer-ware License,
+ * revision 42, as noted.
+ *
+ */
+
+#include "portable.h"
+
+#include <lber.h>
+#include <lber_pvt.h>
+#include "lutil.h"
+#include "lutil_md5.h"
+#include <ac/string.h>
+
+#include <assert.h>
+
+/* the only difference between this and straight PHK is the magic */
+static LUTIL_PASSWD_CHK_FUNC chk_apr1;
+static LUTIL_PASSWD_HASH_FUNC hash_apr1;
+static const struct berval scheme_apr1 = BER_BVC("{APR1}");
+static const struct berval magic_apr1 = BER_BVC("$apr1$");
+
+static LUTIL_PASSWD_CHK_FUNC chk_bsdmd5;
+static LUTIL_PASSWD_HASH_FUNC hash_bsdmd5;
+static const struct berval scheme_bsdmd5 = BER_BVC("{BSDMD5}");
+static const struct berval magic_bsdmd5 = BER_BVC("$1$");
+
+static const unsigned char apr64[] =
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+#define APR_SALT_SIZE	8
+
+/* The algorithm implemented in this function was created by Poul-Henning
+ * Kamp and released under the following license:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+static void do_phk_hash(
+	const struct berval *passwd,
+	const struct berval *salt,
+	const struct berval *magic,
+	unsigned char *digest)
+{
+	lutil_MD5_CTX ctx, ctx1;
+	int n;
+
+	/* Start hashing */
+	lutil_MD5Init(&ctx);
+	lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+	lutil_MD5Update(&ctx, (const unsigned char *) magic->bv_val, magic->bv_len);
+	lutil_MD5Update(&ctx, (const unsigned char *) salt->bv_val, salt->bv_len);
+	/* Inner hash */
+	lutil_MD5Init(&ctx1);
+	lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+	lutil_MD5Update(&ctx1, (const unsigned char *) salt->bv_val, salt->bv_len);
+	lutil_MD5Update(&ctx1, (const unsigned char *) passwd->bv_val, passwd->bv_len);
+	lutil_MD5Final(digest, &ctx1);
+	/* Nom start mixing things up */
+	for (n = passwd->bv_len; n > 0; n -= LUTIL_MD5_BYTES)
+		lutil_MD5Update(&ctx, digest,
+				(n > LUTIL_MD5_BYTES ? LUTIL_MD5_BYTES : n));
+	memset(digest, 0, LUTIL_MD5_BYTES);
+	/* Curiouser and curiouser... */
+	for (n = passwd->bv_len; n; n >>= 1)
+		if (n & 1)
+			lutil_MD5Update(&ctx, digest, 1);
+		else
+			lutil_MD5Update(&ctx, (const unsigned char *) passwd->bv_val, 1);
+	lutil_MD5Final(digest, &ctx);
+	/*
+	 * Repeatedly hash things into the final value. This was originally
+	 * intended to slow the algorithm down.
+	 */
+	for (n = 0; n < 1000; n++) {
+		lutil_MD5Init(&ctx1);
+		if (n & 1)
+			lutil_MD5Update(&ctx1,
+				(const unsigned char *) passwd->bv_val, passwd->bv_len);
+		else
+			lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);
+
+		if (n % 3)
+			lutil_MD5Update(&ctx1,
+				(const unsigned char *) salt->bv_val, salt->bv_len);
+		if (n % 7)
+			lutil_MD5Update(&ctx1,
+				(const unsigned char *) passwd->bv_val, passwd->bv_len);
+
+		if (n & 1)
+			lutil_MD5Update(&ctx1, digest, LUTIL_MD5_BYTES);
+		else
+			lutil_MD5Update(&ctx1,
+				(const unsigned char *) passwd->bv_val, passwd->bv_len);
+		lutil_MD5Final(digest, &ctx1);
+	}
+}
+
+static int chk_phk(
+	const struct berval *magic,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	unsigned char digest[LUTIL_MD5_BYTES];
+	unsigned char *orig_pass;
+	int rc;
+	struct berval salt;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len <= sizeof(digest))
+		return LUTIL_PASSWD_ERR;
+
+	/* base64 un-encode password hash */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if (orig_pass == NULL)
+		return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if (rc <= (int) sizeof(digest)) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	salt.bv_val = (char *) &orig_pass[sizeof(digest)];
+	salt.bv_len = rc - sizeof(digest);
+
+	do_phk_hash(cred, &salt, magic, digest);
+
+	if (text)
+		*text = NULL;
+
+	/* compare */
+	rc = memcmp((char *) orig_pass, (char *) digest, sizeof(digest));
+	ber_memfree(orig_pass);
+	return rc ?  LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_apr1(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_phk(&magic_apr1, passwd, cred, text);
+}
+
+static int chk_bsdmd5(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_phk(&magic_bsdmd5, passwd, cred, text);
+}
+
+static int hash_phk(
+	const struct berval *scheme,
+	const struct berval *magic,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+	unsigned char digest_buf[LUTIL_MD5_BYTES];
+	char salt_buf[APR_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+	int n;
+
+	digest.bv_val = (char *) digest_buf;
+	digest.bv_len = sizeof(digest_buf);
+	salt.bv_val = salt_buf;
+	salt.bv_len = APR_SALT_SIZE;
+
+	/* generate random salt */
+	if (lutil_entropy( (unsigned char *) salt.bv_val, salt.bv_len) < 0)
+		return LUTIL_PASSWD_ERR;
+	/* limit it to characters in the 64-char set */
+	for (n = 0; n < salt.bv_len; n++)
+		salt.bv_val[n] = apr64[salt.bv_val[n] % (sizeof(apr64) - 1)];
+
+	do_phk_hash(passwd, &salt, magic, digest_buf);
+
+	if (text)
+		*text = NULL;
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
+static int hash_apr1(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+	return hash_phk(scheme, &magic_apr1, passwd, hash, text);
+}
+
+static int hash_bsdmd5(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+	return hash_phk(scheme, &magic_bsdmd5, passwd, hash, text);
+}
+
+int init_module(int argc, char *argv[]) {
+	int rc;
+	rc = lutil_passwd_add((struct berval *) &scheme_apr1, chk_apr1, hash_apr1);
+	if ( !rc )
+		rc = lutil_passwd_add((struct berval *) &scheme_bsdmd5,
+			chk_bsdmd5, hash_bsdmd5);
+	return rc;
+}
diff --git a/contrib/slapd-modules/passwd/kerberos.c b/contrib/slapd-modules/passwd/kerberos.c
new file mode 100644
index 0000000..bebcbd0
--- /dev/null
+++ b/contrib/slapd-modules/passwd/kerberos.c
@@ -0,0 +1,211 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <unistd.h>
+
+#include <lber.h>
+#include <lber_pvt.h>	/* BER_BVC definition */
+#include "lutil.h"
+#include <ac/string.h>
+
+#ifdef HAVE_KRB5
+#include <krb5.h>
+#elif defined(HAVE_KRB4)
+#include <krb.h>
+#endif
+
+/* From <ldap_pvt.h> */
+LDAP_F( char *) ldap_pvt_get_fqdn LDAP_P(( char * ));
+
+static LUTIL_PASSWD_CHK_FUNC chk_kerberos;
+static const struct berval scheme = BER_BVC("{KERBEROS}");
+
+static int chk_kerberos(
+	const struct berval *sc,
+	const struct berval * passwd,
+	const struct berval * cred,
+	const char **text )
+{
+	unsigned int i;
+	int rtn;
+
+	for( i=0; i<cred->bv_len; i++) {
+		if(cred->bv_val[i] == '\0') {
+			return LUTIL_PASSWD_ERR;	/* NUL character in password */
+		}
+	}
+
+	if( cred->bv_val[i] != '\0' ) {
+		return LUTIL_PASSWD_ERR;	/* cred must behave like a string */
+	}
+
+	for( i=0; i<passwd->bv_len; i++) {
+		if(passwd->bv_val[i] == '\0') {
+			return LUTIL_PASSWD_ERR;	/* NUL character in password */
+		}
+	}
+
+	if( passwd->bv_val[i] != '\0' ) {
+		return LUTIL_PASSWD_ERR;	/* passwd must behave like a string */
+	}
+
+	rtn = LUTIL_PASSWD_ERR;
+
+#ifdef HAVE_KRB5 /* HAVE_HEIMDAL_KRB5 */
+	{
+/* Portions:
+ * Copyright (c) 1997, 1998, 1999 Kungliga Tekniska H\xf6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+		krb5_context context;
+   		krb5_error_code ret;
+   		krb5_creds creds;
+   		krb5_get_init_creds_opt get_options;
+   		krb5_verify_init_creds_opt verify_options;
+		krb5_principal client, server;
+#ifdef notdef
+		krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP};
+#endif
+
+		ret = krb5_init_context( &context );
+		if (ret) {
+			return LUTIL_PASSWD_ERR;
+		}
+
+#ifdef notdef
+		krb5_get_init_creds_opt_set_preauth_list(&get_options,
+			pre_auth_types, 1);
+#endif
+
+   		krb5_get_init_creds_opt_init( &get_options );
+
+		krb5_verify_init_creds_opt_init( &verify_options );
+	
+		ret = krb5_parse_name( context, passwd->bv_val, &client );
+
+		if (ret) {
+			krb5_free_context( context );
+			return LUTIL_PASSWD_ERR;
+		}
+
+		ret = krb5_get_init_creds_password( context,
+			&creds, client, cred->bv_val, NULL,
+			NULL, 0, NULL, &get_options );
+
+		if (ret) {
+			krb5_free_principal( context, client );
+			krb5_free_context( context );
+			return LUTIL_PASSWD_ERR;
+		}
+
+		{
+			char *host = ldap_pvt_get_fqdn( NULL );
+
+			if( host == NULL ) {
+				krb5_free_principal( context, client );
+				krb5_free_context( context );
+				return LUTIL_PASSWD_ERR;
+			}
+
+			ret = krb5_sname_to_principal( context,
+				host, "ldap", KRB5_NT_SRV_HST, &server );
+
+			ber_memfree( host );
+		}
+
+		if (ret) {
+			krb5_free_principal( context, client );
+			krb5_free_context( context );
+			return LUTIL_PASSWD_ERR;
+		}
+
+		ret = krb5_verify_init_creds( context,
+			&creds, server, NULL, NULL, &verify_options );
+
+		krb5_free_principal( context, client );
+		krb5_free_principal( context, server );
+		krb5_free_cred_contents( context, &creds );
+		krb5_free_context( context );
+
+		rtn = ret ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+	}
+#elif	defined(HAVE_KRB4)
+	{
+		/* Borrowed from Heimdal kpopper */
+/* Portions:
+ * Copyright (c) 1989 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+		int status;
+		char lrealm[REALM_SZ];
+		char tkt[MAXHOSTNAMELEN];
+
+		status = krb_get_lrealm(lrealm,1);
+		if (status == KFAILURE) {
+			return LUTIL_PASSWD_ERR;
+		}
+
+		snprintf(tkt, sizeof(tkt), "%s_slapd.%u",
+			TKT_ROOT, (unsigned)getpid());
+		krb_set_tkt_string (tkt);
+
+		status = krb_verify_user( passwd->bv_val, "", lrealm,
+			cred->bv_val, 1, "ldap");
+
+		dest_tkt(); /* no point in keeping the tickets */
+
+		return status == KFAILURE ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+	}
+#endif
+
+	return rtn;
+}
+
+int init_module(int argc, char *argv[]) {
+	return lutil_passwd_add( (struct berval *)&scheme, chk_kerberos, NULL );
+}
diff --git a/contrib/slapd-modules/passwd/netscape.c b/contrib/slapd-modules/passwd/netscape.c
new file mode 100644
index 0000000..8e2de7b
--- /dev/null
+++ b/contrib/slapd-modules/passwd/netscape.c
@@ -0,0 +1,83 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <unistd.h>
+
+#include <lber.h>
+#include <lber_pvt.h>
+#include "lutil.h"
+#include "lutil_md5.h"
+#include <ac/string.h>
+
+static LUTIL_PASSWD_CHK_FUNC chk_ns_mta_md5;
+static const struct berval scheme = BER_BVC("{NS-MTA-MD5}");
+
+#define NS_MTA_MD5_PASSLEN	64
+static int chk_ns_mta_md5(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text )
+{
+	lutil_MD5_CTX MD5context;
+	unsigned char MD5digest[LUTIL_MD5_BYTES], c;
+	char buffer[LUTIL_MD5_BYTES*2];
+	int i;
+
+	if( passwd->bv_len != NS_MTA_MD5_PASSLEN ) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	lutil_MD5Init(&MD5context);
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &passwd->bv_val[32],
+		32 );
+
+	c = 0x59;
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &c,
+		1 );
+
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) cred->bv_val,
+		cred->bv_len );
+
+	c = 0xF7;
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &c,
+		1 );
+
+	lutil_MD5Update(&MD5context,
+		(const unsigned char *) &passwd->bv_val[32],
+		32 );
+
+	lutil_MD5Final(MD5digest, &MD5context);
+
+	for( i=0; i < sizeof( MD5digest ); i++ ) {
+		buffer[i+i]   = "0123456789abcdef"[(MD5digest[i]>>4) & 0x0F]; 
+		buffer[i+i+1] = "0123456789abcdef"[ MD5digest[i] & 0x0F]; 
+	}
+
+	/* compare */
+	return memcmp((char *)passwd->bv_val,
+		(char *)buffer, sizeof(buffer)) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+int init_module(int argc, char *argv[]) {
+	return lutil_passwd_add( (struct berval *)&scheme, chk_ns_mta_md5, NULL );
+}
diff --git a/contrib/slapd-modules/passwd/pbkdf2/Makefile b/contrib/slapd-modules/passwd/pbkdf2/Makefile
new file mode 100644
index 0000000..6279f50
--- /dev/null
+++ b/contrib/slapd-modules/passwd/pbkdf2/Makefile
@@ -0,0 +1,62 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../../..
+LDAP_BUILD = ../../../..
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+#DEFS = -DSLAPD_PBKDF2_DEBUG
+
+SSL_INC =
+SSL_LIB = -lcrypto
+
+INCS = $(LDAP_INC) $(SSL_INC)
+LIBS = $(LDAP_LIB) $(SSL_LIB)
+
+PROGRAMS = pw-pbkdf2.la
+MANPAGES = slapd-pw-pbkdf2.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all:		$(PROGRAMS)
+
+pw-pbkdf2.la: pw-pbkdf2.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/passwd/pbkdf2/README b/contrib/slapd-modules/passwd/pbkdf2/README
new file mode 100644
index 0000000..d4d99d2
--- /dev/null
+++ b/contrib/slapd-modules/passwd/pbkdf2/README
@@ -0,0 +1,99 @@
+PBKDF2 for OpenLDAP
+=======================
+
+pw-pbkdf2.c provides PBKDF2 key derivation functions in OpenLDAP.
+
+Schemes:
+
+ * {PBKDF2} -  alias to {PBKDF2-SHA1}
+ * {PBKDF2-SHA1}
+ * {PBKDF2-SHA256}
+ * {PBKDF2-SHA512}
+
+# Requirements
+
+  * OpenSSL 1.0.0 or later
+
+# Installations
+
+First, You need to configure and build OpenLDAP.
+
+    $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
+    $ git clone https://github.com/hamano/openldap-pbkdf2.git
+    $ cd openldap-pbkdf2/
+    $ make
+    # make install
+
+# Configuration
+
+In slapd.conf:
+
+    moduleload pw-pbkdf2.so
+
+You can also tell OpenLDAP to use the schemes when processing LDAP
+Password Modify Extended Operations, thanks to the password-hash
+option in slapd.conf. For example:
+
+    password-hash {PBKDF2}
+or
+    password-hash {PBKDF2-SHA256}
+or
+    password-hash {PBKDF2-SHA512}
+
+# Testing
+
+You can get hash to use slappasswd.
+
+    $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
+    {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
+
+A quick way to test whether it's working is to customize the rootdn and
+rootpw in slapd.conf, eg:
+
+    rootdn "cn=Manager,dc=example,dc=com"
+    rootpw {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
+
+Then to test, run something like:
+
+    $ ldapsearch -x -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com" -w secret
+
+# Debugging
+You can specify -DSLAPD_PBKDF2_DEBUG flag for debugging.
+
+# Message Format
+
+    {PBKDF2}<Iteration>$<Adapted Base64 Salt>$<Adapted Base64 DK>
+
+# References
+
+* [RFC 2898 Password-Based Cryptography][^1]
+[^1]: http://tools.ietf.org/html/rfc2898
+
+* [PKCS #5 PBKDF2 Test Vectors][^2]
+[^2]: http://tools.ietf.org/html/draft-josefsson-pbkdf2-test-vectors-06
+
+* [RFC 2307 Using LDAP as a Network Information Service][^3]
+[^3]: http://tools.ietf.org/html/rfc2307
+
+* [Python Passlib][^4]
+[^4]: http://pythonhosted.org/passlib/
+
+* [Adapted Base64 Encoding][^5]
+[^5]: http://pythonhosted.org/passlib/lib/passlib.utils.html#passlib.utils.ab64_encode
+
+# License
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2009-2022 The OpenLDAP Foundation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+# ACKNOWLEDGEMENT
+This work was initially developed by HAMANO Tsukasa <hamano@osstech.co.jp>
diff --git a/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
new file mode 100644
index 0000000..1cc2770
--- /dev/null
+++ b/contrib/slapd-modules/passwd/pbkdf2/pw-pbkdf2.c
@@ -0,0 +1,451 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2009-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by HAMANO Tsukasa <hamano@osstech.co.jp>
+ */
+
+#define _GNU_SOURCE
+
+#include "portable.h"
+#include <ac/string.h>
+#include "lber_pvt.h"
+#include "lutil.h"
+#include <stdio.h>
+#include <stdlib.h>
+
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+#elif HAVE_GNUTLS
+#include <nettle/pbkdf2.h>
+#include <nettle/hmac.h>
+typedef void (*pbkdf2_hmac_update)(void *, unsigned, const uint8_t *);
+typedef void (*pbkdf2_hmac_digest)(void *, unsigned, uint8_t *);
+#else
+#error Unsupported crypto backend.
+#endif
+
+#define PBKDF2_ITERATION 10000
+#define PBKDF2_SALT_SIZE 16
+#define PBKDF2_SHA1_DK_SIZE 20
+#define PBKDF2_SHA256_DK_SIZE 32
+#define PBKDF2_SHA512_DK_SIZE 64
+#define PBKDF2_MAX_DK_SIZE 64
+
+const struct berval pbkdf2_scheme = BER_BVC("{PBKDF2}");
+const struct berval pbkdf2_sha1_scheme = BER_BVC("{PBKDF2-SHA1}");
+const struct berval pbkdf2_sha256_scheme = BER_BVC("{PBKDF2-SHA256}");
+const struct berval pbkdf2_sha512_scheme = BER_BVC("{PBKDF2-SHA512}");
+
+/*
+ * Converting base64 string to adapted base64 string.
+ * Adapted base64 encode is identical to general base64 encode except
+ * that it uses '.' instead of '+', and omits trailing padding '=' and
+ * whitespace.
+ * see http://pythonhosted.org/passlib/lib/passlib.utils.html
+ * This is destructive function.
+ */
+static int b64_to_ab64(char *str)
+{
+	char *p = str;
+	do {
+		if(*p == '+'){
+			*p = '.';
+		}
+		if(*p == '='){
+			*p = '\0';
+		}
+	} while(*p++);
+	return 0;
+}
+
+/*
+ * Converting adapted base64 string to base64 string.
+ * dstsize will require src length + 2, due to output string have
+ * potential to append "=" or "==".
+ * return -1 if few output buffer.
+ */
+static int ab64_to_b64(char *src, char *dst, size_t dstsize){
+	int i;
+	char *p = src;
+	for(i=0; p[i] && p[i] != '$'; i++){
+		if(i >= dstsize){
+			dst[0] = '\0';
+			return -1;
+		}
+		if(p[i] == '.'){
+			dst[i] = '+';
+		}else{
+			dst[i] = p[i];
+		}
+	}
+	for(;i%4;i++){
+		if(i >= dstsize){
+			dst[0] = '\0';
+			return -1;
+		}
+		dst[i] = '=';
+	}
+	dst[i] = '\0';
+	return 0;
+}
+
+static int pbkdf2_format(
+	const struct berval *sc,
+	int iteration,
+	const struct berval *salt,
+	const struct berval *dk,
+	struct berval *msg)
+{
+
+	int rc, msg_len;
+	char salt_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_SALT_SIZE) + 1];
+	char dk_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_MAX_DK_SIZE) + 1];
+
+	rc = lutil_b64_ntop((unsigned char *)salt->bv_val, salt->bv_len,
+						salt_b64, sizeof(salt_b64));
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+	b64_to_ab64(salt_b64);
+	rc = lutil_b64_ntop((unsigned char *)dk->bv_val, dk->bv_len,
+						dk_b64, sizeof(dk_b64));
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+	b64_to_ab64(dk_b64);
+	msg_len = asprintf(&msg->bv_val, "%s%d$%s$%s",
+						   sc->bv_val, iteration,
+						   salt_b64, dk_b64);
+	if(msg_len < 0){
+		msg->bv_len = 0;
+		return LUTIL_PASSWD_ERR;
+	}
+
+	msg->bv_len = msg_len;
+	return LUTIL_PASSWD_OK;
+}
+
+static int pbkdf2_encrypt(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *msg,
+	const char **text)
+{
+	unsigned char salt_value[PBKDF2_SALT_SIZE];
+	struct berval salt;
+	unsigned char dk_value[PBKDF2_MAX_DK_SIZE];
+	struct berval dk;
+	int iteration = PBKDF2_ITERATION;
+	int rc;
+#ifdef HAVE_OPENSSL
+	const EVP_MD *md;
+#elif HAVE_GNUTLS
+	struct hmac_sha1_ctx sha1_ctx;
+	struct hmac_sha256_ctx sha256_ctx;
+	struct hmac_sha512_ctx sha512_ctx;
+	void * current_ctx = NULL;
+	pbkdf2_hmac_update current_hmac_update = NULL;
+	pbkdf2_hmac_digest current_hmac_digest = NULL;
+#endif
+
+	salt.bv_val = (char *)salt_value;
+	salt.bv_len = sizeof(salt_value);
+	dk.bv_val = (char *)dk_value;
+
+#ifdef HAVE_OPENSSL
+	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
+		dk.bv_len = PBKDF2_SHA1_DK_SIZE;
+		md = EVP_sha1();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
+		dk.bv_len = PBKDF2_SHA1_DK_SIZE;
+		md = EVP_sha1();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
+		dk.bv_len = PBKDF2_SHA256_DK_SIZE;
+		md = EVP_sha256();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
+		dk.bv_len = PBKDF2_SHA512_DK_SIZE;
+		md = EVP_sha512();
+	}else{
+		return LUTIL_PASSWD_ERR;
+	}
+#elif HAVE_GNUTLS
+	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
+		dk.bv_len = PBKDF2_SHA1_DK_SIZE;
+		current_ctx = &sha1_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
+		hmac_sha1_set_key(current_ctx, passwd->bv_len, (const uint8_t *) passwd->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
+		dk.bv_len = PBKDF2_SHA1_DK_SIZE;
+		current_ctx = &sha1_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
+		hmac_sha1_set_key(current_ctx, passwd->bv_len, (const uint8_t *) passwd->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
+		dk.bv_len = PBKDF2_SHA256_DK_SIZE;
+		current_ctx = &sha256_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha256_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha256_digest;
+		hmac_sha256_set_key(current_ctx, passwd->bv_len, (const uint8_t *) passwd->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
+		dk.bv_len = PBKDF2_SHA512_DK_SIZE;
+		current_ctx = &sha512_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha512_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha512_digest;
+		hmac_sha512_set_key(current_ctx, passwd->bv_len, (const uint8_t *) passwd->bv_val);
+	}else{
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+
+	if(lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+
+#ifdef HAVE_OPENSSL
+	if(!PKCS5_PBKDF2_HMAC(passwd->bv_val, passwd->bv_len,
+						  (unsigned char *)salt.bv_val, salt.bv_len,
+						  iteration, md, dk.bv_len, dk_value)){
+		return LUTIL_PASSWD_ERR;
+	}
+#elif HAVE_GNUTLS
+	PBKDF2(current_ctx, current_hmac_update, current_hmac_digest,
+						  dk.bv_len, iteration,
+						  salt.bv_len, (const uint8_t *) salt.bv_val,
+						  dk.bv_len, dk_value);
+#endif
+
+#ifdef SLAPD_PBKDF2_DEBUG
+	printf("Encrypt for %s\n", scheme->bv_val);
+	printf("  Password:\t%s\n", passwd->bv_val);
+
+	printf("  Salt:\t\t");
+	int i;
+	for(i=0; i<salt.bv_len; i++){
+		printf("%02x", salt_value[i]);
+	}
+	printf("\n");
+	printf("  Iteration:\t%d\n", iteration);
+
+	printf("  DK:\t\t");
+	for(i=0; i<dk.bv_len; i++){
+		printf("%02x", dk_value[i]);
+	}
+	printf("\n");
+#endif
+
+	rc = pbkdf2_format(scheme, iteration, &salt, &dk, msg);
+
+#ifdef SLAPD_PBKDF2_DEBUG
+	printf("  Output:\t%s\n", msg->bv_val);
+#endif
+
+	return rc;
+}
+
+static int pbkdf2_check(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	int rc;
+	int iteration;
+
+	/* salt_value require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
+	unsigned char salt_value[PBKDF2_SALT_SIZE + 1];
+	char salt_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_SALT_SIZE) + 1];
+	/* dk_value require PBKDF2_MAX_DK_SIZE + 1 in lutil_b64_pton. */
+	unsigned char dk_value[PBKDF2_MAX_DK_SIZE + 1];
+	char dk_b64[LUTIL_BASE64_ENCODE_LEN(PBKDF2_MAX_DK_SIZE) + 1];
+	unsigned char input_dk_value[PBKDF2_MAX_DK_SIZE];
+	size_t dk_len;
+#ifdef HAVE_OPENSSL
+	const EVP_MD *md;
+#elif HAVE_GNUTLS
+	struct hmac_sha1_ctx sha1_ctx;
+	struct hmac_sha256_ctx sha256_ctx;
+	struct hmac_sha512_ctx sha512_ctx;
+	void * current_ctx = NULL;
+	pbkdf2_hmac_update current_hmac_update = NULL;
+	pbkdf2_hmac_digest current_hmac_digest = NULL;
+#endif
+
+#ifdef SLAPD_PBKDF2_DEBUG
+	printf("Checking for %s\n", scheme->bv_val);
+	printf("  Stored Value:\t%s\n", passwd->bv_val);
+	printf("  Input Cred:\t%s\n", cred->bv_val);
+#endif
+
+#ifdef HAVE_OPENSSL
+	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
+		dk_len = PBKDF2_SHA1_DK_SIZE;
+		md = EVP_sha1();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
+		dk_len = PBKDF2_SHA1_DK_SIZE;
+		md = EVP_sha1();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
+		dk_len = PBKDF2_SHA256_DK_SIZE;
+		md = EVP_sha256();
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
+		dk_len = PBKDF2_SHA512_DK_SIZE;
+		md = EVP_sha512();
+	}else{
+		return LUTIL_PASSWD_ERR;
+	}
+#elif HAVE_GNUTLS
+	if(!ber_bvcmp(scheme, &pbkdf2_scheme)){
+		dk_len = PBKDF2_SHA1_DK_SIZE;
+		current_ctx = &sha1_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
+		hmac_sha1_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha1_scheme)){
+		dk_len = PBKDF2_SHA1_DK_SIZE;
+		current_ctx = &sha1_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha1_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha1_digest;
+		hmac_sha1_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha256_scheme)){
+		dk_len = PBKDF2_SHA256_DK_SIZE;
+		current_ctx = &sha256_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha256_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha256_digest;
+		hmac_sha256_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
+	}else if(!ber_bvcmp(scheme, &pbkdf2_sha512_scheme)){
+		dk_len = PBKDF2_SHA512_DK_SIZE;
+		current_ctx = &sha512_ctx;
+		current_hmac_update = (pbkdf2_hmac_update) &hmac_sha512_update;
+		current_hmac_digest = (pbkdf2_hmac_digest) &hmac_sha512_digest;
+		hmac_sha512_set_key(current_ctx, cred->bv_len, (const uint8_t *) cred->bv_val);
+	}else{
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+
+	iteration = atoi(passwd->bv_val);
+	if(iteration < 1){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	char *ptr;
+	ptr = strchr(passwd->bv_val, '$');
+	if(!ptr){
+		return LUTIL_PASSWD_ERR;
+	}
+	ptr++; /* skip '$' */
+	rc = ab64_to_b64(ptr, salt_b64, sizeof(salt_b64));
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	ptr = strchr(ptr, '$');
+	if(!ptr){
+		return LUTIL_PASSWD_ERR;
+	}
+	ptr++; /* skip '$' */
+	rc = ab64_to_b64(ptr, dk_b64, sizeof(dk_b64));
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* The targetsize require PBKDF2_SALT_SIZE + 1 in lutil_b64_pton. */
+	rc = lutil_b64_pton(salt_b64, salt_value, PBKDF2_SALT_SIZE + 1);
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* consistency check */
+	if(rc != PBKDF2_SALT_SIZE){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* The targetsize require PBKDF2_MAX_DK_SIZE + 1 in lutil_b64_pton. */
+	rc = lutil_b64_pton(dk_b64, dk_value, sizeof(dk_value));
+	if(rc < 0){
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* consistency check */
+	if(rc != dk_len){
+		return LUTIL_PASSWD_ERR;
+	}
+
+#ifdef HAVE_OPENSSL
+	if(!PKCS5_PBKDF2_HMAC(cred->bv_val, cred->bv_len,
+						  salt_value, PBKDF2_SALT_SIZE,
+						  iteration, md, dk_len, input_dk_value)){
+		return LUTIL_PASSWD_ERR;
+	}
+#elif HAVE_GNUTLS
+	PBKDF2(current_ctx, current_hmac_update, current_hmac_digest,
+						  dk_len, iteration,
+						  PBKDF2_SALT_SIZE, salt_value,
+						  dk_len, input_dk_value);
+#endif
+
+	rc = memcmp(dk_value, input_dk_value, dk_len);
+#ifdef SLAPD_PBKDF2_DEBUG
+	printf("  Iteration:\t%d\n", iteration);
+	printf("  Base64 Salt:\t%s\n", salt_b64);
+	printf("  Base64 DK:\t%s\n", dk_b64);
+	int i;
+	printf("  Stored Salt:\t");
+	for(i=0; i<PBKDF2_SALT_SIZE; i++){
+		printf("%02x", salt_value[i]);
+	}
+	printf("\n");
+
+	printf("  Stored DK:\t");
+	for(i=0; i<dk_len; i++){
+		printf("%02x", dk_value[i]);
+	}
+	printf("\n");
+
+	printf("  Input DK:\t");
+	for(i=0; i<dk_len; i++){
+		printf("%02x", input_dk_value[i]);
+	}
+	printf("\n");
+	printf("  Result:\t%d\n", rc);
+#endif
+	return rc?LUTIL_PASSWD_ERR:LUTIL_PASSWD_OK;
+}
+
+int init_module(int argc, char *argv[]) {
+	int rc;
+	rc = lutil_passwd_add((struct berval *)&pbkdf2_scheme,
+						  pbkdf2_check, pbkdf2_encrypt);
+	if(rc) return rc;
+	rc = lutil_passwd_add((struct berval *)&pbkdf2_sha1_scheme,
+						  pbkdf2_check, pbkdf2_encrypt);
+	if(rc) return rc;
+
+	rc = lutil_passwd_add((struct berval *)&pbkdf2_sha256_scheme,
+						  pbkdf2_check, pbkdf2_encrypt);
+	if(rc) return rc;
+
+	rc = lutil_passwd_add((struct berval *)&pbkdf2_sha512_scheme,
+						  pbkdf2_check, pbkdf2_encrypt);
+	return rc;
+}
+
+/*
+ * Local variables:
+ * indent-tabs-mode: t
+ * tab-width: 4
+ * c-basic-offset: 4
+ * End:
+ */
diff --git a/contrib/slapd-modules/passwd/pbkdf2/slapd-pw-pbkdf2.5 b/contrib/slapd-modules/passwd/pbkdf2/slapd-pw-pbkdf2.5
new file mode 100644
index 0000000..3bacf62
--- /dev/null
+++ b/contrib/slapd-modules/passwd/pbkdf2/slapd-pw-pbkdf2.5
@@ -0,0 +1,112 @@
+.TH SLAPD-PW-PBKDF2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-pbkdf2 \- PBKDF2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-pbkdf2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-pbkdf2
+module to
+.BR slapd (8)
+provides support for the use of the key stretching function
+PBKDF2 (Password-Based Key Derivation Function 2) following RFC 2898
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {PBKDF2}
+alias to {PBKDF2-SHA1}
+.TP
+.B {PBKDF2-SHA1}
+PBKDF2 using HMAC-SHA-1 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA256}
+PBKDF2 using HMAC-SHA-256 as the underlying pseudorandom function
+.TP
+.B {PBKDF2-SHA512}
+PBKDF2 using HMAC-SHA-512 as the underlying pseudorandom function
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-pbkdf2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{PBKDF2}, {PBKDF2-SHA1}, {PBKDF2-SHA256}, and {PBKDF2-SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+remember to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-pbkdf2
+.LP
+.RE
+Depending on
+.BR pw-pbkdf2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {PBKDF2-SHA512}10000$/oQ4xZi382mk7kvCd3ZdkA$2wqjpuyV2l0U/a1QwoQPOtlQL.UcJGNACj1O24balruqQb/NgPW6OCvvrrJP8.SzA3/5iYvLnwWPzeX8IK/bEQ
+.LP
+userPassword: {PBKDF2-SHA256}10000$jq40ImWtmpTE.aYDYV1GfQ$mpiL4ui02ACmYOAnCjp/MI1gQk50xLbZ54RZneU0fCg
+.LP
+userPassword: {PBKDF2-SHA1}10000$QJTEclnXgh9Cz3ChCWpdAg$9.s98jwFJM.NXJK9ca/oJ5AyoAQ
+.EE
+.LP
+To make {PBKDF2-SHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash   {PBKDF2-SHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been written by Peter Marschall based on the
+module's README file written by HAMANO Tsukasa <hamano@osstech.co.jp>
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
diff --git a/contrib/slapd-modules/passwd/radius.c b/contrib/slapd-modules/passwd/radius.c
new file mode 100644
index 0000000..8474bf5
--- /dev/null
+++ b/contrib/slapd-modules/passwd/radius.c
@@ -0,0 +1,149 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <lber.h>
+#include <lber_pvt.h>	/* BER_BVC definition */
+#include "lutil.h"
+#include <ldap_pvt_thread.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
+
+#include <radlib.h>
+
+extern char *global_host;	/* from slapd */
+static LUTIL_PASSWD_CHK_FUNC chk_radius;
+static const struct berval scheme = BER_BVC("{RADIUS}");
+static char *config_filename;
+static ldap_pvt_thread_mutex_t libradius_mutex;
+
+static int
+chk_radius(
+	const struct berval	*sc,
+	const struct berval	*passwd,
+	const struct berval	*cred,
+	const char		**text )
+{
+	unsigned int		i;
+	int			rc = LUTIL_PASSWD_ERR;
+
+	struct rad_handle	*h = NULL;
+
+	for ( i = 0; i < cred->bv_len; i++ ) {
+		if ( cred->bv_val[ i ] == '\0' ) {
+			return LUTIL_PASSWD_ERR;	/* NUL character in cred */
+		}
+	}
+
+	if ( cred->bv_val[ i ] != '\0' ) {
+		return LUTIL_PASSWD_ERR;	/* cred must behave like a string */
+	}
+
+	for ( i = 0; i < passwd->bv_len; i++ ) {
+		if ( passwd->bv_val[ i ] == '\0' ) {
+			return LUTIL_PASSWD_ERR;	/* NUL character in password */
+		}
+	}
+
+	if ( passwd->bv_val[ i ] != '\0' ) {
+		return LUTIL_PASSWD_ERR;	/* passwd must behave like a string */
+	}
+
+	ldap_pvt_thread_mutex_lock( &libradius_mutex );
+
+	h = rad_auth_open();
+	if ( h == NULL ) {
+		ldap_pvt_thread_mutex_unlock( &libradius_mutex );
+		return LUTIL_PASSWD_ERR;
+	}
+
+	if ( rad_config( h, config_filename ) != 0 ) {
+		goto done;
+	}
+
+	if ( rad_create_request( h, RAD_ACCESS_REQUEST ) ) {
+		goto done;
+	}
+
+	if ( rad_put_string( h, RAD_USER_NAME, passwd->bv_val ) != 0 ) {
+		goto done;
+	}
+
+	if ( rad_put_string( h, RAD_USER_PASSWORD, cred->bv_val ) != 0 ) {
+		goto done;
+	}
+
+	if ( rad_put_string( h, RAD_NAS_IDENTIFIER, global_host ) != 0 ) {
+		goto done;
+	}
+
+	switch ( rad_send_request( h ) ) {
+	case RAD_ACCESS_ACCEPT:
+		rc = LUTIL_PASSWD_OK;
+		break;
+
+	case RAD_ACCESS_REJECT:
+		rc = LUTIL_PASSWD_ERR;
+		break;
+
+	case RAD_ACCESS_CHALLENGE:
+		rc = LUTIL_PASSWD_ERR;
+		break;
+
+	case -1:
+		/* no valid response is received */
+		break;
+	}
+
+done:;
+	rad_close( h );
+
+	ldap_pvt_thread_mutex_unlock( &libradius_mutex );
+	return rc;
+}
+
+int
+term_module()
+{
+	return ldap_pvt_thread_mutex_destroy( &libradius_mutex );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	int	i;
+
+	for ( i = 0; i < argc; i++ ) {
+		if ( strncasecmp( argv[ i ], "config=", STRLENOF( "config=" ) ) == 0 ) {
+			/* FIXME: what if multiple loads of same module?
+			 * does it make sense (e.g. override an existing one)? */
+			if ( config_filename == NULL ) {
+				config_filename = ber_strdup( &argv[ i ][ STRLENOF( "config=" ) ] );
+			}
+
+		} else {
+			fprintf( stderr, "init_module(radius): unknown arg#%d=\"%s\".\n",
+				i, argv[ i ] );
+			return 1;
+		}
+	}
+
+	ldap_pvt_thread_mutex_init( &libradius_mutex );
+
+	return lutil_passwd_add( (struct berval *)&scheme, chk_radius, NULL );
+}
diff --git a/contrib/slapd-modules/passwd/sha2/Makefile b/contrib/slapd-modules/passwd/sha2/Makefile
new file mode 100644
index 0000000..2d20756
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/Makefile
@@ -0,0 +1,59 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = 
+#DEFS = -DSLAPD_SHA2_DEBUG
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = pw-sha2.la
+MANPAGES = slapd-pw-sha2.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all:		$(PROGRAMS)
+
+pw-sha2.la:	slapd-sha2.lo sha2.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/passwd/sha2/README b/contrib/slapd-modules/passwd/sha2/README
new file mode 100644
index 0000000..bab1dcd
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/README
@@ -0,0 +1,144 @@
+SHA-2 OpenLDAP support
+----------------------
+
+slapd-sha2.c provides support for SSHA-512, SSHA-384, SSHA-256,
+SHA-512, SHA-384 and SHA-256 hashed passwords in OpenLDAP. For
+instance, one could have the LDAP attribute:
+
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+
+or:
+
+userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+
+or:
+
+userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+
+all of which encode the password 'secret'.
+
+
+Building
+--------
+
+1) Customize the OPENLDAP variable in Makefile to point to the OpenLDAP
+source root.
+
+For initial testing you might also want to edit DEFS to define
+SLAPD_SHA2_DEBUG, which enables logging to stderr (don't leave this on
+in production, as it prints passwords in cleartext).
+
+2) Run 'make' to produce slapd-sha2.so
+
+3) Copy slapd-sha2.so somewhere permanent.
+
+4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
+
+moduleload ...path/to/slapd-sha2.so
+
+5) Restart slapd.
+
+
+Configuring
+-----------
+
+The {SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384} and {SHA512}
+password schemes should now be recognised.
+
+You can also tell OpenLDAP to use one of these new schemes when processing LDAP
+Password Modify Extended Operations, thanks to the password-hash option in
+slapd.conf. For example:
+
+password-hash	{SSHA512}
+
+
+Testing
+-------
+
+A quick way to test whether it's working is to customize the rootdn and
+rootpw in slapd.conf, eg:
+
+rootdn          "cn=admin,dc=example,dc=com"
+# This encrypts the string 'secret'
+
+rootpw  {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+
+Then to test, run something like:
+
+ldapsearch -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -x -w secret
+
+
+-- Test hashes:
+
+Test hashes can be generated with openssl:
+
+$ echo -n "secret" | openssl dgst -sha256 -binary | openssl enc -base64
+K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+$ echo -n "secret" | openssl dgst -sha384 -binary | openssl enc -base64
+WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+$ echo -n "secret" | openssl dgst -sha512 -binary | openssl enc -base64
+vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cm
+W192CF5bDufKRpayrW/isg==
+
+(join those lines up to form the full hash)
+
+
+
+Alternatively we could modify an existing user's password with
+ldappasswd, and then test binding as that user:
+
+$ ldappasswd -D "cn=admin,dc=example,dc=com" -x -W -S uid=jturner,ou=People,dc=example,dc=com
+New password: secret
+Re-enter new password: secret
+Enter LDAP Password: <cn=admin's password>
+
+$ ldapsearch -b "dc=example,dc=com" -D "uid=jturner,ou=People,dc=example,dc=com" -x -w secret
+
+
+Debugging (SHA-512, SHA-384 and SHA-256 only)
+---------------------------------------------
+
+To see what's going on, recompile with SLAPD_SHA2_DEBUG (use the
+commented-out DEFS in Makefile), and then run slapd from the console
+to see stderr:
+
+$ sudo /etc/init.d/slapd stop
+Stopping OpenLDAP: slapd.
+$ sudo /usr/sbin/slapd -f /etc/ldap/slapd.conf -h ldap://localhost:389 -d stats
+@(#) $OpenLDAP$
+        buildd@palmer:/build/buildd/openldap2.3-2.4.9/debian/build/servers/slapd
+slapd starting
+...
+Validating password
+  Hash scheme:		{SHA256}
+  Password to validate:	secret
+  Password hash:	K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  Stored password hash: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+  Result:		match
+conn=0 op=0 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0
+conn=0 op=0 RESULT tag=97 err=0 text=
+conn=0 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)"
+conn=0 fd=12 closed (connection lost)
+
+---
+
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2009-2022 The OpenLDAP Foundation.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
+---
+
+ACKNOWLEDGEMENT:
+This work was initially developed by Jeff Turner for inclusion in
+OpenLDAP Software, based upon the SHA-2 implementation independently
+developed by Aaron Gifford.
+
diff --git a/contrib/slapd-modules/passwd/sha2/sha2.c b/contrib/slapd-modules/passwd/sha2/sha2.c
new file mode 100644
index 0000000..047741a
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/sha2.c
@@ -0,0 +1,1070 @@
+/* $OpenLDAP$ */
+/*
+ * FILE:	sha2.c
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
+ */
+
+#include <string.h>	/* memcpy()/memset() or bcopy()/bzero() */
+#include <assert.h>	/* assert() */
+#include "sha2.h"
+
+/*
+ * ASSERT NOTE:
+ * Some sanity checking code is included using assert().  On my FreeBSD
+ * system, this additional code can be removed by compiling with NDEBUG
+ * defined.  Check your own systems manpage on assert() to see how to
+ * compile WITHOUT the sanity checking code on your system.
+ *
+ * UNROLLED TRANSFORM LOOP NOTE:
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
+ * loop version for the hash transform rounds (defined using macros
+ * later in this file).  Either define on the command line, for example:
+ *
+ *   cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
+ *
+ * or define below:
+ *
+ *   #define SHA2_UNROLL_TRANSFORM
+ *
+ */
+
+
+/*** SHA-256/384/512 Machine Architecture Definitions *****************/
+/*
+ * BYTE_ORDER NOTE:
+ *
+ * Please make sure that your system defines BYTE_ORDER.  If your
+ * architecture is little-endian, make sure it also defines
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
+ * equivalent.
+ *
+ * If your system does not define the above, then you can do so by
+ * hand like this:
+ *
+ *   #define LITTLE_ENDIAN 1234
+ *   #define BIG_ENDIAN    4321
+ *
+ * And for little-endian machines, add:
+ *
+ *   #define BYTE_ORDER LITTLE_ENDIAN 
+ *
+ * Or for big-endian machines:
+ *
+ *   #define BYTE_ORDER BIG_ENDIAN
+ *
+ * The FreeBSD machine this was written on defines BYTE_ORDER
+ * appropriately by including <sys/types.h> (which in turn includes
+ * <machine/endian.h> where the appropriate definitions are actually
+ * made).
+ */
+#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
+#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
+#endif
+
+/*
+ * Define the followingsha2_* types to types of the correct length on
+ * the native architecture.   Most BSD systems and Linux define u_intXX_t
+ * types.  Machines with very recent ANSI C headers, can use the
+ * uintXX_t definitions from inttypes.h by defining SHA2_USE_INTTYPES_H
+ * during compile or in the sha.h header file.
+ *
+ * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
+ * will need to define these three typedefs below (and the appropriate
+ * ones in sha.h too) by hand according to their system architecture.
+ *
+ * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
+ * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
+ */
+#ifdef SHA2_USE_INTTYPES_H
+
+typedef uint8_t  sha2_byte;	/* Exactly 1 byte */
+typedef uint32_t sha2_word32;	/* Exactly 4 bytes */
+typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
+
+#else /* SHA2_USE_INTTYPES_H */
+
+typedef u_int8_t  sha2_byte;	/* Exactly 1 byte */
+typedef u_int32_t sha2_word32;	/* Exactly 4 bytes */
+typedef u_int64_t sha2_word64;	/* Exactly 8 bytes */
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+/* NOTE: Most of these are in sha2.h */
+#define SHA256_SHORT_BLOCK_LENGTH	(SHA256_BLOCK_LENGTH - 8)
+#define SHA384_SHORT_BLOCK_LENGTH	(SHA384_BLOCK_LENGTH - 16)
+#define SHA512_SHORT_BLOCK_LENGTH	(SHA512_BLOCK_LENGTH - 16)
+
+
+/*** ENDIAN REVERSAL MACROS *******************************************/
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define REVERSE32(w,x)	{ \
+	sha2_word32 tmp = (w); \
+	tmp = (tmp >> 16) | (tmp << 16); \
+	(x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
+}
+#define REVERSE64(w,x)	{ \
+	sha2_word64 tmp = (w); \
+	tmp = (tmp >> 32) | (tmp << 32); \
+	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
+	      ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
+	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
+	      ((tmp & 0x0000ffff0000ffffULL) << 16); \
+}
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+/*
+ * Macro for incrementally adding the unsigned 64-bit integer n to the
+ * unsigned 128-bit integer (represented using a two-element array of
+ * 64-bit words):
+ */
+#define ADDINC128(w,n)	{ \
+	(w)[0] += (sha2_word64)(n); \
+	if ((w)[0] < (n)) { \
+		(w)[1]++; \
+	} \
+}
+
+/*
+ * Macros for copying blocks of memory and for zeroing out ranges
+ * of memory.  Using these macros makes it easy to switch from
+ * using memset()/memcpy() and using bzero()/bcopy().
+ *
+ * Please define either SHA2_USE_MEMSET_MEMCPY or define
+ * SHA2_USE_BZERO_BCOPY depending on which function set you
+ * choose to use:
+ */
+#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
+/* Default to memset()/memcpy() if no option is specified */
+#define	SHA2_USE_MEMSET_MEMCPY	1
+#endif
+#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
+/* Abort with an error if BOTH options are defined */
+#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
+#endif
+
+#ifdef SHA2_USE_MEMSET_MEMCPY
+#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
+#define MEMCPY_BCOPY(d,s,l)	memcpy((d), (s), (l))
+#endif
+#ifdef SHA2_USE_BZERO_BCOPY
+#define MEMSET_BZERO(p,l)	bzero((p), (l))
+#define MEMCPY_BCOPY(d,s,l)	bcopy((s), (d), (l))
+#endif
+
+
+/*** THE SIX LOGICAL FUNCTIONS ****************************************/
+/*
+ * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
+ *
+ *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
+ *   S is a ROTATION) because the SHA-256/384/512 description document
+ *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
+ *   same "backwards" definition.
+ */
+/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+#define R(b,x) 		((x) >> (b))
+/* 32-bit Rotate-right (used in SHA-256): */
+#define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
+/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
+#define S64(b,x)	(((x) >> (b)) | ((x) << (64 - (b))))
+
+/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
+#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+/* Four of six logical functions used in SHA-256: */
+#define Sigma0_256(x)	(S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
+#define Sigma1_256(x)	(S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
+#define sigma0_256(x)	(S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
+#define sigma1_256(x)	(S32(17, (x)) ^ S32(19, (x)) ^ R(10,   (x)))
+
+/* Four of six logical functions used in SHA-384 and SHA-512: */
+#define Sigma0_512(x)	(S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
+#define Sigma1_512(x)	(S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
+#define sigma0_512(x)	(S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7,   (x)))
+#define sigma1_512(x)	(S64(19, (x)) ^ S64(61, (x)) ^ R( 6,   (x)))
+
+/*** INTERNAL FUNCTION PROTOTYPES *************************************/
+/* NOTE: These should not be accessed directly from outside this
+ * library -- they are intended for private internal visibility/use
+ * only.
+ */
+static void SHA512_Last(SHA512_CTX*);
+static void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
+static void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
+
+
+/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
+/* Hash constant words K for SHA-256: */
+const static sha2_word32 K256[64] = {
+	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/* Initial hash value H for SHA-256: */
+const static sha2_word32 sha256_initial_hash_value[8] = {
+	0x6a09e667UL,
+	0xbb67ae85UL,
+	0x3c6ef372UL,
+	0xa54ff53aUL,
+	0x510e527fUL,
+	0x9b05688cUL,
+	0x1f83d9abUL,
+	0x5be0cd19UL
+};
+
+/* Hash constant words K for SHA-384 and SHA-512: */
+const static sha2_word64 K512[80] = {
+	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
+	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
+	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
+	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
+	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
+	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
+	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
+	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
+	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
+	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
+	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
+	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
+	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
+	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
+	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
+	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
+	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
+	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
+	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
+	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
+	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
+	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
+	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
+	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
+	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
+	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
+	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
+	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
+	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
+	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
+	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
+	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
+	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+};
+
+/* Initial hash value H for SHA-384 */
+const static sha2_word64 sha384_initial_hash_value[8] = {
+	0xcbbb9d5dc1059ed8ULL,
+	0x629a292a367cd507ULL,
+	0x9159015a3070dd17ULL,
+	0x152fecd8f70e5939ULL,
+	0x67332667ffc00b31ULL,
+	0x8eb44a8768581511ULL,
+	0xdb0c2e0d64f98fa7ULL,
+	0x47b5481dbefa4fa4ULL
+};
+
+/* Initial hash value H for SHA-512 */
+const static sha2_word64 sha512_initial_hash_value[8] = {
+	0x6a09e667f3bcc908ULL,
+	0xbb67ae8584caa73bULL,
+	0x3c6ef372fe94f82bULL,
+	0xa54ff53a5f1d36f1ULL,
+	0x510e527fade682d1ULL,
+	0x9b05688c2b3e6c1fULL,
+	0x1f83d9abfb41bd6bULL,
+	0x5be0cd19137e2179ULL
+};
+
+/*
+ * Constant used by SHA256/384/512_End() functions for converting the
+ * digest to a readable hexadecimal character string:
+ */
+static const char *sha2_hex_digits = "0123456789abcdef";
+
+
+/*** SHA-256: *********************************************************/
+void SHA256_Init(SHA256_CTX* context) {
+	if (context == (SHA256_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
+	context->bitcount = 0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-256 round macros: */
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
+	REVERSE32(*data++, W256[j]); \
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+             K256[j] + W256[j]; \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
+	     K256[j] + (W256[j] = *data++); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND256(a,b,c,d,e,f,g,h)	\
+	s0 = W256[(j+1)&0x0f]; \
+	s0 = sigma0_256(s0); \
+	s1 = W256[(j+14)&0x0f]; \
+	s1 = sigma1_256(s1); \
+	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
+	     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
+	j++
+
+void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
+	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word32	T1, *W256;
+	int		j;
+
+	W256 = (sha2_word32*)context->buffer;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+		/* Rounds 0 to 15 (unrolled): */
+		ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
+		ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
+		ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
+		ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
+		ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
+		ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
+		ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
+		ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
+	} while (j < 16);
+
+	/* Now for the remaining rounds to 64: */
+	do {
+		ROUND256(a,b,c,d,e,f,g,h);
+		ROUND256(h,a,b,c,d,e,f,g);
+		ROUND256(g,h,a,b,c,d,e,f);
+		ROUND256(f,g,h,a,b,c,d,e);
+		ROUND256(e,f,g,h,a,b,c,d);
+		ROUND256(d,e,f,g,h,a,b,c);
+		ROUND256(c,d,e,f,g,h,a,b);
+		ROUND256(b,c,d,e,f,g,h,a);
+	} while (j < 64);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = 0;
+}
+
+#else /* SHA2_UNROLL_TRANSFORM */
+
+void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
+	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word32	T1, T2, *W256;
+	int		j;
+
+	W256 = (sha2_word32*)context->buffer;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Copy data while converting to host byte order */
+		REVERSE32(*data++,W256[j]);
+		/* Apply the SHA-256 compression function to update a..h */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+		/* Apply the SHA-256 compression function to update a..h with copy */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+		T2 = Sigma0_256(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 16);
+
+	do {
+		/* Part of the message block expansion: */
+		s0 = W256[(j+1)&0x0f];
+		s0 = sigma0_256(s0);
+		s1 = W256[(j+14)&0x0f];	
+		s1 = sigma1_256(s1);
+
+		/* Apply the SHA-256 compression function to update a..h */
+		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 
+		     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
+		T2 = Sigma0_256(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 64);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = T2 = 0;
+}
+
+#endif /* SHA2_UNROLL_TRANSFORM */
+
+void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
+	unsigned int	freespace, usedspace;
+
+	if (len == 0) {
+		/* Calling with no data is valid - we do nothing */
+		return;
+	}
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
+
+	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	if (usedspace > 0) {
+		/* Calculate how much free space is available in the buffer */
+		freespace = SHA256_BLOCK_LENGTH - usedspace;
+
+		if (len >= freespace) {
+			/* Fill the buffer completely and process it */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+			context->bitcount += freespace << 3;
+			len -= freespace;
+			data += freespace;
+			SHA256_Transform(context, (sha2_word32*)context->buffer);
+		} else {
+			/* The buffer is not yet full */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+			context->bitcount += len << 3;
+			/* Clean up: */
+			usedspace = freespace = 0;
+			return;
+		}
+	}
+	while (len >= SHA256_BLOCK_LENGTH) {
+		/* Process as many complete blocks as we can */
+		SHA256_Transform(context, (sha2_word32*)data);
+		context->bitcount += SHA256_BLOCK_LENGTH << 3;
+		len -= SHA256_BLOCK_LENGTH;
+		data += SHA256_BLOCK_LENGTH;
+	}
+	if (len > 0) {
+		/* There's left-overs, so save 'em */
+		MEMCPY_BCOPY(context->buffer, data, len);
+		context->bitcount += len << 3;
+	}
+	/* Clean up: */
+	usedspace = freespace = 0;
+}
+
+void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
+	sha2_word32	*d = (sha2_word32*)digest;
+	sha2_word64 *p;
+	unsigned int	usedspace;
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Convert FROM host byte order */
+		REVERSE64(context->bitcount,context->bitcount);
+#endif
+		if (usedspace > 0) {
+			/* Begin padding with a 1 bit: */
+			context->buffer[usedspace++] = 0x80;
+
+			if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
+				/* Set-up for the last transform: */
+				MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
+			} else {
+				if (usedspace < SHA256_BLOCK_LENGTH) {
+					MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
+				}
+				/* Do second-to-last transform: */
+				SHA256_Transform(context, (sha2_word32*)context->buffer);
+
+				/* And set-up for the last transform: */
+				MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
+			}
+		} else {
+			/* Set-up for the last transform: */
+			MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
+
+			/* Begin padding with a 1 bit: */
+			*context->buffer = 0x80;
+		}
+		/* Set the bit count: */
+		p = (sha2_word64 *)&context->buffer[SHA256_SHORT_BLOCK_LENGTH];
+		*p = context->bitcount;
+
+		/* Final transform: */
+		SHA256_Transform(context, (sha2_word32*)context->buffer);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 8; j++) {
+				REVERSE32(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Clean up state data: */
+	MEMSET_BZERO(context, sizeof(*context));
+	usedspace = 0;
+}
+
+char *SHA256_End(SHA256_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA256_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA256_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA256_Final(digest, context);
+
+		for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(*context));
+	}
+	MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
+	SHA256_CTX	context;
+
+	SHA256_Init(&context);
+	SHA256_Update(&context, data, len);
+	return SHA256_End(&context, digest);
+}
+
+
+/*** SHA-512: *********************************************************/
+void SHA512_Init(SHA512_CTX* context) {
+	if (context == (SHA512_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
+	context->bitcount[0] = context->bitcount[1] =  0;
+}
+
+#ifdef SHA2_UNROLL_TRANSFORM
+
+/* Unrolled SHA-512 round macros: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+
+#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
+	REVERSE64(*data++, W512[j]); \
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+             K512[j] + W512[j]; \
+	(d) += T1, \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
+	j++
+
+
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
+             K512[j] + (W512[j] = *data++); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+	j++
+
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+
+#define ROUND512(a,b,c,d,e,f,g,h)	\
+	s0 = W512[(j+1)&0x0f]; \
+	s0 = sigma0_512(s0); \
+	s1 = W512[(j+14)&0x0f]; \
+	s1 = sigma1_512(s1); \
+	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
+             (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
+	(d) += T1; \
+	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
+	j++
+
+void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
+	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word64	T1, *W512 = (sha2_word64*)context->buffer;
+	int		j;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+		ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
+		ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
+		ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
+		ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
+		ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
+		ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
+		ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
+		ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
+	} while (j < 16);
+
+	/* Now for the remaining rounds up to 79: */
+	do {
+		ROUND512(a,b,c,d,e,f,g,h);
+		ROUND512(h,a,b,c,d,e,f,g);
+		ROUND512(g,h,a,b,c,d,e,f);
+		ROUND512(f,g,h,a,b,c,d,e);
+		ROUND512(e,f,g,h,a,b,c,d);
+		ROUND512(d,e,f,g,h,a,b,c);
+		ROUND512(c,d,e,f,g,h,a,b);
+		ROUND512(b,c,d,e,f,g,h,a);
+	} while (j < 80);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = 0;
+}
+
+#else /* SHA2_UNROLL_TRANSFORM */
+
+void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
+	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
+	sha2_word64	T1, T2, *W512 = (sha2_word64*)context->buffer;
+	int		j;
+
+	/* Initialize registers with the prev. intermediate value */
+	a = context->state[0];
+	b = context->state[1];
+	c = context->state[2];
+	d = context->state[3];
+	e = context->state[4];
+	f = context->state[5];
+	g = context->state[6];
+	h = context->state[7];
+
+	j = 0;
+	do {
+#if BYTE_ORDER == LITTLE_ENDIAN
+		/* Convert TO host byte order */
+		REVERSE64(*data++, W512[j]);
+		/* Apply the SHA-512 compression function to update a..h */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
+#else /* BYTE_ORDER == LITTLE_ENDIAN */
+		/* Apply the SHA-512 compression function to update a..h with copy */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
+#endif /* BYTE_ORDER == LITTLE_ENDIAN */
+		T2 = Sigma0_512(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 16);
+
+	do {
+		/* Part of the message block expansion: */
+		s0 = W512[(j+1)&0x0f];
+		s0 = sigma0_512(s0);
+		s1 = W512[(j+14)&0x0f];
+		s1 =  sigma1_512(s1);
+
+		/* Apply the SHA-512 compression function to update a..h */
+		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
+		     (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
+		T2 = Sigma0_512(a) + Maj(a, b, c);
+		h = g;
+		g = f;
+		f = e;
+		e = d + T1;
+		d = c;
+		c = b;
+		b = a;
+		a = T1 + T2;
+
+		j++;
+	} while (j < 80);
+
+	/* Compute the current intermediate hash value */
+	context->state[0] += a;
+	context->state[1] += b;
+	context->state[2] += c;
+	context->state[3] += d;
+	context->state[4] += e;
+	context->state[5] += f;
+	context->state[6] += g;
+	context->state[7] += h;
+
+	/* Clean up */
+	a = b = c = d = e = f = g = h = T1 = T2 = 0;
+}
+
+#endif /* SHA2_UNROLL_TRANSFORM */
+
+void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
+	unsigned int	freespace, usedspace;
+
+	if (len == 0) {
+		/* Calling with no data is valid - we do nothing */
+		return;
+	}
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
+
+	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
+	if (usedspace > 0) {
+		/* Calculate how much free space is available in the buffer */
+		freespace = SHA512_BLOCK_LENGTH - usedspace;
+
+		if (len >= freespace) {
+			/* Fill the buffer completely and process it */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
+			ADDINC128(context->bitcount, freespace << 3);
+			len -= freespace;
+			data += freespace;
+			SHA512_Transform(context, (sha2_word64*)context->buffer);
+		} else {
+			/* The buffer is not yet full */
+			MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
+			ADDINC128(context->bitcount, len << 3);
+			/* Clean up: */
+			usedspace = freespace = 0;
+			return;
+		}
+	}
+	while (len >= SHA512_BLOCK_LENGTH) {
+		/* Process as many complete blocks as we can */
+		SHA512_Transform(context, (sha2_word64*)data);
+		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
+		len -= SHA512_BLOCK_LENGTH;
+		data += SHA512_BLOCK_LENGTH;
+	}
+	if (len > 0) {
+		/* There's left-overs, so save 'em */
+		MEMCPY_BCOPY(context->buffer, data, len);
+		ADDINC128(context->bitcount, len << 3);
+	}
+	/* Clean up: */
+	usedspace = freespace = 0;
+}
+
+void SHA512_Last(SHA512_CTX* context) {
+	sha2_word64 *p;
+	unsigned int	usedspace;
+
+	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
+#if BYTE_ORDER == LITTLE_ENDIAN
+	/* Convert FROM host byte order */
+	REVERSE64(context->bitcount[0],context->bitcount[0]);
+	REVERSE64(context->bitcount[1],context->bitcount[1]);
+#endif
+	if (usedspace > 0) {
+		/* Begin padding with a 1 bit: */
+		context->buffer[usedspace++] = 0x80;
+
+		if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
+			/* Set-up for the last transform: */
+			MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
+		} else {
+			if (usedspace < SHA512_BLOCK_LENGTH) {
+				MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
+			}
+			/* Do second-to-last transform: */
+			SHA512_Transform(context, (sha2_word64*)context->buffer);
+
+			/* And set-up for the last transform: */
+			MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
+		}
+	} else {
+		/* Prepare for final transform: */
+		MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
+
+		/* Begin padding with a 1 bit: */
+		*context->buffer = 0x80;
+	}
+	/* Store the length of input data (in bits): */
+	p = (sha2_word64 *)&context->buffer[SHA512_SHORT_BLOCK_LENGTH];
+	p[0] = context->bitcount[1];
+	p[1] = context->bitcount[0];
+
+	/* Final transform: */
+	SHA512_Transform(context, (sha2_word64*)context->buffer);
+}
+
+void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
+	sha2_word64	*d = (sha2_word64*)digest;
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		SHA512_Last(context);
+
+		/* Save the hash data for output: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 8; j++) {
+				REVERSE64(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Zero out state data */
+	MEMSET_BZERO(context, sizeof(*context));
+}
+
+char *SHA512_End(SHA512_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA512_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA512_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA512_Final(digest, context);
+
+		for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(*context));
+	}
+	MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
+	SHA512_CTX	context;
+
+	SHA512_Init(&context);
+	SHA512_Update(&context, data, len);
+	return SHA512_End(&context, digest);
+}
+
+
+/*** SHA-384: *********************************************************/
+void SHA384_Init(SHA384_CTX* context) {
+	if (context == (SHA384_CTX*)0) {
+		return;
+	}
+	MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
+	MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
+	context->bitcount[0] = context->bitcount[1] = 0;
+}
+
+void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
+	SHA512_Update((SHA512_CTX*)context, data, len);
+}
+
+void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
+	sha2_word64	*d = (sha2_word64*)digest;
+
+	/* Sanity check: */
+	assert(context != (SHA384_CTX*)0);
+
+	/* If no digest buffer is passed, we don't bother doing this: */
+	if (digest != (sha2_byte*)0) {
+		SHA512_Last((SHA512_CTX*)context);
+
+		/* Save the hash data for output: */
+#if BYTE_ORDER == LITTLE_ENDIAN
+		{
+			/* Convert TO host byte order */
+			int	j;
+			for (j = 0; j < 6; j++) {
+				REVERSE64(context->state[j],context->state[j]);
+				*d++ = context->state[j];
+			}
+		}
+#else
+		MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
+#endif
+	}
+
+	/* Zero out state data */
+	MEMSET_BZERO(context, sizeof(*context));
+}
+
+char *SHA384_End(SHA384_CTX* context, char buffer[]) {
+	sha2_byte	digest[SHA384_DIGEST_LENGTH], *d = digest;
+	int		i;
+
+	/* Sanity check: */
+	assert(context != (SHA384_CTX*)0);
+
+	if (buffer != (char*)0) {
+		SHA384_Final(digest, context);
+
+		for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
+			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
+			*buffer++ = sha2_hex_digits[*d & 0x0f];
+			d++;
+		}
+		*buffer = (char)0;
+	} else {
+		MEMSET_BZERO(context, sizeof(*context));
+	}
+	MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
+	return buffer;
+}
+
+char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
+	SHA384_CTX	context;
+
+	SHA384_Init(&context);
+	SHA384_Update(&context, data, len);
+	return SHA384_End(&context, digest);
+}
+
diff --git a/contrib/slapd-modules/passwd/sha2/sha2.h b/contrib/slapd-modules/passwd/sha2/sha2.h
new file mode 100644
index 0000000..7fff142
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/sha2.h
@@ -0,0 +1,236 @@
+/* $OpenLDAP$ */
+/*
+ * FILE:	sha2.h
+ * AUTHOR:	Aaron D. Gifford - http://www.aarongifford.com/
+ * 
+ * Copyright (c) 2000-2001, Aaron D. Gifford
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the copyright holder nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $
+ */
+
+#ifndef __SHA2_H__
+#define __SHA2_H__
+
+#include "portable.h"
+
+#ifdef HAVE_INTTYPES_H
+#  define SHA2_USE_INTTYPES_H 1
+#endif
+
+#ifndef LITTLE_ENDIAN
+#  define LITTLE_ENDIAN 1234
+#endif
+#ifndef BIG_ENDIAN
+#  define BIG_ENDIAN    4321
+#endif
+#ifndef BYTE_ORDER
+#  ifdef WORDS_BIGENDIAN
+#    define BYTE_ORDER BIG_ENDIAN
+#  else
+#    define BYTE_ORDER LITTLE_ENDIAN
+#  endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Import u_intXX_t size_t type definitions from system headers.  You
+ * may need to change this, or define these things yourself in this
+ * file.
+ */
+#include <sys/types.h>
+
+#ifdef SHA2_USE_INTTYPES_H
+
+#include <inttypes.h>
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+
+/*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA256_BLOCK_LENGTH		64
+#define SHA256_DIGEST_LENGTH		32
+#define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
+#define SHA384_BLOCK_LENGTH		128
+#define SHA384_DIGEST_LENGTH		48
+#define SHA384_DIGEST_STRING_LENGTH	(SHA384_DIGEST_LENGTH * 2 + 1)
+#define SHA512_BLOCK_LENGTH		128
+#define SHA512_DIGEST_LENGTH		64
+#define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+
+
+/*** SHA-256/384/512 Context Structures *******************************/
+/* NOTE: If your architecture does not define either u_intXX_t types or
+ * uintXX_t (from inttypes.h), you may need to define things by hand
+ * for your system:
+ */
+#if 0
+typedef unsigned char u_int8_t;		/* 1-byte  (8-bits)  */
+typedef unsigned int u_int32_t;		/* 4-bytes (32-bits) */
+typedef unsigned long long u_int64_t;	/* 8-bytes (64-bits) */
+#endif
+/*
+ * Most BSD systems already define u_intXX_t types, as does Linux.
+ * Some systems, however, like Compaq's Tru64 Unix instead can use
+ * uintXX_t types defined by very recent ANSI C standards and included
+ * in the file:
+ *
+ *   #include <inttypes.h>
+ *
+ * If you choose to use <inttypes.h> then please define: 
+ *
+ *   #define SHA2_USE_INTTYPES_H
+ *
+ * Or on the command line during compile:
+ *
+ *   cc -DSHA2_USE_INTTYPES_H ...
+ */
+#ifdef SHA2_USE_INTTYPES_H
+
+typedef struct _SHA256_CTX {
+	uint32_t	state[8];
+	uint64_t	bitcount;
+	uint8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	uint64_t	state[8];
+	uint64_t	bitcount[2];
+	uint8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#else /* SHA2_USE_INTTYPES_H */
+
+typedef struct _SHA256_CTX {
+	u_int32_t	state[8];
+	u_int64_t	bitcount;
+	u_int8_t	buffer[SHA256_BLOCK_LENGTH];
+} SHA256_CTX;
+typedef struct _SHA512_CTX {
+	u_int64_t	state[8];
+	u_int64_t	bitcount[2];
+	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+typedef SHA512_CTX SHA384_CTX;
+
+
+/*** SHA-256/384/512 Function Prototypes ******************************/
+/* avoid symbol clash with other crypto libs */
+#define SHA256_Init		pw_SHA256_Init
+#define SHA256_Update	pw_SHA256_Update
+#define SHA256_Final	pw_SHA256_Final
+#define SHA256_End		pw_SHA256_End
+#define SHA256_Data		pw_SHA256_Data
+
+#define SHA384_Init		pw_SHA384_Init
+#define SHA384_Update	pw_SHA384_Update
+#define SHA384_Final	pw_SHA384_Final
+#define SHA384_End		pw_SHA384_End
+#define SHA384_Data		pw_SHA384_Data
+
+#define SHA512_Init		pw_SHA512_Init
+#define SHA512_Update	pw_SHA512_Update
+#define SHA512_Final	pw_SHA512_Final
+#define SHA512_End		pw_SHA512_End
+#define SHA512_Data		pw_SHA512_Data
+
+#ifndef NOPROTO
+#ifdef SHA2_USE_INTTYPES_H
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const uint8_t*, size_t);
+void SHA256_Final(uint8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const uint8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const uint8_t*, size_t);
+void SHA384_Final(uint8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const uint8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const uint8_t*, size_t);
+void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const uint8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#else /* SHA2_USE_INTTYPES_H */
+
+void SHA256_Init(SHA256_CTX *);
+void SHA256_Update(SHA256_CTX*, const u_int8_t*, size_t);
+void SHA256_Final(u_int8_t[SHA256_DIGEST_LENGTH], SHA256_CTX*);
+char* SHA256_End(SHA256_CTX*, char[SHA256_DIGEST_STRING_LENGTH]);
+char* SHA256_Data(const u_int8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
+
+void SHA384_Init(SHA384_CTX*);
+void SHA384_Update(SHA384_CTX*, const u_int8_t*, size_t);
+void SHA384_Final(u_int8_t[SHA384_DIGEST_LENGTH], SHA384_CTX*);
+char* SHA384_End(SHA384_CTX*, char[SHA384_DIGEST_STRING_LENGTH]);
+char* SHA384_Data(const u_int8_t*, size_t, char[SHA384_DIGEST_STRING_LENGTH]);
+
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, const u_int8_t*, size_t);
+void SHA512_Final(u_int8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+char* SHA512_End(SHA512_CTX*, char[SHA512_DIGEST_STRING_LENGTH]);
+char* SHA512_Data(const u_int8_t*, size_t, char[SHA512_DIGEST_STRING_LENGTH]);
+
+#endif /* SHA2_USE_INTTYPES_H */
+
+#else /* NOPROTO */
+
+void SHA256_Init();
+void SHA256_Update();
+void SHA256_Final();
+char* SHA256_End();
+char* SHA256_Data();
+
+void SHA384_Init();
+void SHA384_Update();
+void SHA384_Final();
+char* SHA384_End();
+char* SHA384_Data();
+
+void SHA512_Init();
+void SHA512_Update();
+void SHA512_Final();
+char* SHA512_End();
+char* SHA512_Data();
+
+#endif /* NOPROTO */
+
+#ifdef	__cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __SHA2_H__ */
+
diff --git a/contrib/slapd-modules/passwd/sha2/slapd-pw-sha2.5 b/contrib/slapd-modules/passwd/sha2/slapd-pw-sha2.5
new file mode 100644
index 0000000..f700b52
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/slapd-pw-sha2.5
@@ -0,0 +1,118 @@
+.TH SLAPD-PW-SHA2 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-sha2 \- SHA-2 password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-sha2
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-sha2
+module to
+.BR slapd (8)
+provides support for the use of SSHA-512, SSHA-384, SSHA-256, SHA-512,
+SHA-384 and SHA-256 from the SHA-2 family (FIPS 180-2) of hash functions
+in hashed passwords in OpenLDAP.
+.LP
+It does so by providing the following additional password schemes for use in slapd:
+.RS
+.TP
+.B {SSHA256}
+SHA-256 with salt, giving hash values of 256 bits length
+.TP
+.B {SHA256}
+plain SHA-256 giving hash values of 256 bits length
+.TP
+.B {SSHA384}
+SHA-384 with salt, giving hash values of 384 bits length
+.TP
+.B {SHA384}
+plain SHA-384 giving hash values of 384 bits length
+.TP
+.B {SSHA512}
+SHA-512 with salt, giving hash values of 512 bits length
+.TP
+.B {SHA512}
+plain SHA-512 giving hash values of 512 bits length
+.RE
+
+.SH CONFIGURATION
+The
+.B pw-sha2
+module does not need any configuration.
+.LP
+After loading the module, the password schemes
+{SSHA256}, {SSHA384}, {SSHA512}, {SSHA256}, {SHA384}, and {SHA512}
+will be recognised in values of the
+.I userPassword
+attribute.
+.LP
+You can then instruct OpenLDAP to use these schemes when processing
+the LDAPv3 Password Modify (RFC 3062) extended operations by using the
+.BR password-hash
+option in
+.BR slapd.conf (5).
+
+.SH NOTES
+If you want to use the schemes described here with
+.BR slappasswd (8),
+don't forget to load the module using its command line options.
+The relevant option/value is:
+.RS
+.LP
+.B \-o
+.BR module\-load = pw-sha2
+.LP
+.RE
+Depending on
+.BR pw-sha2 's
+location, you may also need:
+.RS
+.LP
+.B \-o
+.BR module\-path = \fIpathspec\fP
+.RE
+
+.SH EXAMPLES
+All of the userPassword LDAP attributes below encode the password
+.RI ' secret '.
+.EX
+.LP
+userPassword: {SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg==
+.LP
+userPassword: {SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt
+.LP
+userPassword: {SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
+.EE
+.LP
+To make {SSHA512} the password hash used in Password Modify extended operations,
+simply set this line in slapd.conf(5):
+.EX
+.LP
+password-hash   {SSHA512}
+.EX
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR slappasswd (8),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been written by Peter Marschall based on the
+module's README file written by Jeff Turner.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
diff --git a/contrib/slapd-modules/passwd/sha2/slapd-sha2.c b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
new file mode 100644
index 0000000..d67afda
--- /dev/null
+++ b/contrib/slapd-modules/passwd/sha2/slapd-sha2.c
@@ -0,0 +1,508 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2009-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENT:
+ * This work was initially developed by Jeff Turner for inclusion
+ * in OpenLDAP Software.
+ *
+ * Hash methods for passwords generation added by Cédric Delfosse.
+ *
+ * SSHA256 / SSHA384 / SSHA512 support added, and chk_sha*() replaced
+ * with libraries/liblutil/passwd.c:chk_sha1() implementation to
+ * fix a race by SATOH Fumiyasu @ OSS Technology, Inc.
+ */
+
+#include "portable.h"
+
+#include <ac/string.h>
+
+#include "lber_pvt.h"
+#include "lutil.h"
+#include "sha2.h"
+
+#ifdef SLAPD_SHA2_DEBUG
+#include <stdio.h>
+#endif
+
+#define SHA2_SALT_SIZE 8
+
+static int hash_ssha256(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA256_CTX ct;
+	unsigned char hash256[SHA256_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash256;
+	digest.bv_len = sizeof(hash256);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA256_Init(&ct);
+	SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA256_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA256_Final(hash256, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
+static int hash_sha256(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA256_CTX ct;
+	unsigned char hash256[SHA256_DIGEST_LENGTH];
+	struct berval digest;
+	digest.bv_val = (char *) hash256;
+	digest.bv_len = sizeof(hash256);
+
+	SHA256_Init(&ct);
+	SHA256_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA256_Final(hash256, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, NULL);
+}
+
+static int hash_ssha384(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA384_CTX ct;
+	unsigned char hash384[SHA384_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash384;
+	digest.bv_len = sizeof(hash384);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA384_Init(&ct);
+	SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA384_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA384_Final(hash384, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
+static int hash_sha384(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA384_CTX ct;
+	unsigned char hash384[SHA384_DIGEST_LENGTH];
+	struct berval digest;
+	digest.bv_val = (char *) hash384;
+	digest.bv_len = sizeof(hash384);
+
+	SHA384_Init(&ct);
+	SHA384_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA384_Final(hash384, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, NULL);
+}
+
+static int hash_ssha512(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA512_CTX ct;
+	unsigned char hash512[SHA512_DIGEST_LENGTH];
+	char          saltdata[SHA2_SALT_SIZE];
+	struct berval digest;
+	struct berval salt;
+
+	digest.bv_val = (char *) hash512;
+	digest.bv_len = sizeof(hash512);
+	salt.bv_val = saltdata;
+	salt.bv_len = sizeof(saltdata);
+
+	if (lutil_entropy((unsigned char *)salt.bv_val, salt.bv_len) < 0) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	SHA512_Init(&ct);
+	SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA512_Update(&ct, (const uint8_t*)salt.bv_val, salt.bv_len);
+	SHA512_Final(hash512, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, &salt);
+}
+
+static int hash_sha512(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	SHA512_CTX ct;
+	unsigned char hash512[SHA512_DIGEST_LENGTH];
+	struct berval digest;
+	digest.bv_val = (char *) hash512;
+	digest.bv_len = sizeof(hash512);
+
+	SHA512_Init(&ct);
+	SHA512_Update(&ct, (const uint8_t*)passwd->bv_val, passwd->bv_len);
+	SHA512_Final(hash512, &ct);
+
+	return lutil_passwd_string64(scheme, &digest, hash, NULL);
+}
+
+#ifdef SLAPD_SHA2_DEBUG
+static void chk_sha_debug(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char *cred_hash,
+	size_t cred_len,
+	int cmp_rc)
+{
+	int rc;
+	struct berval cred_b64;
+
+	cred_b64.bv_len = LUTIL_BASE64_ENCODE_LEN(cred_len) + 1;
+	cred_b64.bv_val = ber_memalloc(cred_b64.bv_len + 1);
+
+	if( cred_b64.bv_val == NULL ) {
+		return;
+	}
+
+	rc = lutil_b64_ntop(
+		(unsigned char *) cred_hash, cred_len,
+		cred_b64.bv_val, cred_b64.bv_len );
+
+	if( rc < 0 ) {
+		ber_memfree(cred_b64.bv_val);
+		return;
+	}
+
+	fprintf(stderr, "Validating password\n");
+	fprintf(stderr, "  Hash scheme:\t\t%s\n", scheme->bv_val);
+	fprintf(stderr, "  Password to validate: %s\n", cred->bv_val);
+	fprintf(stderr, "  Password hash:\t%s\n", cred_b64.bv_val);
+	fprintf(stderr, "  Stored password hash:\t%s\n", passwd->bv_val);
+	fprintf(stderr, "  Result:\t\t%s\n", cmp_rc ?  "do not match" : "match");
+
+	ber_memfree(cred_b64.bv_val);
+}
+#endif
+
+static int chk_ssha256(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA256_CTX SHAcontext;
+	unsigned char SHAdigest[SHA256_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc <= (int)(sizeof(SHAdigest)) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA256_Init(&SHAcontext);
+	SHA256_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA256_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA256_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_sha256(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA256_CTX SHAcontext;
+	unsigned char SHAdigest[SHA256_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len < sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc != sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA256_Init(&SHAcontext);
+	SHA256_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA256_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+#ifdef SLAPD_SHA2_DEBUG
+	chk_sha_debug(scheme, passwd, cred, (char *)SHAdigest, sizeof(SHAdigest), rc);
+#endif
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_ssha384(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA384_CTX SHAcontext;
+	unsigned char SHAdigest[SHA384_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc <= (int)(sizeof(SHAdigest)) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA384_Init(&SHAcontext);
+	SHA384_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA384_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA384_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_sha384(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA384_CTX SHAcontext;
+	unsigned char SHAdigest[SHA384_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len < sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc != sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA384_Init(&SHAcontext);
+	SHA384_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA384_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+#ifdef SLAPD_SHA2_DEBUG
+	chk_sha_debug(scheme, passwd, cred, (char *)SHAdigest, sizeof(SHAdigest), rc);
+#endif
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_ssha512(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA512_CTX SHAcontext;
+	unsigned char SHAdigest[SHA512_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len <= sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc <= (int)(sizeof(SHAdigest)) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA512_Init(&SHAcontext);
+	SHA512_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA512_Update(&SHAcontext,
+		(const unsigned char *) &orig_pass[sizeof(SHAdigest)],
+		rc - sizeof(SHAdigest));
+	SHA512_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+static int chk_sha512(
+	const struct berval *scheme, /* Scheme of hashed reference password */
+	const struct berval *passwd, /* Hashed reference password to check against */
+	const struct berval *cred, /* user-supplied password to check */
+	const char **text )
+{
+	SHA512_CTX SHAcontext;
+	unsigned char SHAdigest[SHA512_DIGEST_LENGTH];
+	int rc;
+	unsigned char *orig_pass = NULL;
+	size_t decode_len = LUTIL_BASE64_DECODE_LEN(passwd->bv_len);
+
+	/* safety check */
+	if (decode_len < sizeof(SHAdigest)) {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* base64 un-encode password */
+	orig_pass = (unsigned char *) ber_memalloc(decode_len + 1);
+
+	if( orig_pass == NULL ) return LUTIL_PASSWD_ERR;
+
+	rc = lutil_b64_pton(passwd->bv_val, orig_pass, decode_len);
+
+	if( rc != sizeof(SHAdigest) ) {
+		ber_memfree(orig_pass);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* hash credentials with salt */
+	SHA512_Init(&SHAcontext);
+	SHA512_Update(&SHAcontext,
+		(const unsigned char *) cred->bv_val, cred->bv_len);
+	SHA512_Final(SHAdigest, &SHAcontext);
+
+	/* compare */
+	rc = memcmp((char *)orig_pass, (char *)SHAdigest, sizeof(SHAdigest));
+#ifdef SLAPD_SHA2_DEBUG
+	chk_sha_debug(scheme, passwd, cred, (char *)SHAdigest, sizeof(SHAdigest), rc);
+#endif
+	ber_memfree(orig_pass);
+	return rc ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+}
+
+const struct berval ssha256scheme = BER_BVC("{SSHA256}");
+const struct berval sha256scheme = BER_BVC("{SHA256}");
+const struct berval ssha384scheme = BER_BVC("{SSHA384}");
+const struct berval sha384scheme = BER_BVC("{SHA384}");
+const struct berval ssha512scheme = BER_BVC("{SSHA512}");
+const struct berval sha512scheme = BER_BVC("{SHA512}");
+
+int init_module(int argc, char *argv[]) {
+	int result = 0;
+	result = lutil_passwd_add( (struct berval *)&ssha256scheme, chk_ssha256, hash_ssha256 );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&sha256scheme, chk_sha256, hash_sha256 );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&ssha384scheme, chk_ssha384, hash_ssha384 );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&sha384scheme, chk_sha384, hash_sha384 );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&ssha512scheme, chk_ssha512, hash_ssha512 );
+	if (result != 0) return result;
+	result = lutil_passwd_add( (struct berval *)&sha512scheme, chk_sha512, hash_sha512 );
+	return result;
+}
diff --git a/contrib/slapd-modules/passwd/slapd-pw-radius.5 b/contrib/slapd-modules/passwd/slapd-pw-radius.5
new file mode 100644
index 0000000..9a74847
--- /dev/null
+++ b/contrib/slapd-modules/passwd/slapd-pw-radius.5
@@ -0,0 +1,110 @@
+.TH SLAPD-PW-RADIUS 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapd-pw-radius \- Radius backend password module to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+.B moduleload
+.B pw-radius
+.I /path/to/radius.conf
+.RE
+.SH DESCRIPTION
+.LP
+The
+.B pw-radius
+module to
+.BR slapd (8)
+provides support for using a RADIUS infrastructure as backend to
+verify the password provided in Simple Bind operations to OpenLDAP.
+.LP
+It does so by providing an additional password scheme for use in slapd:
+.RS
+.TP
+.B {RADIUS}
+RADIUS password scheme
+.RE
+.LP
+Unlike in other password schemes, the value following the scheme is not
+a - potentially hashed - password, but the name of the corresponding
+RADIUS user in the RADIUS infrastructure.
+.LP
+This value, together with the password used in the Simple Bind operation,
+will be sent to the RADIUS server for authentication.
+.LP
+If the RADIUS server successfully authenticates the user,
+then the password verification succeeds, resulting in the LDAP Bind
+operation's success.
+.LP
+Conversely, failed RADIUS authentications leads to failing LDAP Binds.
+
+.SH CONFIGURATION
+The
+.B pw-radius
+module needs no configuration beyond the additional
+.I filename
+argument to
+.BR slapd.conf (5)'s
+.B moduleload
+directive.
+This filename is expected to point to a valid
+.BR radius.conf (5).
+file adhering to
+.BR libradius (3).
+.LP
+After loading the module, the password scheme
+.B {RADIUS}
+will be recognised in values of the
+.I userPassword
+attribute.
+
+.SH NOTES
+Owing to its construction, using the
+.B {RADIUS}
+scheme as argument to the
+.BR password-hash
+option in
+.BR slapd.conf (5)
+does not make much sense, because of the scheme's construction.
+.LP
+This also applies to the use of the
+.B {RADIUS}
+scheme in
+.B slappasswd
+or
+.BR ldappasswd .
+
+
+.SH EXAMPLES
+To indicate that Simple Bind operations shall use the RADIUS user
+.B johndoe
+when validating passwords against the RADIUS infrastructure,
+set a user's LDAP attribute userPassword to:
+.EX
+.LP
+userPassword: {RADIUS}johndoe
+.EE
+
+.SH LIMITATIONS
+Due to the way the configuration is loaded (additional argument
+to slapd.conf's moduleload directive), this module cannot be used
+with table-driven configuration.
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR libradius (3)
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been written by Peter Marschall.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
diff --git a/contrib/slapd-modules/passwd/totp/Makefile b/contrib/slapd-modules/passwd/totp/Makefile
new file mode 100644
index 0000000..f7dff4b
--- /dev/null
+++ b/contrib/slapd-modules/passwd/totp/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = pw-totp.la
+MANPAGES = slapo-totp.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all:		$(PROGRAMS)
+
+pw-totp.la:	slapd-totp.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/passwd/totp/README b/contrib/slapd-modules/passwd/totp/README
new file mode 100644
index 0000000..e6867f2
--- /dev/null
+++ b/contrib/slapd-modules/passwd/totp/README
@@ -0,0 +1,87 @@
+TOTP OpenLDAP support
+----------------------
+
+slapd-totp.c provides support for RFC 6238 TOTP Time-based One
+Time Passwords in OpenLDAP using SHA-1, SHA-256, and SHA-512.
+For instance, one could have the LDAP attribute:
+
+userPassword: {TOTP1}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ
+
+which encodes the key '12345678901234567890'.
+
+It can also encode credentials consisting of a TOTP and a static
+password.  The format for this is:
+
+userPassword: {TOTP1ANDPW}GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ|<some_other_passwd>
+
+where <some_other_passwd> can be any scheme currently understood
+by OpenLDAP.  For example, using '{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ='
+would encode the above TOTP with a static password of 'secret'.  To
+authenticate using this scheme, enter the static password immediately
+followed by the TOTP, for example 'secret123456'.
+
+
+Building
+--------
+
+1) Customize the LDAP_SRC variable in Makefile to point to the OpenLDAP
+source root.
+
+2) Run 'make' to produce slapd-totp.so
+
+3) Copy slapd-totp.so somewhere permanent.
+
+4) Edit your slapd.conf (eg. /etc/ldap/slapd.conf), and add:
+
+moduleload ...path/to/slapd-totp.so
+
+5) This module replaces the function of the slapo-lastbind overlay. You
+cannot use that overlay on the same database as this one.
+
+6) Restart slapd.
+
+
+Configuring
+-----------
+
+The {TOTP1}, {TOTP256}, {TOTP512}, {TOTP1ANDPW}, {TOTP256ANDPW},
+and {TOTP512ANDPW} password schemes should now be recognised.
+
+You can also tell OpenLDAP to use one of these new schemes when processing LDAP
+Password Modify Extended Operations, thanks to the password-hash option in
+slapd.conf. For example:
+
+password-hash	{TOTP1}
+
+TOTP password schemes will only work on databases that have a rootdn and the
+totp overlay configured:
+
+database mdb
+rootdn "..."
+...
+
+overlay totp
+
+
+
+Testing
+-------
+
+The TOTP1 algorithm is compatible with Google Authenticator.
+
+---
+
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2015-2022 The OpenLDAP Foundation.
+Portions Copyright 2015 by Howard Chu, Symas Corp.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/passwd/totp/slapd-totp.c b/contrib/slapd-modules/passwd/totp/slapd-totp.c
new file mode 100644
index 0000000..25081e1
--- /dev/null
+++ b/contrib/slapd-modules/passwd/totp/slapd-totp.c
@@ -0,0 +1,1000 @@
+/* slapd-totp.c - Password module and overlay for TOTP */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2015-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2015 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work includes code from the lastbind overlay.
+ */
+
+#include <portable.h>
+
+#if HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#include <lber.h>
+#include <lber_pvt.h>
+#include "lutil.h"
+#include <ac/stdlib.h>
+#include <ac/ctype.h>
+#include <ac/string.h>
+/* include socket.h to get sys/types.h and/or winsock2.h */
+#include <ac/socket.h>
+
+#if HAVE_OPENSSL
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+
+#define TOTP_SHA512_DIGEST_LENGTH	SHA512_DIGEST_LENGTH
+#define TOTP_SHA1	EVP_sha1()
+#define TOTP_SHA256	EVP_sha256()
+#define TOTP_SHA512	EVP_sha512()
+#define TOTP_HMAC_CTX	HMAC_CTX *
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+	if (ctx != NULL) {
+		HMAC_CTX_init(ctx);
+	}
+	return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+	if (ctx != NULL) {
+		HMAC_CTX_cleanup(ctx);
+		OPENSSL_free(ctx);
+	}
+}
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+#define HMAC_setup(ctx, key, len, hash) \
+	ctx = HMAC_CTX_new(); \
+	HMAC_Init_ex(ctx, key, len, hash, 0)
+#define HMAC_crunch(ctx, buf, len)	HMAC_Update(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen) \
+	HMAC_Final(ctx, dig, &dlen); \
+	HMAC_CTX_free(ctx)
+
+#elif HAVE_GNUTLS
+#include <nettle/hmac.h>
+
+#define TOTP_SHA512_DIGEST_LENGTH	SHA512_DIGEST_SIZE
+#define TOTP_SHA1	&nettle_sha1
+#define TOTP_SHA256	&nettle_sha256
+#define TOTP_SHA512	&nettle_sha512
+#define TOTP_HMAC_CTX	struct hmac_sha512_ctx
+
+#define HMAC_setup(ctx, key, len, hash)	\
+	const struct nettle_hash *h=hash;\
+	hmac_set_key(&ctx.outer, &ctx.inner, &ctx.state, h, len, key)
+#define HMAC_crunch(ctx, buf, len)	hmac_update(&ctx.state, h, len, buf)
+#define HMAC_finish(ctx, dig, dlen) \
+	hmac_digest(&ctx.outer, &ctx.inner, &ctx.state, h, h->digest_size, dig);\
+	dlen = h->digest_size
+
+#else
+# error Unsupported crypto backend.
+#endif
+
+#include "slap.h"
+#include "slap-config.h"
+
+static LUTIL_PASSWD_CHK_FUNC chk_totp1, chk_totp256, chk_totp512,
+	chk_totp1andpw, chk_totp256andpw, chk_totp512andpw;
+static LUTIL_PASSWD_HASH_FUNC hash_totp1, hash_totp256, hash_totp512,
+	hash_totp1andpw, hash_totp256andpw, hash_totp512andpw;
+static const struct berval scheme_totp1 = BER_BVC("{TOTP1}");
+static const struct berval scheme_totp256 = BER_BVC("{TOTP256}");
+static const struct berval scheme_totp512 = BER_BVC("{TOTP512}");
+static const struct berval scheme_totp1andpw = BER_BVC("{TOTP1ANDPW}");
+static const struct berval scheme_totp256andpw = BER_BVC("{TOTP256ANDPW}");
+static const struct berval scheme_totp512andpw = BER_BVC("{TOTP512ANDPW}");
+
+static AttributeDescription *ad_authTimestamp;
+
+/* This is the definition used by ISODE, as supplied to us in
+ * ITS#6238 Followup #9
+ */
+static struct schema_info {
+	char *def;
+	AttributeDescription **ad;
+} totp_OpSchema[] = {
+	{	"( 1.3.6.1.4.1.453.16.2.188 "
+		"NAME 'authTimestamp' "
+		"DESC 'last successful authentication using any method/mech' "
+		"EQUALITY generalizedTimeMatch "
+		"ORDERING generalizedTimeOrderingMatch "
+		"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
+		"SINGLE-VALUE NO-USER-MODIFICATION USAGE dsaOperation )",
+		&ad_authTimestamp},
+	{ NULL, NULL }
+};
+
+/* RFC3548 base32 encoding/decoding */
+
+static const char Base32[] =
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+static const char Pad32 = '=';
+
+static int
+totp_b32_ntop(
+	u_char const *src,
+	size_t srclength,
+	char *target,
+	size_t targsize)
+{
+	size_t datalength = 0;
+	u_char input0;
+	u_int input1;	/* assumed to be at least 32 bits */
+	u_char output[8];
+	int i;
+
+	while (4 < srclength) {
+		if (datalength + 8 > targsize)
+			return (-1);
+		input0 = *src++;
+		input1 = *src++;
+		input1 <<= 8;
+		input1 |= *src++;
+		input1 <<= 8;
+		input1 |= *src++;
+		input1 <<= 8;
+		input1 |= *src++;
+		srclength -= 5;
+
+		for (i=7; i>1; i--) {
+			output[i] = input1 & 0x1f;
+			input1 >>= 5;
+		}
+		output[0] = input0 >> 3;
+		output[1] = (input0 & 0x07) << 2 | input1;
+
+		for (i=0; i<8; i++)
+			target[datalength++] = Base32[output[i]];
+	}
+    
+	/* Now we worry about padding. */
+	if (0 != srclength) {
+		static const int outlen[] = { 2,4,5,7 };
+		int n;
+		if (datalength + 8 > targsize)
+			return (-1);
+
+		/* Get what's left. */
+		input1 = *src++;
+		for (i = 1; i < srclength; i++) {
+			input1 <<= 8;
+			input1 |= *src++;
+		}
+		input1 <<= 8 * (4-srclength);
+		n = outlen[srclength-1];
+		for (i=0; i<n; i++) {
+			target[datalength++] = Base32[(input1 & 0xf8000000) >> 27];
+			input1 <<= 5;
+		}
+		for (; i<8; i++)
+			target[datalength++] = Pad32;
+	}
+	if (datalength >= targsize)
+		return (-1);
+	target[datalength] = '\0';	/* Returned value doesn't count \0. */
+	return (datalength);
+}
+
+/* converts characters, eight at a time, starting at src
+   from base - 32 numbers into five 8 bit bytes in the target area.
+   it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+static int
+totp_b32_pton(
+	char const *src,
+	u_char *target, 
+	size_t targsize)
+{
+	int tarindex, state, ch;
+	char *pos;
+
+	state = 0;
+	tarindex = 0;
+
+	while ((ch = *src++) != '\0') {
+		if (ch == Pad32)
+			break;
+
+		pos = strchr(Base32, ch);
+		if (pos == 0) 		/* A non-base32 character. */
+			return (-1);
+
+		switch (state) {
+		case 0:
+			if (target) {
+				if ((size_t)tarindex >= targsize)
+					return (-1);
+				target[tarindex] = (pos - Base32) << 3;
+			}
+			state = 1;
+			break;
+		case 1:
+			if (target) {
+				if ((size_t)tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex]   |=  (pos - Base32) >> 2;
+				target[tarindex+1]  = ((pos - Base32) & 0x3)
+							<< 6 ;
+			}
+			tarindex++;
+			state = 2;
+			break;
+		case 2:
+			if (target) {
+				target[tarindex]   |=  (pos - Base32) << 1;
+			}
+			state = 3;
+			break;
+		case 3:
+			if (target) {
+				if ((size_t)tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex] |= (pos - Base32) >> 4;
+				target[tarindex+1]  = ((pos - Base32) & 0xf)
+							<< 4 ;
+			}
+			tarindex++;
+			state = 4;
+			break;
+		case 4:
+			if (target) {
+				if ((size_t)tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex] |= (pos - Base32) >> 1;
+				target[tarindex+1]  = ((pos - Base32) & 0x1)
+							<< 7 ;
+			}
+			tarindex++;
+			state = 5;
+			break;
+		case 5:
+			if (target) {
+				target[tarindex]   |=  (pos - Base32) << 2;
+			}
+			state = 6;
+			break;
+		case 6:
+			if (target) {
+				if ((size_t)tarindex + 1 >= targsize)
+					return (-1);
+				target[tarindex] |= (pos - Base32) >> 3;
+				target[tarindex+1]  = ((pos - Base32) & 0x7)
+							<< 5 ;
+			}
+			tarindex++;
+			state = 7;
+			break;
+		case 7:
+			if (target) {
+				target[tarindex]   |=  (pos - Base32);
+			}
+			state = 0;
+			tarindex++;
+			break;
+
+		default:
+			abort();
+		}
+	}
+
+	/*
+	 * We are done decoding Base-32 chars.  Let's see if we ended
+	 * on a byte boundary, and/or with erroneous trailing characters.
+	 */
+
+	if (ch == Pad32) {		/* We got a pad char. */
+		int i = 0;
+
+		/* count pad chars */
+		for (; ch; ch = *src++) {
+			if (ch != Pad32)
+				return (-1);
+			i++;
+		}
+		/* there are only 4 valid ending states with a
+		 * pad character, make sure the number of pads is valid.
+		 */
+		switch(state) {
+		case 2:	if (i != 6) return -1;
+			break;
+		case 4: if (i != 4) return -1;
+			break;
+		case 5: if (i != 3) return -1;
+			break;
+		case 7: if (i != 1) return -1;
+			break;
+		default:
+			return -1;
+		}
+		/*
+		 * Now make sure that the "extra" bits that slopped past
+		 * the last full byte were zeros.  If we don't check them,
+		 * they become a subliminal channel.
+		 */
+		if (target && target[tarindex] != 0)
+			return (-1);
+	} else {
+		/*
+		 * We ended by seeing the end of the string.  Make sure we
+		 * have no partial bytes lying around.
+		 */
+		if (state != 0)
+			return (-1);
+	}
+
+	return (tarindex);
+}
+
+/* RFC6238 TOTP */
+
+
+typedef struct myval {
+	ber_len_t mv_len;
+	void *mv_val;
+} myval;
+
+static void do_hmac(
+	const void *hash,
+	myval *key,
+	myval *data,
+	myval *out)
+{
+	TOTP_HMAC_CTX ctx;
+	unsigned int digestLen;
+
+	HMAC_setup(ctx, key->mv_val, key->mv_len, hash);
+	HMAC_crunch(ctx, data->mv_val, data->mv_len);
+	HMAC_finish(ctx, out->mv_val, digestLen);
+	out->mv_len = digestLen;
+}
+
+static const int DIGITS_POWER[] = {
+	1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000 };
+
+static void generate(
+	myval *key,
+	uint64_t tval,
+	int digits,
+	myval *out,
+	const void *mech)
+{
+	unsigned char digest[TOTP_SHA512_DIGEST_LENGTH];
+	myval digval;
+	myval data;
+	unsigned char msg[8];
+	int i, offset, res, otp;
+
+#if WORDS_BIGENDIAN
+	*(uint64_t *)msg = tval;
+#else
+	for (i=7; i>=0; i--) {
+		msg[i] = tval & 0xff;
+		tval >>= 8;
+	}
+#endif
+
+	data.mv_val = msg;
+	data.mv_len = sizeof(msg);
+
+	digval.mv_val = digest;
+	digval.mv_len = sizeof(digest);
+	do_hmac(mech, key, &data, &digval);
+
+	offset = digest[digval.mv_len-1] & 0xf;
+	res = ((digest[offset] & 0x7f) << 24) |
+			((digest[offset+1] & 0xff) << 16) |
+			((digest[offset+2] & 0xff) << 8) |
+			(digest[offset+3] & 0xff);
+
+	otp = res % DIGITS_POWER[digits];
+	out->mv_len = snprintf(out->mv_val, out->mv_len, "%0*d", digits, otp);
+}
+
+static int totp_op_cleanup( Operation *op, SlapReply *rs );
+static int totp_bind_response( Operation *op, SlapReply *rs );
+
+#define TIME_STEP	30
+#define DIGITS	6
+#define DELIM	'|'	/* a single character */
+#define TOTP_AND_PW_HASH_SCHEME	"{SSHA}"
+
+static int chk_totp(
+	const struct berval *passwd,
+	const struct berval *cred,
+	const void *mech,
+	const char **text)
+{
+	void *ctx, *op_tmp;
+	Operation *op;
+	Entry *e;
+	Attribute *a;
+	long t, told = 0;
+	int rc;
+	myval out, key;
+	char outbuf[32];
+
+	/* Find our thread context, find our Operation */
+	ctx = ldap_pvt_thread_pool_context();
+	if (ldap_pvt_thread_pool_getkey(ctx, totp_op_cleanup, &op_tmp, NULL) ||
+		!op_tmp)
+		return LUTIL_PASSWD_ERR;
+	op = op_tmp;
+
+	rc = be_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &e);
+	if (rc != LDAP_SUCCESS) return LUTIL_PASSWD_ERR;
+
+	/* Make sure previous login is older than current time */
+	t = op->o_time / TIME_STEP;
+	a = attr_find(e->e_attrs, ad_authTimestamp);
+	if (a) {
+		struct lutil_tm tm;
+		struct lutil_timet tt;
+		if (lutil_parsetime(a->a_vals[0].bv_val, &tm) == 0 &&
+			lutil_tm2time(&tm, &tt) == 0) {
+			told = tt.tt_sec / TIME_STEP;
+			if (told >= t)
+				rc = LUTIL_PASSWD_ERR;
+		}
+		if (!rc) {	/* seems OK, remember old stamp */
+			slap_callback *sc;
+			for (sc = op->o_callback; sc; sc = sc->sc_next) {
+				if (sc->sc_response == totp_bind_response) {
+					sc->sc_private = ber_dupbv_x(NULL, &a->a_vals[0], op->o_tmpmemctx);
+					break;
+				}
+			}
+		}
+	}	/* else no previous login, 1st use is OK */
+
+	be_entry_release_r(op, e);
+	if (rc) return rc;
+
+	/* Key is stored in base32 */
+	key.mv_len = passwd->bv_len * 5 / 8;
+	key.mv_val = ber_memalloc(key.mv_len+1);
+
+	if (!key.mv_val)
+		return LUTIL_PASSWD_ERR;
+
+	rc = totp_b32_pton(passwd->bv_val, key.mv_val, key.mv_len);
+	if (rc < 1) {
+		rc = LUTIL_PASSWD_ERR;
+		goto out;
+	}
+
+	out.mv_val = outbuf;
+	out.mv_len = sizeof(outbuf);
+	generate(&key, t, DIGITS, &out, mech);
+
+	/* compare */
+	if (out.mv_len != cred->bv_len) {
+		rc = LUTIL_PASSWD_ERR;
+		goto out;
+	}
+
+	rc = memcmp(out.mv_val, cred->bv_val, out.mv_len) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+
+	/* If current value doesn't match, try again with previous value
+	 * but only if the most recent login is older than the previous
+	 * time step but still set */
+	if (rc == LUTIL_PASSWD_ERR && told < t - 1 && told > 0) {
+		out.mv_val = outbuf;
+		out.mv_len = sizeof(outbuf);
+		generate(&key, t - 1, DIGITS, &out, mech);
+		/* compare */
+		if (out.mv_len != cred->bv_len)
+			goto out;
+		rc = memcmp(out.mv_val, cred->bv_val, out.mv_len) ? LUTIL_PASSWD_ERR : LUTIL_PASSWD_OK;
+	}
+
+out:
+	memset(key.mv_val, 0, key.mv_len);
+	ber_memfree(key.mv_val);
+	return rc;
+}
+
+static int chk_totp_and_pw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text,
+	const void *mech)
+{
+	char *s;
+	int rc = LUTIL_PASSWD_ERR, rc_pass, rc_otp;
+	ber_len_t len;
+	struct berval cred_pass, cred_otp, passwd_pass, passwd_otp;
+
+	/* Check credential length, no point to continue if too short */
+	if (cred->bv_len <= DIGITS)
+		return rc;
+
+	/* The OTP seed of the stored password */
+	s = strchr(passwd->bv_val, DELIM);
+	if (s) {
+		len = s - passwd->bv_val;
+	} else {
+		return rc;
+	}
+	if (!ber_str2bv(passwd->bv_val, len, 1, &passwd_otp))
+		return rc;
+
+	/* The password part of the stored password */
+	s++;
+	ber_str2bv(s, 0, 0, &passwd_pass);
+
+	/* The OTP part of the entered credential */
+	ber_str2bv(&cred->bv_val[cred->bv_len - DIGITS], DIGITS, 0, &cred_otp);
+
+	/* The password part of the entered credential */
+	if (!ber_str2bv(cred->bv_val, cred->bv_len - DIGITS, 0, &cred_pass)) {
+		/* Cleanup */
+		memset(passwd_otp.bv_val, 0, passwd_otp.bv_len);
+		ber_memfree(passwd_otp.bv_val);
+		return rc;
+	}
+
+	rc_otp = chk_totp(&passwd_otp, &cred_otp, mech, text);
+	rc_pass = lutil_passwd(&passwd_pass, &cred_pass, NULL, text);
+	if (rc_otp == LUTIL_PASSWD_OK && rc_pass == LUTIL_PASSWD_OK)
+		rc = LUTIL_PASSWD_OK;
+
+	/* Cleanup and return */
+	memset(passwd_otp.bv_val, 0, passwd_otp.bv_len);
+	ber_memfree(passwd_otp.bv_val);
+
+	return rc;
+}
+
+static int chk_totp1(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp(passwd, cred, TOTP_SHA1, text);
+}
+
+static int chk_totp256(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp(passwd, cred, TOTP_SHA256, text);
+}
+
+static int chk_totp512(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp(passwd, cred, TOTP_SHA512, text);
+}
+
+static int chk_totp1andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp_and_pw(scheme, passwd, cred, text, TOTP_SHA1);
+}
+
+static int chk_totp256andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp_and_pw(scheme, passwd, cred, text, TOTP_SHA256);
+}
+
+static int chk_totp512andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text)
+{
+	return chk_totp_and_pw(scheme, passwd, cred, text, TOTP_SHA512);
+}
+
+static int passwd_string32(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash)
+{
+	int b32len = (passwd->bv_len + 4)/5 * 8;
+	int rc;
+	hash->bv_len = scheme->bv_len + b32len;
+	hash->bv_val = ber_memalloc(hash->bv_len + 1);
+	AC_MEMCPY(hash->bv_val, scheme->bv_val, scheme->bv_len);
+	rc = totp_b32_ntop((unsigned char *)passwd->bv_val, passwd->bv_len,
+		hash->bv_val + scheme->bv_len, b32len+1);
+	if (rc < 0) {
+		ber_memfree(hash->bv_val);
+		hash->bv_val = NULL;
+		return LUTIL_PASSWD_ERR;
+	}
+	return LUTIL_PASSWD_OK;
+}
+
+static int hash_totp_and_pw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+	struct berval otp, pass, hash_otp, hash_pass;
+	ber_len_t len;
+	char *s;
+	int rc = LUTIL_PASSWD_ERR;
+
+	/* The OTP seed part */
+	s = strchr(passwd->bv_val, DELIM);
+	if (s) {
+		len = s - passwd->bv_val;
+	} else {
+		return rc;
+	}
+	if (!ber_str2bv(passwd->bv_val, len, 0, &otp))
+		return rc;
+
+	/* The static password part */
+	s++;
+	ber_str2bv(s, 0, 0, &pass);
+
+	/* Hash the OTP seed */
+	rc = passwd_string32(scheme, &otp, &hash_otp);
+
+	/* If successful, hash the static password, else cleanup and return */
+	if (rc == LUTIL_PASSWD_OK) {
+		rc = lutil_passwd_hash(&pass, TOTP_AND_PW_HASH_SCHEME,
+			&hash_pass, text);
+	} else {
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* If successful, allocate memory to combine them, else cleanup
+	 *  and return */
+	if (rc == LUTIL_PASSWD_OK) {
+		/* Add 1 character to bv_len to hold DELIM */
+		hash->bv_len = hash_pass.bv_len + hash_otp.bv_len + 1;
+		hash->bv_val = ber_memalloc(hash->bv_len + 1);
+		if (!hash->bv_val)
+			rc = LUTIL_PASSWD_ERR;
+	} else {
+		memset(hash_otp.bv_val, 0, hash_otp.bv_len);
+		ber_memfree(hash_otp.bv_val);
+		return LUTIL_PASSWD_ERR;
+	}
+
+	/* If successful, combine the two hashes with the delimiter */
+	if (rc == LUTIL_PASSWD_OK) {
+		AC_MEMCPY(hash->bv_val, hash_otp.bv_val, hash_otp.bv_len);
+		hash->bv_val[hash_otp.bv_len] = DELIM;
+		AC_MEMCPY(hash->bv_val + hash_otp.bv_len + 1,
+			hash_pass.bv_val, hash_pass.bv_len);
+		hash->bv_val[hash->bv_len] = '\0';
+	}
+
+	/* Cleanup and return */
+	memset(hash_otp.bv_val, 0, hash_otp.bv_len);
+	memset(hash_pass.bv_val, 0, hash_pass.bv_len);
+	ber_memfree(hash_otp.bv_val);
+	ber_memfree(hash_pass.bv_val);
+
+	return rc;
+}
+
+static int hash_totp1(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return passwd_string32(scheme, passwd, hash);
+}
+
+static int hash_totp256(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA256_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return passwd_string32(scheme, passwd, hash);
+}
+
+static int hash_totp512(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA512_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return passwd_string32(scheme, passwd, hash);
+}
+
+static int hash_totp1andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return hash_totp_and_pw(scheme, passwd, hash, text);
+}
+
+static int hash_totp256andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA256_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return hash_totp_and_pw(scheme, passwd, hash, text);
+}
+
+static int hash_totp512andpw(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text)
+{
+#if 0
+	if (passwd->bv_len != SHA512_DIGEST_LENGTH) {
+		*text = "invalid key length";
+		return LUTIL_PASSWD_ERR;
+	}
+#endif
+	return hash_totp_and_pw(scheme, passwd, hash, text);
+}
+
+static int totp_op_cleanup(
+	Operation *op,
+	SlapReply *rs )
+{
+	slap_callback *cb;
+
+	/* clear out the current key */
+	ldap_pvt_thread_pool_setkey( op->o_threadctx, totp_op_cleanup,
+		NULL, 0, NULL, NULL );
+
+	/* free the callback */
+	cb = op->o_callback;
+	op->o_callback = cb->sc_next;
+	if (cb->sc_private)
+		ber_bvfree_x(cb->sc_private, op->o_tmpmemctx);
+	op->o_tmpfree( cb, op->o_tmpmemctx );
+	return 0;
+}
+
+static int
+totp_bind_response( Operation *op, SlapReply *rs )
+{
+	Modifications *mod = NULL;
+	BackendInfo *bi = op->o_bd->bd_info;
+	Entry *e;
+	int rc;
+
+	/* we're only interested if the bind was successful */
+	if ( rs->sr_err != LDAP_SUCCESS )
+		return SLAP_CB_CONTINUE;
+
+	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+	op->o_bd->bd_info = bi;
+
+	if ( rc != LDAP_SUCCESS ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	{
+		time_t now;
+		Attribute *a;
+		Modifications *m;
+		char nowstr[ LDAP_LUTIL_GENTIME_BUFSIZE ];
+		struct berval timestamp;
+
+		/* get the current time */
+		now = op->o_time;
+
+		/* update the authTimestamp in the user's entry with the current time */
+		timestamp.bv_val = nowstr;
+		timestamp.bv_len = sizeof(nowstr);
+		slap_timestamp( &now, &timestamp );
+
+		m = ch_calloc( sizeof(Modifications), 1 );
+		m->sml_op = LDAP_MOD_REPLACE;
+		m->sml_flags = 0;
+		m->sml_type = ad_authTimestamp->ad_cname;
+		m->sml_desc = ad_authTimestamp;
+		m->sml_numvals = 1;
+		m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+		m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+
+		ber_dupbv( &m->sml_values[0], &timestamp );
+		ber_dupbv( &m->sml_nvalues[0], &timestamp );
+		m->sml_next = mod;
+		mod = m;
+
+		/* get authTimestamp attribute, if it exists */
+		if ((a = attr_find( e->e_attrs, ad_authTimestamp)) != NULL && op->o_callback->sc_private) {
+			struct berval *bv = op->o_callback->sc_private;
+			m = ch_calloc( sizeof(Modifications), 1 );
+			m->sml_op = LDAP_MOD_DELETE;
+			m->sml_flags = 0;
+			m->sml_type = ad_authTimestamp->ad_cname;
+			m->sml_desc = ad_authTimestamp;
+			m->sml_numvals = 1;
+			m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+			m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+
+			ber_dupbv( &m->sml_values[0], bv );
+			ber_dupbv( &m->sml_nvalues[0], bv );
+			m->sml_next = mod;
+			mod = m;
+		}
+	}
+
+	be_entry_release_r( op, e );
+
+	/* perform the update */
+	if ( mod ) {
+		Operation op2 = *op;
+		SlapReply r2 = { REP_RESULT };
+		slap_callback cb = { NULL, slap_null_cb, NULL, NULL };
+
+		/* This is a DSA-specific opattr, it never gets replicated. */
+		op2.o_tag = LDAP_REQ_MODIFY;
+		op2.o_callback = &cb;
+		op2.orm_modlist = mod;
+		op2.o_dn = op->o_bd->be_rootdn;
+		op2.o_ndn = op->o_bd->be_rootndn;
+		op2.o_dont_replicate = 1;
+		rc = op->o_bd->be_modify( &op2, &r2 );
+		slap_mods_free( mod, 1 );
+		if (rc != LDAP_SUCCESS) {
+			/* slapd has logged this as a success already, but we
+			 * need to fail it because the authTimestamp changed
+			 * out from under us.
+			 */
+			rs->sr_err = LDAP_INVALID_CREDENTIALS;
+			connection2anonymous(op->o_conn);
+			op2 = *op;
+			op2.o_callback = NULL;
+			send_ldap_result(&op2, rs);
+			op->o_bd->bd_info = bi;
+			return rs->sr_err;
+		}
+	}
+
+	op->o_bd->bd_info = bi;
+	return SLAP_CB_CONTINUE;
+}
+
+static int totp_op_bind(
+	Operation *op,
+	SlapReply *rs )
+{
+	/* If this is a simple Bind, stash the Op pointer so our chk
+	 * function can find it. Set a cleanup callback to clear it
+	 * out when the Bind completes.
+	 */
+	if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE ) {
+		slap_callback *cb;
+		ldap_pvt_thread_pool_setkey( op->o_threadctx,
+			totp_op_cleanup, op, 0, NULL, NULL );
+		cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+		cb->sc_response = totp_bind_response;
+		cb->sc_cleanup = totp_op_cleanup;
+		cb->sc_next = op->o_callback;
+		op->o_callback = cb;
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static int totp_db_open(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	int rc = 0;
+
+	if (!ad_authTimestamp) {
+		const char *text = NULL;
+		rc = slap_str2ad("authTimestamp", &ad_authTimestamp, &text);
+		if (rc) {
+			rc = register_at(totp_OpSchema[0].def, totp_OpSchema[0].ad, 0 );
+			if (rc) {
+				snprintf(cr->msg, sizeof(cr->msg), "unable to find or register authTimestamp attribute: %s (%d)",
+					text, rc);
+				Debug(LDAP_DEBUG_ANY, "totp: %s.\n", cr->msg );
+			}
+			ad_authTimestamp->ad_type->sat_flags |= SLAP_AT_MANAGEABLE;
+		}
+	}
+	return rc;
+}
+
+static slap_overinst totp;
+
+int
+totp_initialize(void)
+{
+	int rc;
+
+	totp.on_bi.bi_type = "totp";
+
+	totp.on_bi.bi_db_open = totp_db_open;
+	totp.on_bi.bi_op_bind = totp_op_bind;
+
+	rc = lutil_passwd_add((struct berval *) &scheme_totp1, chk_totp1, hash_totp1);
+	if (!rc)
+		rc = lutil_passwd_add((struct berval *) &scheme_totp256, chk_totp256, hash_totp256);
+	if (!rc)
+		rc = lutil_passwd_add((struct berval *) &scheme_totp512, chk_totp512, hash_totp512);
+	if (!rc)
+		rc = lutil_passwd_add((struct berval *) &scheme_totp1andpw, chk_totp1andpw, hash_totp1andpw);
+	if (!rc)
+		rc = lutil_passwd_add((struct berval *) &scheme_totp256andpw, chk_totp256andpw, hash_totp256andpw);
+	if (!rc)
+		rc = lutil_passwd_add((struct berval *) &scheme_totp512andpw, chk_totp512andpw, hash_totp512andpw);
+	if (rc)
+		return rc;
+
+	return overlay_register(&totp);
+}
+
+int init_module(int argc, char *argv[]) {
+	return totp_initialize();
+}
diff --git a/contrib/slapd-modules/passwd/totp/slapo-totp.5 b/contrib/slapd-modules/passwd/totp/slapo-totp.5
new file mode 100644
index 0000000..7c99bf1
--- /dev/null
+++ b/contrib/slapd-modules/passwd/totp/slapo-totp.5
@@ -0,0 +1,109 @@
+.TH PW-TOTP 5 "2015/7/2" "PW-TOTP"
+.\" Copyright 2015-2022 The OpenLDAP Foundation.
+.\" Portions Copyright 2015 by Howard Chu, Symas Corp. All rights reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.SH NAME
+pw-totp \- TOTP Password handling module
+.SH SYNOPSIS
+.B moduleload
+.I pw-totp.la
+.SH DESCRIPTION
+The
+.B pw-totp
+module allows time-based one-time password, AKA "authenticator-style",
+authentication to be added to applications that use LDAP for
+authentication. In most cases no changes to the applications are needed to switch
+to this type of authentication.
+
+With this module, the password needed for a user to authenticate is calculated
+based on the current time and a key that is stored in the user's LDAP entry. Since
+the password is based on the time, it changes periodically. Once used, it cannot be
+used again so keyloggers and shoulder-surfers are thwarted. A mobile
+phone application, such as the Google Authenticator (a 'prover'), can be used
+to calculate the user's current password, which is expressed as a six-digit
+number.
+Alternatively, the value can be calculated by some other application with access
+to the user's key and delivered to the user through SMS or some other channel.
+When prompted to authenticate, the user merely enters the six-digit code provided by
+the prover.
+
+Additionally, the overlay can also authenticate TOTP passwords
+combined with a static password.  To do this, utilize one of the
+{TOTP1ANDPW}, {TOTP256ANDPW}, or {TOTP512ANDPW} password schemes
+and append the static password scheme value to the end of the
+userPassword attribute, separated by a pipe (|) character.
+
+This implementation complies with 
+.B RFC 6238 TOTP Time-based One Time Passwords
+and includes support for the SHA-1, SHA-256, and SHA-512 HMAC
+algorithms.
+
+The HMAC key used in the TOTP computation is stored in the userPassword attribute
+of the user's LDAP entry and the LDAP Password Modify Extended Operation is used to
+set and change the value. The
+value should correspond to that used by the the prover (authenticator). 
+
+.SH CONFIGURATION
+Once the module is loaded with the moduleload command from the synopsis, 
+the {TOTP1}, {TOTP256}, {TOTP512}
+{TOTP1ANDPW}, {TOTP256ANDPW}, and {TOTP512ANDPW}
+password schemes will be recognized.
+
+On the databases where your users reside you must configure the
+totp overlay:
+
+.nf
+	database mdb
+	\...
+	overlay totp
+	\...
+.fi
+
+You can tell OpenLDAP to use one of these new schemes when processing LDAP
+Password Modify Extended Operations, thanks to the password-hash option in
+slapd.conf. For example:
+
+.nf
+	password-hash   {TOTP256}
+.fi
+
+.SH NOTES
+This module includes functionality implemented by the slapo-lastbind overlay
+and cannot coexist with it in the same database. Also note
+that since the time that the last bind occurred
+is needed to properly implement TOTP, provisions need to be made to propagate
+the authTimestamp attribute to other servers that are providing authentication
+services.
+
+The hash functions for the {TOTP1ANDPW}, {TOTP256ANDPW}, and {TOTP512ANDPW}
+schemes expect the secret to be entered in the form:
+<OTP seed><DELIM><static password>, where DELIM is currently defined
+as the pipe character (|).
+
+.SH BUGS
+The time step is hard-coded to thirty seconds. This should be OK for many use cases,
+but it would be nice if the value
+could be changed with a configuration keyword or in an attribute value.
+However, after one successful initial authentication (to verify
+the clocks on the server and the user's prover are in sync) the TOTP
+value of the previous time window may also be used to successfully
+authenticate, provided no successful bind has been performed already
+in the current or previous time window.  This eliminates false
+negatives caused by user or network delays
+entering or transmitting the TOTP value.
+
+The authenticator code that is generated is hard-coded to a length of six digits.
+While in most cases
+this is probably better than the alternative length of four digits, there may be
+cases where a four-digit value is preferred.
+
+In cases where password-hash lists multiple mechanisms, the TOTP key will also
+be changed at the same time. This is likely to be undesirable behavior.
+
+.SH "SEE ALSO"
+.BR slapd.conf (5) ldappasswd (1) 
+.SH ACKNOWLEDGEMENT
+This work was developed by Howard Chu of Symas Corporation for inclusion in
+OpenLDAP Software.
+
+Password + TOTP support added by Greg Veldman on behalf of SCinet.
diff --git a/contrib/slapd-modules/ppm/CHANGELOG.md b/contrib/slapd-modules/ppm/CHANGELOG.md
new file mode 100644
index 0000000..d0e4ed7
--- /dev/null
+++ b/contrib/slapd-modules/ppm/CHANGELOG.md
@@ -0,0 +1,38 @@
+# CHANGELOG
+
+* 2021-02-23 David Coutadeur <david.coutadeur@gmail.com>
+  remove maxLength attribute (#21)
+  adapt the readme and documentation of ppm (#22)
+  prepare ppolicy10 in OpenLDAP 2.5 (#20, #23 and #24)
+  add pwdCheckModuleArg feature
+  Version 2.0
+* 2019-08-20 David Coutadeur <david.coutadeur@gmail.com>
+  adding debug symbols for ppm_test,
+  improve tests with the possibility to add username,
+  fix openldap crash when checkRDN=1 and username contains too short parts
+  Version 1.8
+* 2018-03-30 David Coutadeur <david.coutadeur@gmail.com>
+  various minor improvements provided by Tim Bishop (tdb) (compilation, test program,
+  imprvts in Makefile: new OLDAP_SOURCES variable pointing to OLDAP install. directory
+  Version 1.7
+* 2017-05-19 David Coutadeur <david.coutadeur@gmail.com>
+  Adds cracklib support
+  Readme adaptations and cleaning
+  Version 1.6
+* 2017-02-07 David Coutadeur <david.coutadeur@gmail.com>
+  Adds maxConsecutivePerClass (idea from Trevor Vaughan / tvaughan@onyxpoint.com)
+  Version 1.5
+* 2016-08-22 David Coutadeur <david.coutadeur@gmail.com>
+  Get config file from environment variable
+  Version 1.4
+* 2014-12-20 Daly Chikhaoui <dchikhaoui@janua.fr>
+  Adding checkRDN parameter
+  Version 1.3
+* 2014-10-28 David Coutadeur <david.coutadeur@gmail.com>
+  Adding maxLength parameter
+  Version 1.2
+* 2014-07-27 David Coutadeur <david.coutadeur@gmail.com>
+  Changing the configuration file and the configuration data structure
+  Version 1.1
+* 2014-04-04 David Coutadeur <david.coutadeur@gmail.com>
+  Version 1.0
diff --git a/contrib/slapd-modules/ppm/CONTRIBUTIONS.md b/contrib/slapd-modules/ppm/CONTRIBUTIONS.md
new file mode 100644
index 0000000..0d563d8
--- /dev/null
+++ b/contrib/slapd-modules/ppm/CONTRIBUTIONS.md
@@ -0,0 +1,5 @@
+# CONTRIBUTIONS
+
+* 2014 - 2021 - David Coutadeur <david.coutadeur@gmail.com> - maintainer
+* 2015 - Daly Chikhaoui - Janua <dchikhaoui@janua.fr> - contribution on RDN checks
+* 2017 - tdb - Tim Bishop - contribution on some compilation improvements
diff --git a/contrib/slapd-modules/ppm/INSTALL.md b/contrib/slapd-modules/ppm/INSTALL.md
new file mode 100644
index 0000000..6052dc6
--- /dev/null
+++ b/contrib/slapd-modules/ppm/INSTALL.md
@@ -0,0 +1,51 @@
+INSTALLATION
+============
+
+Dependencies
+------------------
+ppm is provided along with OpenLDAP sources. By default, it is available into contrib/slapd-modules.
+ - make sure both OpenLDAP sources and ppm are available for building.
+ - install cracklib development files if you want to test passwords against cracklib
+ - install pandoc if you want to build the man page
+
+
+Build
+-----
+Enter contrib/slapd-modules/ppm directory
+
+You can optionally customize some variables if you don't want the default ones:
+- prefix: prefix of the path where ppm is to be installed (defaults to /usr/local)
+- ldap_subdir: OpenLDAP specific subdirectory for modules and configurations (defaults to  openldap )
+- moduledir: where the ppm module is to be deployed (defaults to $prefix/$libexecdir/$ldap_subdir)
+- etcdir: used to compose default sysconfdir location (defaults to $prefix/etc)
+- sysconfdir: where the ppm example policy is to be deployed (defaults to $prefix/$etcdir/$ldap_subdir)
+- LDAP_SRC: path to OpenLDAP source directory
+- Options in OPTS variable:
+    CONFIG_FILE: (DEPRECATED) path to a ppm configuration file (see PPM_READ_FILE in ppm.h)
+        note: ppm configuration now lies into pwdCheckModuleArg password policy attribute
+              provided example file is only helpful as an example or for testing
+    CRACKLIB: if defined, link against cracklib
+    DEBUG: If defined, ppm logs its actions with syslog
+
+
+To build ppm, simply run these commands:
+(based upon the default prefix /usr/local of OpenLDAP)
+
+```
+make clean
+make
+make test
+make doc
+make install
+```
+
+Here is an illustrative example showing how to overload some options:
+
+```
+make clean
+make LDAP_SRC=../../.. prefix=/usr/local libdir=/usr/local/lib 
+make test LDAP_SRC=../../..
+make doc prefix=/usr/local
+make install prefix=/usr/local libdir=/usr/local/lib
+```
+
diff --git a/contrib/slapd-modules/ppm/LICENSE b/contrib/slapd-modules/ppm/LICENSE
new file mode 100644
index 0000000..03f692b
--- /dev/null
+++ b/contrib/slapd-modules/ppm/LICENSE
@@ -0,0 +1,50 @@
+OpenLDAP Public License
+
+The OpenLDAP Public License
+  Version 2.8.1, 25 November 2003
+
+Redistribution and use of this software and associated documentation
+("Software"), with or without modification, are permitted provided
+that the following conditions are met:
+
+1. Redistributions in source form must retain copyright statements
+   and notices,
+
+2. Redistributions in binary form must reproduce applicable copyright
+   statements and notices, this list of conditions, and the following
+   disclaimer in the documentation and/or other materials provided
+   with the distribution, and
+
+3. Redistributions must contain a verbatim copy of this document.
+
+The OpenLDAP Foundation may revise this license from time to time.
+Each revision is distinguished by a version number.  You may use
+this Software under terms of this license revision or under the
+terms of any subsequent revision of the license.
+
+THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS
+CONTRIBUTORS ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
+INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT
+SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S)
+OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+The names of the authors and copyright holders must not be used in
+advertising or otherwise to promote the sale, use or other dealing
+in this Software without specific, written prior permission.  Title
+to copyright in this Software shall at all times remain with copyright
+holders.
+
+OpenLDAP is a registered trademark of the OpenLDAP Foundation.
+
+Copyright 1999-2003 The OpenLDAP Foundation, Redwood City,
+California, USA.  All rights reserved.  Permission to copy and
+distribute verbatim copies of this document is granted.
+
diff --git a/contrib/slapd-modules/ppm/Makefile b/contrib/slapd-modules/ppm/Makefile
new file mode 100644
index 0000000..7b6efad
--- /dev/null
+++ b/contrib/slapd-modules/ppm/Makefile
@@ -0,0 +1,97 @@
+# $OpenLDAP$
+# Copyright 2014 David Coutadeur, Paris.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/liblber/liblber.la $(LDAP_BUILD)/libraries/libldap/libldap.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2 -fpic
+
+# To skip linking against CRACKLIB make CRACK=no
+CRACK=yes
+CRACKDEF_yes= -DCRACKLIB
+CRACKDEF_no=
+
+CRACKLIB_yes= -lcrack
+CRACKLIB_no=
+
+CRACKDEF=$(CRACKDEF_$(CRACK))
+CRACKLIB=$(CRACKLIB_$(CRACK))
+
+DEFS = -DDEBUG $(CRACKDEF)
+# Define if using a config file:
+# -DCONFIG_FILE="\"$(sysconfdir)/$(EXAMPLE)\""
+
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS=ppm.so
+LTVER = 0:0:0
+
+LDAP_LIBS = -L$(LDAP_BUILD)/libraries/liblber/.libs -L$(LDAP_BUILD)/libraries/libldap/.libs -lldap -llber
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+etcdir = $(exec_prefix)/etc
+sysconfdir = $(etcdir)$(ldap_subdir)
+
+TEST=ppm_test
+EXAMPLE=ppm.example
+TESTS=./unit_tests.sh
+
+MANDOC=slapm-ppm.5
+MDDOC=ppm.md
+
+all: 	ppm $(TEST)
+
+$(TEST): ppm
+	$(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(LDFLAGS) $(INCS) $(LDAP_LIBS) -Wl,-rpath=. -o $(TEST) ppm_test.c $(PROGRAMS) $(LDAP_LIBS) $(CRACKLIB)
+
+ppm.o:
+	$(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) -c $(INCS) ppm.c
+
+ppm: ppm.o
+	$(CC) $(LDFLAGS) $(INCS) -shared -o $(PROGRAMS) ppm.o $(CRACKLIB)
+
+install: ppm
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS); do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)/$(moduledir) ; \
+	done
+	$(INSTALL) -m 644 $(EXAMPLE) $(DESTDIR)$(sysconfdir)/
+	$(INSTALL) -m 644 $(MANDOC) $(DESTDIR)$(man5dir)/
+#	$(INSTALL) -m 755 $(TEST) $(libdir)
+
+.PHONY: clean
+
+clean:
+	$(RM) -f ppm.o $(PROGRAMS) ppm.lo $(TEST)
+	$(RM) -rf .libs
+
+test: ppm $(TEST)
+	LDAP_SRC=$(LDAP_SRC) $(TESTS)
+
+doc:
+	pandoc $(MDDOC) -s -t man -o $(MANDOC)
+	sed -i -e 's#ETCDIR#$(DESTDIR)$(sysconfdir)#g' $(MANDOC)
+
diff --git a/contrib/slapd-modules/ppm/README.md b/contrib/slapd-modules/ppm/README.md
new file mode 100644
index 0000000..129f788
--- /dev/null
+++ b/contrib/slapd-modules/ppm/README.md
@@ -0,0 +1 @@
+See ppm.md manual and INSTALL.md
diff --git a/contrib/slapd-modules/ppm/ppm.c b/contrib/slapd-modules/ppm/ppm.c
new file mode 100644
index 0000000..801ab6c
--- /dev/null
+++ b/contrib/slapd-modules/ppm/ppm.c
@@ -0,0 +1,684 @@
+/*
+ * ppm.c for OpenLDAP
+ *
+ * See LICENSE, README and INSTALL files
+ */
+
+
+/*
+  password policy module is called with:
+  int check_password (char *pPasswd, char **ppErrStr, Entry *e, void *pArg)
+
+  *pPasswd: new password
+  **ppErrStr: pointer to the string containing the error message
+  *e: pointer to the current user entry
+  *pArg: pointer to a struct berval holding the value of pwdCheckModuleArg attr
+*/
+
+#include <stdlib.h>             // for type conversion, such as atoi...
+#include <regex.h>              // for matching allowedParameters / conf file
+#include <string.h>
+#include <ctype.h>
+#include <portable.h>
+#include <slap.h>
+#include <stdarg.h>             // for variable nb of arguments functions
+#include "ppm.h"
+
+#ifdef CRACKLIB
+#include "crack.h"              // use cracklib to check password
+#endif
+
+void
+ppm_log(int priority, const char *format, ...)
+{
+  // if DEBUG flag is set
+  // logs into syslog (for OpenLDAP) or to stdout (for tests)
+#if defined(DEBUG)
+  if(ppm_test != 1)
+  {
+    va_list syslog_args;
+    va_start(syslog_args, format);
+    vsyslog(priority, format, syslog_args);
+    va_end(syslog_args);
+  }
+  else
+  {
+    va_list stdout_args;
+    va_start(stdout_args, format);
+    vprintf(format, stdout_args);
+    printf("\n");
+    fflush(stdout);
+    va_end(stdout_args);
+  }
+#endif
+}
+
+void
+strcpy_safe(char *dest, char *src, int length_dest)
+{
+    if(src == NULL)
+    {
+        dest[0] = '\0';
+    }
+    else
+    {
+        int length_src = strlen(src);
+        int n = (length_dest < length_src) ? length_dest : length_src;
+        // Copy the string — don’t copy too many bytes.
+        strncpy(dest, src, n);
+        // Ensure null-termination.
+        dest[n] = '\0';
+    }
+}
+
+genValue*
+getValue(conf *fileConf, int numParam, char* param)
+{
+    int i = 0;
+
+    // First scan parameters
+    for (i = 0; i < numParam; i++) {
+        if ((strlen(param) == strlen(fileConf[i].param))
+            && (strncmp(param, fileConf[i].param, strlen(fileConf[i].param))
+                == 0)) {
+            return &(fileConf[i].value);
+        }
+    }
+    return NULL;
+}
+
+int maxConsPerClass(char *password, char *charClass)
+{
+  // find maximum number of consecutive class characters in the password
+
+  int bestMax = 0;
+  int max = 0;
+  int i;
+
+  for(i=0 ; i<strlen(password) ; i++)
+  {
+    if(strchr(charClass,password[i]) != NULL)
+    {
+      // current character is in class
+      max++;
+      // is the new max a better candidate to maxConsecutivePerClass?
+      if(max > bestMax)
+      {
+        // found a better maxConsecutivePerClass
+        bestMax = max;
+      }
+    }
+    else
+    {
+      // current character is not in class
+      // reinitialize max
+      max=0;
+    }
+  }
+  return bestMax;
+}
+
+void
+storeEntry(char *param, char *value, valueType valType, 
+           char *min, char *minForPoint, conf * fileConf, int *numParam)
+{
+    int i = 0;
+    int iMin;
+    int iMinForPoint;
+    if (min == NULL || strcmp(min,"") == 0)
+      iMin = 0;
+    else
+      iMin = atoi(min);
+
+    if (minForPoint == NULL || strcmp(minForPoint,"") == 0)
+      iMinForPoint = 0;
+    else
+      iMinForPoint = atoi(minForPoint);
+
+    // First scan parameters
+    for (i = 0; i < *numParam; i++) {
+        if ((strlen(param) == strlen(fileConf[i].param))
+            && (strncmp(param, fileConf[i].param, strlen(fileConf[i].param))
+                == 0)) {
+            // entry found, replace values
+            if(valType == typeInt)
+                fileConf[i].value.iVal = atoi(value);
+            else
+                strcpy_safe(fileConf[i].value.sVal, value, VALUE_MAX_LEN);
+            fileConf[i].min = iMin;
+            fileConf[i].minForPoint = iMinForPoint;
+            if(valType == typeInt)
+                ppm_log(LOG_NOTICE, "ppm:  Accepted replaced value: %d",
+                               fileConf[i].value.iVal);
+            else
+                ppm_log(LOG_NOTICE, "ppm:  Accepted replaced value: %s",
+                               fileConf[i].value.sVal);
+            return;
+        }
+    }
+    // entry not found, add values
+    strcpy_safe(fileConf[*numParam].param, param, PARAM_MAX_LEN);
+    fileConf[*numParam].iType = valType;
+    if(valType == typeInt)
+        fileConf[i].value.iVal = atoi(value);
+    else
+        strcpy_safe(fileConf[i].value.sVal, value, VALUE_MAX_LEN);
+    fileConf[*numParam].min = iMin;
+    fileConf[*numParam].minForPoint = iMinForPoint;
+    ++(*numParam);
+            if(valType == typeInt)
+                ppm_log(LOG_NOTICE, "ppm:  Accepted new value: %d",
+                               fileConf[*numParam].value.iVal);
+            else
+                ppm_log(LOG_NOTICE, "ppm:  Accepted new value: %s",
+                               fileConf[*numParam].value.sVal);
+}
+
+int
+typeParam(char* param)
+{
+    int i;
+    int n = sizeof(allowedParameters)/sizeof(params);
+
+    regex_t regex;
+    int reti;
+
+    for(i = 0 ; i < n ; i++ )
+    {
+        // Compile regular expression
+        reti = regcomp(&regex, allowedParameters[i].param, 0);
+        if (reti) {
+            ppm_log(LOG_ERR, "ppm: Cannot compile regex: %s",
+                   allowedParameters[i].param);
+            return n;
+        }
+        
+        // Execute regular expression
+        reti = regexec(&regex, param, 0, NULL, 0);
+        if (!reti)
+        {
+            regfree(&regex);
+            return i;
+        } 
+        regfree(&regex);
+    }
+    return n;
+}
+
+#ifndef PPM_READ_FILE
+
+  /*
+   * read configuration into pwdCheckModuleArg attribute
+   * */
+  static void
+  read_config_attr(conf * fileConf, int *numParam, char *ppm_config_attr)
+  {
+    int nParam = 0;       // position of found parameter in allowedParameters
+    int sAllowedParameters = sizeof(allowedParameters)/sizeof(params);
+    char arg[260*256];
+    char *token;
+    char *saveptr1;
+    char *saveptr2;
+  
+    strcpy_safe(arg, ppm_config_attr, 260*256);
+    ppm_log(LOG_NOTICE, "ppm: Parsing pwdCheckModuleArg attribute");
+    token = strtok_r(arg, "\n", &saveptr1);
+  
+    while (token != NULL) {
+        ppm_log(LOG_NOTICE, "ppm: get line: %s",token);
+        char *start = token;
+        char *word, *value;
+        char *min, *minForPoint;;
+  
+        while (isspace(*start) && isascii(*start))
+            start++;
+  
+        if (!isascii(*start))
+        {
+            token = strtok_r(NULL, "\n", &saveptr1);
+            continue;
+        }
+        if (start[0] == '#')
+        {
+            token = strtok_r(NULL, "\n", &saveptr1);
+            continue;
+        }
+  
+        if ((word = strtok_r(start, " \t", &saveptr2))) {
+            if ((value = strtok_r(NULL, " \t", &saveptr2)) == NULL)
+            {
+                saveptr2 = NULL;
+                ppm_log(LOG_NOTICE, "ppm: No value, goto next parameter");
+                token = strtok_r(NULL, "\n", &saveptr1);
+                continue;
+            }
+            if (strchr(value, '\n') != NULL)
+                strchr(value, '\n')[0] = '\0';
+            min = strtok_r(NULL, " \t", &saveptr2);
+            if (min != NULL)
+                if (strchr(min, '\n') != NULL)
+                    strchr(min, '\n')[0] = '\0';
+            minForPoint = strtok_r(NULL, " \t", &saveptr2);
+            if (minForPoint != NULL)
+                if (strchr(minForPoint, '\n') != NULL)
+                    strchr(minForPoint, '\n')[0] = '\0';
+  
+  
+            nParam = typeParam(word); // search for param in allowedParameters
+            if (nParam != sAllowedParameters) // param has been found
+            {
+                ppm_log(LOG_NOTICE,
+                   "ppm: Param = %s, value = %s, min = %s, minForPoint= %s",
+                   word, value, min, minForPoint);
+  
+                storeEntry(word, value, allowedParameters[nParam].iType,
+                           min, minForPoint, fileConf, numParam);
+            }
+            else
+            {
+                ppm_log(LOG_NOTICE,
+                   "ppm: Parameter '%s' rejected", word);
+            }
+  
+        }
+        token = strtok_r(NULL, "\n", &saveptr1);
+    }
+  
+  }
+
+#endif
+
+#ifdef PPM_READ_FILE
+
+  /*
+   * read configuration file (DEPRECATED)
+   * */
+  static void
+  read_config_file(conf * fileConf, int *numParam, char *ppm_config_file)
+  {
+    FILE *config;
+    char line[260] = "";
+    int nParam = 0;       // position of found parameter in allowedParameters
+    int sAllowedParameters = sizeof(allowedParameters)/sizeof(params);
+  
+    ppm_log(LOG_NOTICE, "ppm: Opening file %s", ppm_config_file);
+    if ((config = fopen(ppm_config_file, "r")) == NULL) {
+        ppm_log(LOG_ERR, "ppm: Opening file %s failed", ppm_config_file);
+        exit(EXIT_FAILURE);
+    }
+  
+    while (fgets(line, 256, config) != NULL) {
+        char *start = line;
+        char *word, *value;
+        char *min, *minForPoint;;
+  
+        while (isspace(*start) && isascii(*start))
+            start++;
+  
+        if (!isascii(*start))
+            continue;
+        if (start[0] == '#')
+            continue;
+  
+        if ((word = strtok(start, " \t"))) {
+            if ((value = strtok(NULL, " \t")) == NULL)
+                continue;
+            if (strchr(value, '\n') != NULL)
+                strchr(value, '\n')[0] = '\0';
+            min = strtok(NULL, " \t");
+            if (min != NULL)
+                if (strchr(min, '\n') != NULL)
+                    strchr(min, '\n')[0] = '\0';
+            minForPoint = strtok(NULL, " \t");
+            if (minForPoint != NULL)
+                if (strchr(minForPoint, '\n') != NULL)
+                    strchr(minForPoint, '\n')[0] = '\0';
+  
+  
+            nParam = typeParam(word); // search for param in allowedParameters
+            if (nParam != sAllowedParameters) // param has been found
+            {
+                ppm_log(LOG_NOTICE,
+                   "ppm: Param = %s, value = %s, min = %s, minForPoint= %s",
+                   word, value, min, minForPoint);
+  
+                storeEntry(word, value, allowedParameters[nParam].iType,
+                           min, minForPoint, fileConf, numParam);
+            }
+            else
+            {
+                ppm_log(LOG_NOTICE,
+                   "ppm: Parameter '%s' rejected", word);
+            }
+  
+        }
+    }
+  
+    fclose(config);
+  }
+
+#endif
+
+static int
+realloc_error_message(char **target, int curlen, int nextlen)
+{
+    if (curlen < nextlen + MEMORY_MARGIN) {
+        ppm_log(LOG_WARNING,
+               "ppm: Reallocating szErrStr from %d to %d", curlen,
+               nextlen + MEMORY_MARGIN);
+        ber_memfree(*target);
+        curlen = nextlen + MEMORY_MARGIN;
+        *target = (char *) ber_memalloc(curlen);
+    }
+
+    return curlen;
+}
+
+// Does the password contains a token from the RDN ?
+int
+containsRDN(char* passwd, char* DN)
+{
+    char lDN[DN_MAX_LEN];
+    char * tmpToken;
+    char * token;
+    regex_t regex;
+    int reti;
+ 
+    strcpy_safe(lDN, DN, DN_MAX_LEN);
+ 
+    // Extract the RDN from the DN
+    tmpToken = strtok(lDN, ",+");
+    tmpToken = strtok(tmpToken, "=");
+    tmpToken = strtok(NULL, "=");
+ 
+    // Search for each token in the password */
+    token = strtok(tmpToken, TOKENS_DELIMITERS);
+ 
+    while (token != NULL)
+    {
+      if (strlen(token) > 2)
+      {
+        ppm_log(LOG_NOTICE, "ppm: Checking if %s part of RDN matches the password", token);
+        // Compile regular expression
+        reti = regcomp(&regex, token, REG_ICASE);
+        if (reti) {
+          ppm_log(LOG_ERR, "ppm: Cannot compile regex: %s", token);
+          return 0;
+        }
+ 
+        // Execute regular expression
+        reti = regexec(&regex, passwd, 0, NULL, 0);
+        if (!reti)
+        {
+          regfree(&regex);
+          return 1;
+        }
+ 
+        regfree(&regex);
+      }
+      else
+      {
+        ppm_log(LOG_NOTICE, "ppm: %s part of RDN is too short to be checked", token);
+      }
+      token = strtok(NULL, TOKENS_DELIMITERS);
+    }
+ 
+    return 0;
+}
+
+
+int
+check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg)
+{
+
+    Entry *pEntry = e;
+    struct berval *pwdCheckModuleArg = pArg;
+    char *szErrStr = (char *) ber_memalloc(MEM_INIT_SZ);
+    int mem_len = MEM_INIT_SZ;
+    int numParam = 0; // Number of params in current configuration
+
+    int useCracklib;
+    char cracklibDict[VALUE_MAX_LEN];
+    char cracklibDictFiles[3][(VALUE_MAX_LEN+5)];
+    char const* cracklibExt[] = { ".hwm", ".pwd", ".pwi" };
+    FILE* fd;
+    char* res;
+    int minQuality;
+    int checkRDN;
+    char forbiddenChars[VALUE_MAX_LEN];
+    int nForbiddenChars = 0;
+    int nQuality = 0;
+    int maxConsecutivePerClass;
+    int nbInClass[CONF_MAX_SIZE];
+    int i,j;
+
+    ppm_log(LOG_NOTICE, "ppm: entry %s", pEntry->e_nname.bv_val);
+
+#ifdef PPM_READ_FILE
+    /* Determine if config file is to be read (DEPRECATED) */
+    char ppm_config_file[FILENAME_MAX_LEN];
+
+    ppm_log(LOG_NOTICE, "ppm: Not reading pwdCheckModuleArg attribute");
+    ppm_log(LOG_NOTICE, "ppm: instead, read configuration file (deprecated)");
+
+    strcpy_safe(ppm_config_file, getenv("PPM_CONFIG_FILE"), FILENAME_MAX_LEN);
+    if (ppm_config_file[0] == '\0') {
+        strcpy_safe(ppm_config_file, CONFIG_FILE, FILENAME_MAX_LEN);
+    }
+    ppm_log(LOG_NOTICE, "ppm: reading config file from %s", ppm_config_file);
+#else
+    if ( !pwdCheckModuleArg || !pwdCheckModuleArg->bv_val ) {
+        ppm_log(LOG_ERR, "ppm: No config provided in pwdCheckModuleArg");
+        mem_len = realloc_error_message(&szErrStr, mem_len,
+                        strlen(GENERIC_ERROR));
+        sprintf(szErrStr, GENERIC_ERROR);
+        goto fail;
+    }
+
+    ppm_log(LOG_NOTICE, "ppm: Reading pwdCheckModuleArg attribute");
+    ppm_log(LOG_NOTICE, "ppm: RAW configuration: %s", pwdCheckModuleArg->bv_val);
+#endif
+
+    for (i = 0; i < CONF_MAX_SIZE; i++)
+        nbInClass[i] = 0;
+
+    /* Set default values */
+    conf fileConf[CONF_MAX_SIZE] = {
+        {"minQuality", typeInt, {.iVal = DEFAULT_QUALITY}, 0, 0
+         }
+        ,
+        {"checkRDN", typeInt, {.iVal = 0}, 0, 0
+         }
+        ,
+        {"forbiddenChars", typeStr, {.sVal = ""}, 0, 0
+         }
+        ,
+        {"maxConsecutivePerClass", typeInt, {.iVal = 0}, 0, 0
+         }
+        ,
+        {"useCracklib", typeInt, {.iVal = 0}, 0, 0
+         }
+        ,
+        {"cracklibDict", typeStr, {.sVal = "/var/cache/cracklib/cracklib_dict"}, 0, 0
+         }
+        ,
+        {"class-upperCase", typeStr, {.sVal = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"}, 0, 1
+         }
+        ,
+        {"class-lowerCase", typeStr, {.sVal = "abcdefghijklmnopqrstuvwxyz"}, 0, 1
+         }
+        ,
+        {"class-digit", typeStr, {.sVal = "0123456789"}, 0, 1
+         }
+        ,
+        {"class-special", typeStr,
+         {.sVal = "<>,?;.:/!§ù%*µ^¨$£²&é~\"#'{([-|è`_\\ç^à@)]°=}+"}, 0, 1
+         }
+    };
+    numParam = 10;
+
+    #ifdef PPM_READ_FILE
+      /* Read configuration file (DEPRECATED) */
+      read_config_file(fileConf, &numParam, ppm_config_file);
+    #else
+      /* Read configuration attribute (pwdCheckModuleArg) */
+      read_config_attr(fileConf, &numParam, (*(struct berval*)pwdCheckModuleArg).bv_val);
+    #endif
+
+    minQuality = getValue(fileConf, numParam, "minQuality")->iVal;
+    checkRDN = getValue(fileConf, numParam, "checkRDN")->iVal;
+    strcpy_safe(forbiddenChars,
+                getValue(fileConf, numParam, "forbiddenChars")->sVal,
+                VALUE_MAX_LEN);
+    maxConsecutivePerClass = getValue(fileConf, numParam, "maxConsecutivePerClass")->iVal;
+    useCracklib = getValue(fileConf, numParam, "useCracklib")->iVal;
+    strcpy_safe(cracklibDict,
+                getValue(fileConf, numParam, "cracklibDict")->sVal,
+                VALUE_MAX_LEN);
+
+
+    /*The password must have at least minQuality strength points with one
+     * point granted if the password contains at least minForPoint characters for each class
+     * It must contains at least min chars of each class
+     * It must not contain any char in forbiddenChar */
+
+    for (i = 0; i < strlen(pPasswd); i++) {
+
+        int n;
+        for (n = 0; n < numParam; n++) {
+            if (strstr(fileConf[n].param, "class-") != NULL) {
+                if (strchr(fileConf[n].value.sVal, pPasswd[i]) != NULL) {
+                    ++(nbInClass[n]);
+                }
+            }
+        }
+        if (strchr(forbiddenChars, pPasswd[i]) != NULL) {
+            nForbiddenChars++;
+        }
+    }
+
+    // Password checking done, now loocking for minForPoint criteria
+    for (i = 0; i < CONF_MAX_SIZE; i++) {
+        if (strstr(fileConf[i].param, "class-") != NULL) {
+            if ((nbInClass[i] >= fileConf[i].minForPoint)
+                && strlen(fileConf[i].value.sVal) != 0) {
+                // 1 point granted
+                ++nQuality;
+                ppm_log(LOG_NOTICE, "ppm: 1 point granted for class %s",
+                       fileConf[i].param);
+            }
+        }
+    }
+
+    if (nQuality < minQuality) {
+        mem_len = realloc_error_message(&szErrStr, mem_len,
+                                        strlen(PASSWORD_QUALITY_SZ) +
+                                        strlen(pEntry->e_nname.bv_val) + 4);
+        sprintf(szErrStr, PASSWORD_QUALITY_SZ, pEntry->e_nname.bv_val,
+                nQuality, minQuality);
+        goto fail;
+    }
+    // Password checking done, now loocking for constraintClass criteria
+    for (i = 0; i < CONF_MAX_SIZE; i++) {
+        if (strstr(fileConf[i].param, "class-") != NULL) {
+            if ((nbInClass[i] < fileConf[i].min) &&
+                 strlen(fileConf[i].value.sVal) != 0) {
+                // constraint is not satisfied... goto fail
+                mem_len = realloc_error_message(&szErrStr, mem_len,
+                                                strlen(PASSWORD_CRITERIA) +
+                                                strlen(pEntry->e_nname.bv_val) + 
+                                                2 + PARAM_MAX_LEN);
+                sprintf(szErrStr, PASSWORD_CRITERIA, pEntry->e_nname.bv_val,
+                        fileConf[i].min, fileConf[i].param);
+                goto fail;
+            }
+        }
+    }
+
+    // Password checking done, now loocking for forbiddenChars criteria
+    if (nForbiddenChars > 0) {  // at least 1 forbidden char... goto fail
+        mem_len = realloc_error_message(&szErrStr, mem_len,
+                                        strlen(PASSWORD_FORBIDDENCHARS) +
+                                        strlen(pEntry->e_nname.bv_val) + 2 +
+                                        VALUE_MAX_LEN);
+        sprintf(szErrStr, PASSWORD_FORBIDDENCHARS, pEntry->e_nname.bv_val,
+                nForbiddenChars, forbiddenChars);
+        goto fail;
+    }
+
+    // Password checking done, now loocking for maxConsecutivePerClass criteria
+    for (i = 0; i < CONF_MAX_SIZE; i++) {
+        if (strstr(fileConf[i].param, "class-") != NULL) {
+            if ( maxConsecutivePerClass != 0 &&
+                (maxConsPerClass(pPasswd,fileConf[i].value.sVal)
+                                                 > maxConsecutivePerClass)) {
+                // Too much consecutive characters of the same class
+                ppm_log(LOG_NOTICE, "ppm: Too much consecutive chars for class %s",
+                       fileConf[i].param);
+                mem_len = realloc_error_message(&szErrStr, mem_len,
+                                        strlen(PASSWORD_MAXCONSECUTIVEPERCLASS) +
+                                        strlen(pEntry->e_nname.bv_val) + 2 +
+                                        PARAM_MAX_LEN);
+                sprintf(szErrStr, PASSWORD_MAXCONSECUTIVEPERCLASS, pEntry->e_nname.bv_val,
+                        maxConsecutivePerClass, fileConf[i].param);
+                goto fail;
+            }
+        }
+    }
+#ifdef CRACKLIB
+    // Password checking done, now loocking for cracklib criteria
+    if ( useCracklib > 0 ) {
+
+        for( j = 0 ; j < 3 ; j++) {
+            strcpy_safe(cracklibDictFiles[j], cracklibDict, VALUE_MAX_LEN);
+            strcat(cracklibDictFiles[j], cracklibExt[j]);
+            if (( fd = fopen ( cracklibDictFiles[j], "r")) == NULL ) {
+                ppm_log(LOG_NOTICE, "ppm: Error while reading %s file",
+                       cracklibDictFiles[j]);
+                mem_len = realloc_error_message(&szErrStr, mem_len,
+                                strlen(GENERIC_ERROR));
+                sprintf(szErrStr, GENERIC_ERROR);
+                goto fail;
+
+            }
+            else {
+                fclose (fd);
+            }
+        }
+        res = (char *) FascistCheck (pPasswd, cracklibDict);
+        if ( res != NULL ) {
+                ppm_log(LOG_NOTICE, "ppm: cracklib does not validate password for entry %s",
+                       pEntry->e_nname.bv_val);
+                mem_len = realloc_error_message(&szErrStr, mem_len,
+                                        strlen(PASSWORD_CRACKLIB) +
+                                        strlen(pEntry->e_nname.bv_val));
+                sprintf(szErrStr, PASSWORD_CRACKLIB, pEntry->e_nname.bv_val);
+                goto fail;
+        
+        }
+
+    }
+#endif
+
+    // Password checking done, now looking for checkRDN criteria
+    if (checkRDN == 1 && containsRDN(pPasswd, pEntry->e_nname.bv_val))
+    // RDN check enabled and a token from RDN is found in password: goto fail
+    {
+        mem_len = realloc_error_message(&szErrStr, mem_len,
+                                        strlen(RDN_TOKEN_FOUND) +
+                                        strlen(pEntry->e_nname.bv_val));
+        sprintf(szErrStr, RDN_TOKEN_FOUND, pEntry->e_nname.bv_val);
+
+        goto fail;
+    }
+
+    *ppErrStr = strdup("");
+    ber_memfree(szErrStr);
+    return (LDAP_SUCCESS);
+
+  fail:
+    *ppErrStr = strdup(szErrStr);
+    ber_memfree(szErrStr);
+    return (EXIT_FAILURE);
+
+}
diff --git a/contrib/slapd-modules/ppm/ppm.example b/contrib/slapd-modules/ppm/ppm.example
new file mode 100644
index 0000000..10cf132
--- /dev/null
+++ b/contrib/slapd-modules/ppm/ppm.example
@@ -0,0 +1,85 @@
+# Example of ppm configuration
+
+# Such configuration must be stored into pwdCheckModuleArg attribute
+# of a password policy entry
+# See slapo-ppolicy for more details
+# Here is an example of such password policy:
+#   dn: cn=default,ou=policies,dc=my-domain,dc=com
+#   objectClass: pwdPolicy
+#   objectClass: top
+#   objectClass: pwdPolicyChecker
+#   objectClass: person
+#   pwdCheckQuality: 2
+#   pwdAttribute: userPassword
+#   sn: default
+#   cn: default
+#   pwdMinLength: 6
+#   pwdCheckModule: /usr/local/lib/ppm.so
+#   pwdCheckModuleArg:: bWluUXVhbGl0eSAzCmNoZWNrUkROIDAKZm9yYmlkZGVuQ2hhcnMKbWF4Q29uc2VjdXRpdmVQZXJDbGFzcyAwCnVzZUNyYWNrbGliIDAKY3JhY2tsaWJEaWN0IC92YXIvY2FjaGUvY3JhY2tsaWIvY3JhY2tsaWJfZGljdApjbGFzcy11cHBlckNhc2UgQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMCAxCmNsYXNzLWxvd2VyQ2FzZSBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwIDEKY2xhc3MtZGlnaXQgMDEyMzQ1Njc4OSAwIDEKY2xhc3Mtc3BlY2lhbCA8Piw/Oy46LyHCp8O5JSrCtV7CqCTCo8KyJsOpfiIjJ3soWy18w6hgX1zDp17DoEApXcKwPX0rIDAgMQ==
+#
+# Different parameters are separated by a linefeed (\n)
+# Parameters starting with a # are ignored
+# Use a base64 tool to code / decode the content of pwdCheckModuleArg
+
+
+
+# Parameters
+
+# minQuality parameter
+# Format:
+# minQuality [NUMBER]
+# Description:
+# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
+# defines the minimum point numbers for the password to be accepted.
+minQuality 3
+
+# checkRDN parameter
+# Format:
+# checkRDN [0 | 1]
+# Description:
+# If set to 1, password must not contain a token from the RDN.
+# Tokens are separated by these delimiters : space tabulation _ - , ; £
+checkRDN 0
+
+# forbiddenChars parameter
+# Format:
+# forbiddenChars [CHARACTERS_FORBIDDEN]
+# Description:
+# Defines the forbidden characters list (no separator).
+# If one of them is found in the password, then it is rejected.
+forbiddenChars 
+
+# maxConsecutivePerClass parameter
+# Format:
+# maxConsecutivePerClass [NUMBER]
+# Description:
+# Defines the maximum number of consecutive character allowed for any class
+maxConsecutivePerClass 0
+
+# useCracklib parameter
+# Format:
+# useCracklib [0 | 1]
+# Description:
+# If set to 1, the password must pass the cracklib check
+useCracklib 0
+
+# cracklibDict parameter
+# Format:
+# cracklibDict [path_to_cracklib_dictionary]
+# Description:
+# directory+filename-prefix that your version of CrackLib will go hunting for
+# For example, /var/pw_dict resolves as /var/pw_dict.pwd,
+# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
+cracklibDict /var/cache/cracklib/cracklib_dict
+
+# classes parameter
+# Format:
+# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
+# Description:
+# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
+# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
+# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+class-digit 0123456789 0 1
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
diff --git a/contrib/slapd-modules/ppm/ppm.h b/contrib/slapd-modules/ppm/ppm.h
new file mode 100644
index 0000000..25b360d
--- /dev/null
+++ b/contrib/slapd-modules/ppm/ppm.h
@@ -0,0 +1,125 @@
+/*
+ * ppm.h for OpenLDAP
+ *
+ * See LICENSE, README and INSTALL files
+ */
+
+#ifndef PPM_H_
+#define PPM_H_
+
+#include <stdlib.h>             // for type conversion, such as atoi...
+#include <regex.h>              // for matching allowedParameters / conf file
+#include <string.h>
+#include <ctype.h>
+#include <portable.h>
+#include <slap.h>
+
+#if defined(DEBUG)
+#include <syslog.h>
+#endif
+
+//#define PPM_READ_FILE 1       // old deprecated configuration mode
+                                // 1: (deprecated) don't read pwdCheckModuleArg
+                                //    attribute, instead read config file
+                                // 0: read pwdCheckModuleArg attribute
+
+/* config file parameters (DEPRECATED) */
+#ifndef CONFIG_FILE
+#define CONFIG_FILE                       "/etc/openldap/ppm.example"
+#endif
+#define FILENAME_MAX_LEN                  512
+
+#define DEFAULT_QUALITY                   3
+#define MEMORY_MARGIN                     50
+#define MEM_INIT_SZ                       64
+#define DN_MAX_LEN                        512
+
+#define CONF_MAX_SIZE                      50
+#define PARAM_MAX_LEN                      32
+#define VALUE_MAX_LEN                      128
+#define ATTR_NAME_MAX_LEN                  150
+
+#define PARAM_PREFIX_CLASS                "class-"
+#define TOKENS_DELIMITERS                 " ,;-_£\t"
+
+
+#define DEBUG_MSG_MAX_LEN                 256
+
+#define PASSWORD_QUALITY_SZ \
+  "Password for dn=\"%s\" does not pass required number of strength checks (%d of %d)"
+#define PASSWORD_CRITERIA \
+  "Password for dn=\"%s\" has not reached the minimum number of characters (%d) for class %s"
+#define PASSWORD_MAXCONSECUTIVEPERCLASS \
+  "Password for dn=\"%s\" has reached the maximum number of characters (%d) for class %s"
+#define PASSWORD_FORBIDDENCHARS \
+  "Password for dn=\"%s\" contains %d forbidden characters in %s"
+#define RDN_TOKEN_FOUND \
+  "Password for dn=\"%s\" contains tokens from the RDN"
+#define GENERIC_ERROR \
+  "Error while checking password"
+#define PASSWORD_CRACKLIB \
+  "Password for dn=\"%s\" is too weak"
+#define BAD_PASSWORD_SZ \
+  "Bad password for dn=\"%s\" because %s"
+
+
+
+typedef union genValue {
+    int iVal;
+    char sVal[VALUE_MAX_LEN];
+} genValue;
+
+typedef enum {
+    typeInt,
+    typeStr
+} valueType;
+
+typedef struct params {
+    char param[PARAM_MAX_LEN];
+    valueType iType;
+} params;
+
+// allowed parameters loaded into configuration structure
+// it also contains the type of the corresponding value
+params allowedParameters[7] = {
+    {"^minQuality", typeInt},
+    {"^checkRDN", typeInt},
+    {"^forbiddenChars", typeStr},
+    {"^maxConsecutivePerClass", typeInt},
+    {"^useCracklib", typeInt},
+    {"^cracklibDict", typeStr},
+    {"^class-.*", typeStr}
+};
+
+
+// configuration structure, containing a parameter, a value,
+// a corresponding min and minForPoint indicators if necessary
+// and a type for the value (typeInt or typeStr)
+typedef struct conf {
+    char param[PARAM_MAX_LEN];
+    valueType iType;
+    genValue value;
+    int min;
+    int minForPoint;
+} conf;
+
+void ppm_log(int priority, const char *format, ...);
+int min(char *str1, char *str2);
+#ifndef PPM_READ_FILE
+  static void read_config_attr(conf * fileConf, int *numParam, char *ppm_config_attr);
+#endif
+#ifdef PPM_READ_FILE
+  static void read_config_file(conf * fileConf, int *numParam, char *ppm_config_file);
+#endif
+int check_password(char *pPasswd, char **ppErrStr, Entry *e, void *pArg);
+int maxConsPerClass(char *password, char *charClass);
+void storeEntry(char *param, char *value, valueType valType, 
+           char *min, char *minForPoint, conf * fileConf, int *numParam);
+int typeParam(char* param);
+genValue* getValue(conf *fileConf, int numParam, char* param);
+void strcpy_safe(char *dest, char *src, int length_dest);
+
+
+int ppm_test = 0;
+
+#endif
diff --git a/contrib/slapd-modules/ppm/ppm.md b/contrib/slapd-modules/ppm/ppm.md
new file mode 100644
index 0000000..5b1accb
--- /dev/null
+++ b/contrib/slapd-modules/ppm/ppm.md
@@ -0,0 +1,343 @@
+---
+title: ppm
+section: 5
+header: File Formats Manual
+footer: ppm
+date: August 24, 2021
+---
+
+# NAME
+
+ppm (Password Policy Module) - extension of the password policy overlay
+
+# SYNOPSIS
+
+ETCDIR/ppm.example
+
+# DESCRIPTION
+
+**ppm** is an OpenLDAP module for checking password quality when they are modified.
+Passwords are checked against the presence or absence of certain character classes.
+
+This module is used as an extension of the OpenLDAP password policy controls,
+see slapo-ppolicy(5) section **pwdCheckModule**.
+
+
+# USAGE
+
+Create a password policy entry and indicate the path of the ppm.so library
+and the content of the desired policy.
+Use a base64 tool to code / decode the content of the policy stored into
+**pwdCheckModuleArg**. Here is an example:
+
+```
+dn: cn=default,ou=policies,dc=my-domain,dc=com
+objectClass: pwdPolicy
+objectClass: top
+objectClass: pwdPolicyChecker
+objectClass: person
+pwdCheckQuality: 2
+pwdAttribute: userPassword
+sn: default
+cn: default
+pwdMinLength: 6
+pwdCheckModule: /usr/local/lib/ppm.so
+pwdCheckModuleArg:: bWluUXVhbGl0eSAzCmNoZWNrUkROIDAKZm9yYmlkZGVuQ2hhcnMKbWF4Q29uc2VjdXRpdmVQZXJDbGFzcyAwCnVzZUNyYWNrbGliIDAKY3JhY2tsaWJEaWN0IC92YXIvY2FjaGUvY3JhY2tsaWIvY3JhY2tsaWJfZGljdApjbGFzcy11cHBlckNhc2UgQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMCAxCmNsYXNzLWxvd2VyQ2FzZSBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwIDEKY2xhc3MtZGlnaXQgMDEyMzQ1Njc4OSAwIDEKY2xhc3Mtc3BlY2lhbCA8Piw/Oy46LyHCp8O5JSrCtV7CqCTCo8KyJsOpfiIjJ3soWy18w6hgX1zDp17DoEApXcKwPX0rIDAgMQ==
+```
+
+
+See **slapo-ppolicy** for more information, but to sum up:
+
+- enable ppolicy overlay in your database.
+- define a default password policy in OpenLDAP configuration or use pwdPolicySubentry attribute to point to the given policy.
+
+This example show the activation for a **slapd.conf** file
+(see **slapd-config** and **slapo-ppolicy** for more information for
+ **cn=config** configuration)
+
+```
+overlay ppolicy
+ppolicy_default "cn=default,ou=policies,dc=my-domain,dc=com"
+#ppolicy_use_lockout   # for having more infos about the lockout
+```
+
+
+# FEATURES
+
+Here are the main features:
+
+- 4 character classes are defined by default:
+upper case, lower case, digits and special characters.
+
+- more character classes can be defined, just write your own.
+
+- passwords must match the amount of quality points.
+A point is validated when at least m characters of the corresponding
+character class are present in the password.
+
+- passwords must have at least n of the corresponding character class
+present, else they are rejected.
+
+- the two previous criteria are checked against any specific character class
+defined.
+
+- if a password contains any of the forbidden characters, then it is
+rejected.
+
+- if a password contains tokens from the RDN, then it is rejected.
+
+- if a password does not pass cracklib check, then it is rejected.
+
+
+# CONFIGURATION
+
+Since OpenLDAP 2.5 version, ppm configuration is held in a binary
+attribute of the password policy: **pwdCheckModuleArg**
+
+The example file (**ETCDIR/ppm.example** by default) is to be
+considered as an example configuration, to import in the **pwdCheckModuleArg**
+attribute. It is also used for testing passwords with the test program
+provided.
+
+If for some reasons, any parameter is not found, it will be given its
+default value.
+
+Note: you can still compile ppm to use the configuration file, by enabling
+**PPM_READ_FILE** in **ppm.h** (but this is deprecated now). If you decide to do so,
+you can use the **PPM_CONFIG_FILE** environment variable for overloading the
+configuration file path.
+
+The syntax of a configuration line is:
+
+```
+parameter value [min] [minForPoint]
+```
+
+with spaces being delimiters and Line Feed (LF) ending the line.
+
+Parameter names **are** case sensitive.
+
+Lines beginning by a **#** are considered as comments.
+
+The default configuration is the following:
+
+```
+# minQuality parameter
+# Format:
+# minQuality [NUMBER]
+# Description:
+# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
+# defines the minimum point numbers for the password to be accepted.
+minQuality 3
+
+# checkRDN parameter
+# Format:
+# checkRDN [0 | 1]
+# Description:
+# If set to 1, password must not contain a token from the RDN.
+# Tokens are separated by the following delimiters : space tabulation _ - , ; £
+checkRDN 0
+
+# forbiddenChars parameter
+# Format:
+# forbiddenChars [CHARACTERS_FORBIDDEN]
+# Description:
+# Defines the forbidden characters list (no separator).
+# If one of them is found in the password, then it is rejected.
+forbiddenChars
+
+# maxConsecutivePerClass parameter
+# Format:
+# maxConsecutivePerClass [NUMBER]
+# Description:
+# Defines the maximum number of consecutive character allowed for any class
+maxConsecutivePerClass 0
+
+# useCracklib parameter
+# Format:
+# useCracklib [0 | 1]
+# Description:
+# If set to 1, the password must pass the cracklib check
+useCracklib 0
+
+# cracklibDict parameter
+# Format:
+# cracklibDict [path_to_cracklib_dictionary]
+# Description:
+# directory+filename-prefix that your version of CrackLib will go hunting for
+# For example, /var/pw_dict resolves as /var/pw_dict.pwd,
+# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
+cracklibDict /var/cache/cracklib/cracklib_dict
+
+# classes parameter
+# Format:
+# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
+# Description:
+# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
+# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
+# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+class-digit 0123456789 0 1
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
+```
+
+# EXAMPLE
+
+With this policy:
+```
+minQuality 4
+forbiddenChars .?,
+checkRDN 1
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 5
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 12
+class-digit 0123456789 0 1
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
+class-myClass :) 1 1``
+```
+
+the password **ThereIsNoCowLevel)** is working, because:
+
+- it has 4 character classes validated : upper, lower, special, and myClass
+- it has no character among .?,
+- it has at least one character among : or )
+
+but it won't work for the user uid=John Cowlevel,ou=people,cn=example,cn=com,
+because the token "Cowlevel" from his RDN exists in the password (case insensitive).
+
+
+# LOGS
+
+If a user password is rejected by **ppm**, the user will get this type of message:
+
+Typical user message from ldappasswd(5):
+
+```
+  Result: Constraint violation (19)
+  Additional info: Password for dn=\"%s\" does not pass required number of strength checks (2 of 3)
+```
+
+A more detailed message is written to the server log.
+
+Server log:
+
+```
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 MOD dn="uid=user,ou=persons,dc=my-domain,dc=com"
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 MOD attr=userPassword
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: entry uid=user,ou=persons,dc=my-domain,dc=com
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Reading pwdCheckModuleArg attribute
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: RAW configuration: # minQuality parameter#012# Format:#012# minQuality [NUMBER]#012# Description:#012# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.#012# defines the minimum point numbers for the password to be accepted.#012minQuality 3#012#012# checkRDN parameter#012# Format:#012# checkRDN [0 | 1]#012# Description:#012# If set to 1, password must not contain a token from the RDN.#012# Tokens are separated by the following delimiters : space tabulation _ - , ; £#012checkRDN 0#012#012# forbiddenChars parameter#012# Format:#012# forbiddenChars [CHARACTERS_FORBIDDEN]#012# Description:#012# Defines the forbidden characters list (no separator).#012# If one of them is found in the password, then it is rejected.#012forbiddenChars#012#012# maxConsecutivePerClass parameter#012# Format:#012# maxConsecutivePerClass [NUMBER]#012# Description:#012# Defines the maximum number of consecutive character allowed for any class#012maxConsecutivePerClass 0#012#012# useCracklib parameter#012# Format:#012# useCracklib [0 | 1]#012# Description:#012# If set to 1, the password must pass the cracklib check#012useCracklib 0#012#012# cracklibDict parameter#012# Format:#012# cracklibDict [path_to_cracklib_dictionary]#012# Description:#012# directory+filename-prefix that your version of CrackLib will go hunting for#012# For example, /var/pw_dict resolves as /var/pw_dict.pwd,#012# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files#012cracklibDict /var/cache/cracklib/cracklib_dict#012#012# classes parameter#012# Format:#012# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]#012# Description:#012# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)#012# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected#012# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class#012class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1#012class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1#012class-digit 0123456789 0 1#012class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Parsing pwdCheckModuleArg attribute
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # minQuality parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # minQuality [NUMBER]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # defines the minimum point numbers for the password to be accepted.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: minQuality 3
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = minQuality, value = 3, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 3
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # checkRDN parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # checkRDN [0 | 1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If set to 1, password must not contain a token from the RDN.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Tokens are separated by the following delimiters : space tabulation _ - , ; £
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: checkRDN 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = checkRDN, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # forbiddenChars parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # forbiddenChars [CHARACTERS_FORBIDDEN]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Defines the forbidden characters list (no separator).
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If one of them is found in the password, then it is rejected.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: forbiddenChars
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: No value, goto next parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # maxConsecutivePerClass parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # maxConsecutivePerClass [NUMBER]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Defines the maximum number of consecutive character allowed for any class
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: maxConsecutivePerClass 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = maxConsecutivePerClass, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # useCracklib parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # useCracklib [0 | 1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If set to 1, the password must pass the cracklib check
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: useCracklib 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = useCracklib, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # cracklibDict parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # cracklibDict [path_to_cracklib_dictionary]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # directory+filename-prefix that your version of CrackLib will go hunting for
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # For example, /var/pw_dict resolves as /var/pw_dict.pwd,
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: cracklibDict /var/cache/cracklib/cracklib_dict
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = cracklibDict, value = /var/cache/cracklib/cracklib_dict, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: /var/cache/cracklib/cracklib_dict
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # classes parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-upperCase, value = ABCDEFGHIJKLMNOPQRSTUVWXYZ, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: ABCDEFGHIJKLMNOPQRSTUVWXYZ
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-lowerCase, value = abcdefghijklmnopqrstuvwxyz, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: abcdefghijklmnopqrstuvwxyz
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-digit 0123456789 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-digit, value = 0123456789, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0123456789
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-special, value = <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: 1 point granted for class class-lowerCase
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: 1 point granted for class class-digit
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Reallocating szErrStr from 64 to 173
+Feb 26 14:46:10 debian-11-64 slapd[1981]: check_password_quality: module error: (/usr/local/lib/ppm.so) Password for dn="uid=user,ou=persons,dc=my-domain,dc=com" does not pass required number of strength checks (2 of 3).[1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 RESULT tag=103 err=19 qtime=0.000020 etime=0.001496 text=Password for dn="uid=user,ou=persons,dc=my-domain,dc=com" does not pass required number of strength checks (2 of 3)
+```
+
+
+# TESTS
+
+There is a unit test script: **unit_tests.sh** that illustrates checking some passwords.
+
+It is possible to test one particular password using directly the test program:
+
+```
+cd /usr/local/lib
+LD_LIBRARY_PATH=. ./ppm_test "uid=test,ou=users,dc=my-domain,dc=com" "my_password" "/usr/local/etc/openldap/ppm.example" && echo OK
+```
+
+
+# FILES
+
+**ETCDIR/ppm.example**
+
+> example of ppm configuration to be inserted in **pwdCheckModuleArg** attribute of given password policy
+
+**ppm.so**
+
+> ppm library, loaded by the **pwdCheckModule** attribute of given password policy
+
+**ppm_test**
+
+> small test program for checking password in a command-line
+
+
+# SEE ALSO
+
+**slapo-ppolicy**(5), **slapd-config**(5), **slapd.conf**(5)
+
+# ACKNOWLEDGEMENTS
+
+This module was developed in 2014-2021 by David Coutadeur.
diff --git a/contrib/slapd-modules/ppm/ppm_test.c b/contrib/slapd-modules/ppm/ppm_test.c
new file mode 100644
index 0000000..520aa0a
--- /dev/null
+++ b/contrib/slapd-modules/ppm/ppm_test.c
@@ -0,0 +1,66 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "ppm.h"
+
+int main(int argc, char *argv[])
+{
+  /*
+   * argv[1]: user
+   * argv[2]: password
+   * argv[3]: configuration file
+   */
+
+  int ret = 1;
+
+  if(argc > 2)
+  {
+    printf("Testing user %s password: '%s' against %s policy config file \n",
+            argv[1], argv[2], argv[3]
+          );
+
+    /* format user entry */
+    char *errmsg = NULL;
+    Entry pEntry;
+    pEntry.e_nname.bv_val=argv[1];
+    pEntry.e_name.bv_val=argv[1];
+
+    /* get configuration file content */
+    struct berval pArg;
+    FILE *fp;
+    if ((fp = fopen(argv[3],"r")) == NULL)
+    {
+      fprintf(stderr,"Unable to open config file for reading\n");
+      return ret;
+    }
+    char *fcontent = NULL;
+    fseek(fp, 0, SEEK_END);
+    long fsize = ftell(fp);
+    fseek(fp, 0, SEEK_SET);
+    fcontent = malloc(fsize);
+    fread(fcontent, 1, fsize, fp);
+    fclose(fp);
+    pArg.bv_val = fcontent;
+  
+    ppm_test=1; // enable ppm_test for informing ppm not to use syslog
+
+    ret = check_password(argv[2], &errmsg, &pEntry, &pArg);
+
+    if(ret == 0)
+    {
+      printf("Password is OK!\n");
+    }
+    else
+    {
+      printf("Password failed checks : %s\n", errmsg);
+    }
+
+    ber_memfree(errmsg);
+    return ret;
+
+  }
+
+  return ret;
+}
+
+
+
diff --git a/contrib/slapd-modules/ppm/slapm-ppm.5 b/contrib/slapd-modules/ppm/slapm-ppm.5
new file mode 100644
index 0000000..10e9c8d
--- /dev/null
+++ b/contrib/slapd-modules/ppm/slapm-ppm.5
@@ -0,0 +1,360 @@
+.\" Automatically generated by Pandoc 2.9.2.1
+.\"
+.TH "ppm" "5" "August 24, 2021" "ppm" "File Formats Manual"
+.hy
+.SH NAME
+.PP
+ppm (Password Policy Module) - extension of the password policy overlay
+.SH SYNOPSIS
+.PP
+ETCDIR/ppm.example
+.SH DESCRIPTION
+.PP
+\f[B]ppm\f[R] is an OpenLDAP module for checking password quality when
+they are modified.
+Passwords are checked against the presence or absence of certain
+character classes.
+.PP
+This module is used as an extension of the OpenLDAP password policy
+controls, see slapo-ppolicy(5) section \f[B]pwdCheckModule\f[R].
+.SH USAGE
+.PP
+Create a password policy entry and indicate the path of the ppm.so
+library and the content of the desired policy.
+Use a base64 tool to code / decode the content of the policy stored into
+\f[B]pwdCheckModuleArg\f[R].
+Here is an example:
+.IP
+.nf
+\f[C]
+dn: cn=default,ou=policies,dc=my-domain,dc=com
+objectClass: pwdPolicy
+objectClass: top
+objectClass: pwdPolicyChecker
+objectClass: person
+pwdCheckQuality: 2
+pwdAttribute: userPassword
+sn: default
+cn: default
+pwdMinLength: 6
+pwdCheckModule: /usr/local/lib/ppm.so
+pwdCheckModuleArg:: bWluUXVhbGl0eSAzCmNoZWNrUkROIDAKZm9yYmlkZGVuQ2hhcnMKbWF4Q29uc2VjdXRpdmVQZXJDbGFzcyAwCnVzZUNyYWNrbGliIDAKY3JhY2tsaWJEaWN0IC92YXIvY2FjaGUvY3JhY2tsaWIvY3JhY2tsaWJfZGljdApjbGFzcy11cHBlckNhc2UgQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMCAxCmNsYXNzLWxvd2VyQ2FzZSBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwIDEKY2xhc3MtZGlnaXQgMDEyMzQ1Njc4OSAwIDEKY2xhc3Mtc3BlY2lhbCA8Piw/Oy46LyHCp8O5JSrCtV7CqCTCo8KyJsOpfiIjJ3soWy18w6hgX1zDp17DoEApXcKwPX0rIDAgMQ==
+\f[R]
+.fi
+.PP
+See \f[B]slapo-ppolicy\f[R] for more information, but to sum up:
+.IP \[bu] 2
+enable ppolicy overlay in your database.
+.IP \[bu] 2
+define a default password policy in OpenLDAP configuration or use
+pwdPolicySubentry attribute to point to the given policy.
+.PP
+This example show the activation for a \f[B]slapd.conf\f[R] file (see
+\f[B]slapd-config\f[R] and \f[B]slapo-ppolicy\f[R] for more information
+for \f[B]cn=config\f[R] configuration)
+.IP
+.nf
+\f[C]
+overlay ppolicy
+ppolicy_default \[dq]cn=default,ou=policies,dc=my-domain,dc=com\[dq]
+#ppolicy_use_lockout   # for having more infos about the lockout
+\f[R]
+.fi
+.SH FEATURES
+.PP
+Here are the main features:
+.IP \[bu] 2
+4 character classes are defined by default: upper case, lower case,
+digits and special characters.
+.IP \[bu] 2
+more character classes can be defined, just write your own.
+.IP \[bu] 2
+passwords must match the amount of quality points.
+A point is validated when at least m characters of the corresponding
+character class are present in the password.
+.IP \[bu] 2
+passwords must have at least n of the corresponding character class
+present, else they are rejected.
+.IP \[bu] 2
+the two previous criteria are checked against any specific character
+class defined.
+.IP \[bu] 2
+if a password contains any of the forbidden characters, then it is
+rejected.
+.IP \[bu] 2
+if a password contains tokens from the RDN, then it is rejected.
+.IP \[bu] 2
+if a password does not pass cracklib check, then it is rejected.
+.SH CONFIGURATION
+.PP
+Since OpenLDAP 2.5 version, ppm configuration is held in a binary
+attribute of the password policy: \f[B]pwdCheckModuleArg\f[R]
+.PP
+The example file (\f[B]ETCDIR/ppm.example\f[R] by default) is to be
+considered as an example configuration, to import in the
+\f[B]pwdCheckModuleArg\f[R] attribute.
+It is also used for testing passwords with the test program provided.
+.PP
+If for some reasons, any parameter is not found, it will be given its
+default value.
+.PP
+Note: you can still compile ppm to use the configuration file, by
+enabling \f[B]PPM_READ_FILE\f[R] in \f[B]ppm.h\f[R] (but this is
+deprecated now).
+If you decide to do so, you can use the \f[B]PPM_CONFIG_FILE\f[R]
+environment variable for overloading the configuration file path.
+.PP
+The syntax of a configuration line is:
+.IP
+.nf
+\f[C]
+parameter value [min] [minForPoint]
+\f[R]
+.fi
+.PP
+with spaces being delimiters and Line Feed (LF) ending the line.
+.PP
+Parameter names \f[B]are\f[R] case sensitive.
+.PP
+Lines beginning by a \f[B]#\f[R] are considered as comments.
+.PP
+The default configuration is the following:
+.IP
+.nf
+\f[C]
+# minQuality parameter
+# Format:
+# minQuality [NUMBER]
+# Description:
+# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
+# defines the minimum point numbers for the password to be accepted.
+minQuality 3
+
+# checkRDN parameter
+# Format:
+# checkRDN [0 | 1]
+# Description:
+# If set to 1, password must not contain a token from the RDN.
+# Tokens are separated by the following delimiters : space tabulation _ - , ; \[Po]
+checkRDN 0
+
+# forbiddenChars parameter
+# Format:
+# forbiddenChars [CHARACTERS_FORBIDDEN]
+# Description:
+# Defines the forbidden characters list (no separator).
+# If one of them is found in the password, then it is rejected.
+forbiddenChars
+
+# maxConsecutivePerClass parameter
+# Format:
+# maxConsecutivePerClass [NUMBER]
+# Description:
+# Defines the maximum number of consecutive character allowed for any class
+maxConsecutivePerClass 0
+
+# useCracklib parameter
+# Format:
+# useCracklib [0 | 1]
+# Description:
+# If set to 1, the password must pass the cracklib check
+useCracklib 0
+
+# cracklibDict parameter
+# Format:
+# cracklibDict [path_to_cracklib_dictionary]
+# Description:
+# directory+filename-prefix that your version of CrackLib will go hunting for
+# For example, /var/pw_dict resolves as /var/pw_dict.pwd,
+# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
+cracklibDict /var/cache/cracklib/cracklib_dict
+
+# classes parameter
+# Format:
+# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
+# Description:
+# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
+# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
+# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+class-digit 0123456789 0 1
+class-special <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+ 0 1
+\f[R]
+.fi
+.SH EXAMPLE
+.PP
+With this policy:
+.IP
+.nf
+\f[C]
+minQuality 4
+forbiddenChars .?,
+checkRDN 1
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 5
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 12
+class-digit 0123456789 0 1
+class-special <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+ 0 1
+class-myClass :) 1 1\[ga]\[ga]
+\f[R]
+.fi
+.PP
+the password \f[B]ThereIsNoCowLevel)\f[R] is working, because:
+.IP \[bu] 2
+it has 4 character classes validated : upper, lower, special, and
+myClass
+.IP \[bu] 2
+it has no character among .?,
+.IP \[bu] 2
+it has at least one character among : or )
+.PP
+but it won\[cq]t work for the user uid=John
+Cowlevel,ou=people,cn=example,cn=com, because the token
+\[lq]Cowlevel\[rq] from his RDN exists in the password (case
+insensitive).
+.SH LOGS
+.PP
+If a user password is rejected by \f[B]ppm\f[R], the user will get this
+type of message:
+.PP
+Typical user message from ldappasswd(5):
+.IP
+.nf
+\f[C]
+  Result: Constraint violation (19)
+  Additional info: Password for dn=\[rs]\[dq]%s\[rs]\[dq] does not pass required number of strength checks (2 of 3)
+\f[R]
+.fi
+.PP
+A more detailed message is written to the server log.
+.PP
+Server log:
+.IP
+.nf
+\f[C]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 MOD dn=\[dq]uid=user,ou=persons,dc=my-domain,dc=com\[dq]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 MOD attr=userPassword
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: entry uid=user,ou=persons,dc=my-domain,dc=com
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Reading pwdCheckModuleArg attribute
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: RAW configuration: # minQuality parameter#012# Format:#012# minQuality [NUMBER]#012# Description:#012# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.#012# defines the minimum point numbers for the password to be accepted.#012minQuality 3#012#012# checkRDN parameter#012# Format:#012# checkRDN [0 | 1]#012# Description:#012# If set to 1, password must not contain a token from the RDN.#012# Tokens are separated by the following delimiters : space tabulation _ - , ; \[Po]#012checkRDN 0#012#012# forbiddenChars parameter#012# Format:#012# forbiddenChars [CHARACTERS_FORBIDDEN]#012# Description:#012# Defines the forbidden characters list (no separator).#012# If one of them is found in the password, then it is rejected.#012forbiddenChars#012#012# maxConsecutivePerClass parameter#012# Format:#012# maxConsecutivePerClass [NUMBER]#012# Description:#012# Defines the maximum number of consecutive character allowed for any class#012maxConsecutivePerClass 0#012#012# useCracklib parameter#012# Format:#012# useCracklib [0 | 1]#012# Description:#012# If set to 1, the password must pass the cracklib check#012useCracklib 0#012#012# cracklibDict parameter#012# Format:#012# cracklibDict [path_to_cracklib_dictionary]#012# Description:#012# directory+filename-prefix that your version of CrackLib will go hunting for#012# For example, /var/pw_dict resolves as /var/pw_dict.pwd,#012# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files#012cracklibDict /var/cache/cracklib/cracklib_dict#012#012# classes parameter#012# Format:#012# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]#012# Description:#012# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)#012# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected#012# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class#012class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1#012class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1#012class-digit 0123456789 0 1#012class-special <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Parsing pwdCheckModuleArg attribute
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # minQuality parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # minQuality [NUMBER]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # defines the minimum point numbers for the password to be accepted.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: minQuality 3
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = minQuality, value = 3, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 3
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # checkRDN parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # checkRDN [0 | 1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If set to 1, password must not contain a token from the RDN.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Tokens are separated by the following delimiters : space tabulation _ - , ; \[Po]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: checkRDN 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = checkRDN, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # forbiddenChars parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # forbiddenChars [CHARACTERS_FORBIDDEN]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Defines the forbidden characters list (no separator).
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If one of them is found in the password, then it is rejected.
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: forbiddenChars
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: No value, goto next parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # maxConsecutivePerClass parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # maxConsecutivePerClass [NUMBER]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Defines the maximum number of consecutive character allowed for any class
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: maxConsecutivePerClass 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = maxConsecutivePerClass, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # useCracklib parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # useCracklib [0 | 1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # If set to 1, the password must pass the cracklib check
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: useCracklib 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = useCracklib, value = 0, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # cracklibDict parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # cracklibDict [path_to_cracklib_dictionary]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # directory+filename-prefix that your version of CrackLib will go hunting for
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # For example, /var/pw_dict resolves as /var/pw_dict.pwd,
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: cracklibDict /var/cache/cracklib/cracklib_dict
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = cracklibDict, value = /var/cache/cracklib/cracklib_dict, min = (null), minForPoint= (null)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: /var/cache/cracklib/cracklib_dict
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # classes parameter
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Format:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # Description:
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: # [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-upperCase, value = ABCDEFGHIJKLMNOPQRSTUVWXYZ, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: ABCDEFGHIJKLMNOPQRSTUVWXYZ
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-lowerCase, value = abcdefghijklmnopqrstuvwxyz, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: abcdefghijklmnopqrstuvwxyz
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-digit 0123456789 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-digit, value = 0123456789, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: 0123456789
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: get line: class-special <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+ 0 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Param = class-special, value = <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+, min = 0, minForPoint= 1
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm:  Accepted replaced value: <>,?;.:/!\[sc]\[`u]%*\[mc]\[ha]\[ad]$\[Po]\[S2]&\['e]\[ti]\[dq]#\[aq]{([-|\[`e]\[ga]_\[rs]\[,c]\[ha]\[`a]\[at])]\[de]=}+
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: 1 point granted for class class-lowerCase
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: 1 point granted for class class-digit
+Feb 26 14:46:10 debian-11-64 slapd[1981]: ppm: Reallocating szErrStr from 64 to 173
+Feb 26 14:46:10 debian-11-64 slapd[1981]: check_password_quality: module error: (/usr/local/lib/ppm.so) Password for dn=\[dq]uid=user,ou=persons,dc=my-domain,dc=com\[dq] does not pass required number of strength checks (2 of 3).[1]
+Feb 26 14:46:10 debian-11-64 slapd[1981]: conn=1000 op=16 RESULT tag=103 err=19 qtime=0.000020 etime=0.001496 text=Password for dn=\[dq]uid=user,ou=persons,dc=my-domain,dc=com\[dq] does not pass required number of strength checks (2 of 3)
+\f[R]
+.fi
+.SH TESTS
+.PP
+There is a unit test script: \f[B]unit_tests.sh\f[R] that illustrates
+checking some passwords.
+.PP
+It is possible to test one particular password using directly the test
+program:
+.IP
+.nf
+\f[C]
+cd /usr/local/lib
+LD_LIBRARY_PATH=. ./ppm_test \[dq]uid=test,ou=users,dc=my-domain,dc=com\[dq] \[dq]my_password\[dq] \[dq]/usr/local/etc/openldap/ppm.example\[dq] && echo OK
+\f[R]
+.fi
+.SH FILES
+.PP
+\f[B]ETCDIR/ppm.example\f[R]
+.RS
+.PP
+example of ppm configuration to be inserted in
+\f[B]pwdCheckModuleArg\f[R] attribute of given password policy
+.RE
+.PP
+\f[B]ppm.so\f[R]
+.RS
+.PP
+ppm library, loaded by the \f[B]pwdCheckModule\f[R] attribute of given
+password policy
+.RE
+.PP
+\f[B]ppm_test\f[R]
+.RS
+.PP
+small test program for checking password in a command-line
+.RE
+.SH SEE ALSO
+.PP
+\f[B]slapo-ppolicy\f[R](5), \f[B]slapd-config\f[R](5),
+\f[B]slapd.conf\f[R](5)
+.SH ACKNOWLEDGEMENTS
+.PP
+This module was developed in 2014-2021 by David Coutadeur.
diff --git a/contrib/slapd-modules/ppm/unit_tests.sh b/contrib/slapd-modules/ppm/unit_tests.sh
new file mode 100755
index 0000000..c152c96
--- /dev/null
+++ b/contrib/slapd-modules/ppm/unit_tests.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# Launch unitary tests
+# 
+
+
+CONFIG_FILE="ppm.example"
+
+LDAP_SRC="${LDAP_SRC:-../../..}"
+LDAP_BUILD=${LDAP_BUILD:-${LDAP_SRC}}
+CURRENT_DIR=$( dirname $0 )
+LIB_PATH="${LD_LIBRARY_PATH}:${CURRENT_DIR}:${LDAP_BUILD}/libraries/liblber/.libs:${LDAP_BUILD}/libraries/libldap/.libs"
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+RESULT=0
+
+PPM_CONF_1='minQuality 3
+checkRDN 0
+forbiddenChars 
+maxConsecutivePerClass 0
+useCracklib 0
+cracklibDict /var/cache/cracklib/cracklib_dict
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+class-digit 0123456789 0 1
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'\''{([-|è`_\ç^à@)]°=}+ 0 1'
+
+PPM_CONF_2='minQuality 3
+checkRDN 0
+forbiddenChars à
+maxConsecutivePerClass 5
+useCracklib 0
+cracklibDict /var/cache/cracklib/cracklib_dict
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 2 4
+class-lowerCase abcdefghijklmnopqrstuvwxyz 3 4
+class-digit 0123456789 2 4
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'\''{([-|è`_\ç^à@)]°=}+ 0 4'
+
+PPM_CONF_3='minQuality 3
+checkRDN 1
+forbiddenChars 
+maxConsecutivePerClass 0
+useCracklib 0
+cracklibDict /var/cache/cracklib/cracklib_dict
+class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
+class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
+class-digit 0123456789 0 1
+class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'\''{([-|è`_\ç^à@)]°=}+ 0 1'
+
+
+echo "$PPM_CONF_1" > ppm1.conf
+echo "$PPM_CONF_2" > ppm2.conf
+echo "$PPM_CONF_3" > ppm3.conf
+
+
+launch_test()
+{
+  # launch tests
+  # FORMAT: launch_test [conf_file] [password] [expected_result]
+  # [expected_result] = [PASS|FAIL]
+
+  local CONF="$1"
+  local USER="$2"
+  local PASS="$3"
+  local EXPECT="$4"
+
+  [[ $EXPECT == "PASS" ]] && EXP="0" || EXP="1"
+
+  LD_LIBRARY_PATH="${LIB_PATH}" ./ppm_test "${USER}" "${PASS}" "${CONF}"
+  RES="$?"
+
+  if [ "$RES" -eq "$EXP" ] ; then
+    echo -e "conf=${CONF} user=${USER} pass=${PASS} expect=${EXPECT}... ${GREEN}PASS${NC}"
+  else
+    echo -e "conf=${CONF} user=${USER} pass=${PASS} expect=${EXPECT}... ${RED}FAIL${NC}"
+    ((RESULT+=1))
+  fi
+
+  echo
+}
+
+
+
+
+launch_test "ppm1.conf" "uid=test,ou=users,dc=my-domain,dc=com" "azerty" "FAIL"
+launch_test "ppm1.conf" "uid=test,ou=users,dc=my-domain,dc=com" "azeRTY" "FAIL"
+launch_test "ppm1.conf" "uid=test,ou=users,dc=my-domain,dc=com" "azeRTY123" "PASS"
+launch_test "ppm1.conf" "uid=test,ou=users,dc=my-domain,dc=com" "azeRTY." "PASS"
+
+
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "AAaaa01AAaaa01AAaaa0" "PASS"
+# forbidden char
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "AAaaa01AAaaa01AAaaaà" "FAIL"
+# too much consecutive for upper
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "AAaaa01AAaaa01AAAAAA" "FAIL"
+# not enough upper
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "Aaaaa01aaaaa01aa.;.;" "FAIL"
+# not enough lower
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "aaAAA01BB0123AAA.;.;" "FAIL"
+# not enough digit
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "1AAAA.;BBB.;.;AA.;.;" "FAIL"
+# not enough points (no point for digit)
+launch_test "ppm2.conf" "uid=test,ou=users,dc=my-domain,dc=com" "AAaaaBBBBaaa01AAaaaa" "FAIL"
+
+# password in RDN
+launch_test "ppm3.conf" "uid=User_Password10-test,ou=users,dc=my-domain,dc=com" "Password10" "FAIL"
+launch_test "ppm3.conf" "uid=User_Passw0rd-test,ou=users,dc=my-domain,dc=com" "Password10" "PASS"
+launch_test "ppm3.conf" "uid=User-Pw-Test,ou=users,dc=my-domain,dc=com" "Password10" "PASS"
+
+
+echo "${RESULT} error(s) encountered"
+
+rm ppm1.conf ppm2.conf ppm3.conf
+exit ${RESULT}
+
diff --git a/contrib/slapd-modules/proxyOld/Makefile b/contrib/slapd-modules/proxyOld/Makefile
new file mode 100644
index 0000000..d92967c
--- /dev/null
+++ b/contrib/slapd-modules/proxyOld/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 2005-2022 The OpenLDAP Foundation.
+# Portions Copyright 2005 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = proxyOld.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+proxyOld.la:	proxyOld.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/proxyOld/README b/contrib/slapd-modules/proxyOld/README
new file mode 100644
index 0000000..bc5e4ab
--- /dev/null
+++ b/contrib/slapd-modules/proxyOld/README
@@ -0,0 +1,31 @@
+This directory contains a slapd module proxyOld that provides support
+for the obsolete draft-weltman-ldapb3-proxy-05 revision of the LDAP
+Proxy Authorization control. It is merely intended to provide compatibility
+in environments where other servers only recognize this old control.
+New installations should not use this code.
+
+To use the module, add:
+
+	moduleload <path to>proxyOld.so
+	...
+
+to your slapd configuration file. Since this is an obsolete feature,
+the control is registered with the SLAP_CTRL_HIDE flag so that it will
+not be advertised in the rootDSE's supportedControls attribute.
+
+This code only works as a dynamically loaded module.
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 1998-2022 The OpenLDAP Foundation.
+Portions Copyright 2005 Howard Chu, Symas Corp. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/proxyOld/proxyOld.c b/contrib/slapd-modules/proxyOld/proxyOld.c
new file mode 100644
index 0000000..2da6888
--- /dev/null
+++ b/contrib/slapd-modules/proxyOld/proxyOld.c
@@ -0,0 +1,128 @@
+/* proxyOld.c - module for supporting obsolete (rev 05) proxyAuthz control */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2005-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2005 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+
+#include <portable.h>
+
+#include <slap.h>
+
+#include <lber.h>
+/*
+#include <lber_pvt.h>
+#include <lutil.h>
+*/
+
+/* This code is based on draft-weltman-ldapv3-proxy-05. There are a lot
+ * of holes in that draft, it doesn't specify that the control is legal
+ * for Add operations, and it makes no mention of Extended operations.
+ * It also doesn't specify whether an empty LDAPDN is allowed in the
+ * control value.
+ *
+ * For usability purposes, we're copying the op / exop behavior from the
+ * newer -12 draft.
+ */
+#define LDAP_CONTROL_PROXY_AUTHZ05	"2.16.840.1.113730.3.4.12"
+
+static char *proxyOld_extops[] = {
+	LDAP_EXOP_MODIFY_PASSWD,
+	LDAP_EXOP_X_WHO_AM_I,
+	NULL
+};
+
+static int
+proxyOld_parse(
+	Operation *op,
+	SlapReply *rs,
+	LDAPControl *ctrl )
+{
+	int rc;
+	BerElement	*ber;
+	ber_tag_t	tag;
+	struct berval dn = BER_BVNULL;
+	struct berval authzDN = BER_BVNULL;
+
+
+	/* We hijack the flag for the new control. Clearly only one or the
+	 * other can be used at any given time.
+	 */
+	if ( op->o_proxy_authz != SLAP_CONTROL_NONE ) {
+		rs->sr_text = "proxy authorization control specified multiple times";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	op->o_proxy_authz = ctrl->ldctl_iscritical
+		? SLAP_CONTROL_CRITICAL
+		: SLAP_CONTROL_NONCRITICAL;
+
+	/* Parse the control value
+	 *  proxyAuthzControlValue ::= SEQUENCE {
+	 *		proxyDN	LDAPDN
+	 *	}
+	 */
+	ber = ber_init( &ctrl->ldctl_value );
+	if ( ber == NULL ) {
+		rs->sr_text = "ber_init failed";
+		return LDAP_OTHER;
+	}
+
+	tag = ber_scanf( ber, "{m}", &dn );
+
+	if ( tag == LBER_ERROR ) {
+		rs->sr_text = "proxyOld control could not be decoded";
+		rc = LDAP_OTHER;
+		goto done;
+	}
+	if ( BER_BVISEMPTY( &dn )) {
+		Debug( LDAP_DEBUG_TRACE,
+			"proxyOld_parse: conn=%lu anonymous\n",
+				op->o_connid );
+		authzDN.bv_val = ch_strdup("");
+	} else {
+		Debug( LDAP_DEBUG_ARGS,
+			"proxyOld_parse: conn %lu ctrl DN=\"%s\"\n",
+				op->o_connid, dn.bv_val );
+		rc = dnNormalize( 0, NULL, NULL, &dn, &authzDN, op->o_tmpmemctx );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+		rc = slap_sasl_authorized( op, &op->o_ndn, &authzDN );
+		if ( rc ) {
+			op->o_tmpfree( authzDN.bv_val, op->o_tmpmemctx );
+			rs->sr_text = "not authorized to assume identity";
+			/* new spec uses LDAP_PROXY_AUTHZ_FAILURE */
+			rc = LDAP_INSUFFICIENT_ACCESS;
+			goto done;
+		}
+	}
+	free( op->o_ndn.bv_val );
+	free( op->o_dn.bv_val );
+	op->o_ndn = authzDN;
+	ber_dupbv( &op->o_dn, &authzDN );
+
+	Debug( LDAP_DEBUG_STATS, "conn=%lu op=%lu PROXYOLD dn=\"%s\"\n",
+		op->o_connid, op->o_opid,
+		authzDN.bv_len ? authzDN.bv_val : "anonymous" );
+	rc = LDAP_SUCCESS;
+done:
+	ber_free( ber, 1 );
+	return rc;
+}
+
+int init_module(int argc, char *argv[]) {
+	return register_supported_control( LDAP_CONTROL_PROXY_AUTHZ05,
+		SLAP_CTRL_GLOBAL|SLAP_CTRL_HIDE|SLAP_CTRL_ACCESS, proxyOld_extops,
+		proxyOld_parse, NULL );
+}
diff --git a/contrib/slapd-modules/rbac/Makefile b/contrib/slapd-modules/rbac/Makefile
new file mode 100755
index 0000000..1180bd6
--- /dev/null
+++ b/contrib/slapd-modules/rbac/Makefile
@@ -0,0 +1,63 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_RBAC=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = rbac.la
+MANPAGES = slapo-rbac.5
+
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+SRCS = rbac.c rbacperm.c rbacsess.c rbacuser.c rbacreq.c rbacaudit.c init.c rbacacl.c util.c jts.c
+OBJS = $(patsubst %.c,%.o,$(SRCS))
+LOBJS = $(patsubst %.c,%.lo,$(SRCS))
+
+.SUFFIXES: .c .lo
+
+%.lo: %.c rbac.h
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+rbac.la: $(LOBJS)
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+		-rpath $(moduledir) -module -o $@ $^ $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/rbac/init.c b/contrib/slapd-modules/rbac/init.c
new file mode 100644
index 0000000..1925ae5
--- /dev/null
+++ b/contrib/slapd-modules/rbac/init.c
@@ -0,0 +1,324 @@
+/* init.c - RBAC initialization */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+static slap_callback nullsc = { NULL, NULL, NULL, NULL };
+
+struct slap_rbac_internal_schema slap_rbac_schema;
+
+extern rbac_tenant_t rbac_tenants;
+extern int initialize_jts( void );
+
+rbac_ad_t rbac_session_ads[] = {
+	{ RBAC_SESSION_ID,
+		BER_BVC("rbacSessid"), &slap_rbac_schema.ad_session_id },
+	{ RBAC_USER_DN,
+		BER_BVC("rbacUserDN"), &slap_rbac_schema.ad_session_user_dn },
+	{ RBAC_ROLES,
+		BER_BVC("rbacRoles"), &slap_rbac_schema.ad_session_roles },
+	{ RBAC_ROLE_CONSTRAINTS,
+		BER_BVC("rbacRoleConstraints"),
+		&slap_rbac_schema.ad_session_role_constraints },
+	{ RBAC_UID,
+		BER_BVC("uid"), &slap_rbac_schema.ad_uid},
+	{ RBAC_TENANT_ID,
+		BER_BVC("tenantid"), &slap_rbac_schema.ad_tenant_id },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t rbac_session_permission_ads[] = {
+	{ RBAC_OP_NAME,
+		BER_BVC("rbacOpName"), &slap_rbac_schema.ad_permission_opname },
+	{ RBAC_OBJ_NAME,
+		BER_BVC("rbacObjName"), &slap_rbac_schema.ad_permission_objname },
+	{ RBAC_ROLE_NAME,
+		BER_BVC("rbacRoleName"), &slap_rbac_schema.ad_permission_rolename },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t audit_ads[] = {
+	{ RBAC_AUDIT_OP,
+		BER_BVC("rbacAuditOp"), &slap_rbac_schema.ad_audit_op },
+	{ RBAC_AUDIT_ID,
+		BER_BVC("rbacAuditId"), &slap_rbac_schema.ad_audit_id },
+	{ RBAC_AUDIT_ROLES,
+		BER_BVC("rbacAuditRoles"), &slap_rbac_schema.ad_audit_roles },
+	{ RBAC_AUDIT_REQUESTED_ROLES,
+		BER_BVC("rbacAuditRequestedRoles"),
+		&slap_rbac_schema.ad_audit_requested_roles
+	},
+	{ RBAC_AUDIT_TIMESTAMP,
+		BER_BVC("rbacAuditTimestamp"), &slap_rbac_schema.ad_audit_timestamp },
+	{ RBAC_AUDIT_RESOURCES,
+		BER_BVC("rbacAuditResources"), &slap_rbac_schema.ad_audit_resources },
+	{ RBAC_AUDIT_OBJS,
+		BER_BVC("rbacAuditObjects"), &slap_rbac_schema.ad_audit_objects },
+	{ RBAC_AUDIT_OPS,
+		BER_BVC("rbacAuditOperations"), &slap_rbac_schema.ad_audit_operations },
+	{ RBAC_AUDIT_RESULT,
+		BER_BVC("rbacAuditResult"), &slap_rbac_schema.ad_audit_result },
+	{ RBAC_AUDIT_PROPERTIES,
+		BER_BVC("rbacAuditProperties"), &slap_rbac_schema.ad_audit_properties },
+	{ RBAC_AUDIT_MSGS,
+		BER_BVC("rbacAuditMessages"), &slap_rbac_schema.ad_audit_messages },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+/* initialize repository attribute descriptions */
+
+static int
+initialize_sessions()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+	const char *text;
+
+	for ( nattrs = 0; !BER_BVISNULL( &rbac_session_ads[nattrs].attr );
+			nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_schema.session_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &rbac_session_ads[i].attr ); i++ ) {
+		rc = slap_bv2ad(
+				&rbac_session_ads[i].attr, rbac_session_ads[i].ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+		slap_rbac_schema.session_attrs[i].an_name = rbac_session_ads[i].attr;
+		slap_rbac_schema.session_attrs[i].an_desc = *rbac_session_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_schema.session_attrs[nattrs].an_name );
+
+done:;
+	return rc;
+}
+
+static int
+initialize_audit()
+{
+	int i, rc = LDAP_SUCCESS;
+	const char *text;
+
+	/* for audit */
+	for ( i = 0; !BER_BVISNULL( &audit_ads[i].attr ); i++ ) {
+		rc = slap_bv2ad( &audit_ads[i].attr, audit_ads[i].ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+
+done:;
+	return rc;
+}
+
+static int
+initialize_tenant(
+		BackendDB *be,
+		ConfigReply *cr,
+		tenant_info_t *tenantp,
+		int init_op )
+{
+	int rc = LDAP_SUCCESS;
+	Entry *e = NULL;
+	OperationBuffer opbuf;
+	Operation *op2;
+	SlapReply rs2 = { REP_RESULT };
+	Connection conn = { 0 };
+	struct berval rbac_container_oc = BER_BVC("rbacContainer");
+	struct berval rbac_audit_container = BER_BVC("audit");
+	struct berval rbac_session_container = BER_BVC("rbac");
+	void *thrctx = ldap_pvt_thread_pool_context();
+
+	e = entry_alloc();
+
+	switch ( init_op ) {
+		case INIT_AUDIT_CONTAINER:
+			ber_dupbv( &e->e_name, &tenantp->audit_basedn );
+			ber_dupbv( &e->e_nname, &tenantp->audit_basedn );
+
+			/* container cn */
+			attr_merge_one(
+					e, slap_schema.si_ad_cn, &rbac_audit_container, NULL );
+			break;
+		case INIT_SESSION_CONTAINER:
+			ber_dupbv( &e->e_name, &tenantp->sessions_basedn );
+			ber_dupbv( &e->e_nname, &tenantp->sessions_basedn );
+
+			/* rendered dynmaicObject for session */
+			attr_merge_one( e, slap_schema.si_ad_objectClass,
+					&slap_schema.si_oc_dynamicObject->soc_cname, NULL );
+
+			/* container cn */
+			attr_merge_one(
+					e, slap_schema.si_ad_cn, &rbac_session_container, NULL );
+			break;
+		default:
+			break;
+	}
+
+	attr_merge_one(
+			e, slap_schema.si_ad_objectClass, &rbac_container_oc, NULL );
+	attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+			&rbac_container_oc, NULL );
+
+	/* store RBAC session */
+	connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+	op2 = &opbuf.ob_op;
+	op2->o_callback = &nullsc;
+	op2->o_tag = LDAP_REQ_ADD;
+	op2->o_protocol = LDAP_VERSION3;
+	op2->o_req_dn = e->e_name;
+	op2->o_req_ndn = e->e_nname;
+	op2->ora_e = e;
+	op2->o_bd = select_backend( &op2->o_req_ndn, 0 );
+	op2->o_dn = op2->o_bd->be_rootdn;
+	op2->o_ndn = op2->o_bd->be_rootndn;
+	rc = op2->o_bd->be_add( op2, &rs2 );
+
+	if ( e ) entry_free( e );
+
+	return rc;
+}
+
+int
+rbac_initialize_tenants( BackendDB *be, ConfigReply *cr )
+{
+	int rc = LDAP_SUCCESS;
+	rbac_tenant_t *tenantp = NULL;
+
+	for ( tenantp = &rbac_tenants; tenantp; tenantp = tenantp->next ) {
+		rc = initialize_tenant(
+				be, cr, &tenantp->tenant_info, INIT_AUDIT_CONTAINER );
+		if ( rc != LDAP_SUCCESS ) {
+			if ( rc == LDAP_ALREADY_EXISTS ) {
+				Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+						"audit container exists, tenant (%s)\n",
+						tenantp->tenant_info.tid.bv_val ?
+								tenantp->tenant_info.tid.bv_val :
+								"NULL" );
+				rc = LDAP_SUCCESS;
+			} else {
+				Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+						"failed to initialize (%s): rc (%d)\n",
+						tenantp->tenant_info.tid.bv_val ?
+								tenantp->tenant_info.tid.bv_val :
+								"NULL",
+						rc );
+				goto done;
+			}
+		} else {
+			Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+					"created audit container for tenant (%s):\n",
+					tenantp->tenant_info.tid.bv_val ?
+							tenantp->tenant_info.tid.bv_val :
+							"NULL" );
+		}
+		rc = initialize_tenant(
+				be, cr, &tenantp->tenant_info, INIT_SESSION_CONTAINER );
+		if ( rc != LDAP_SUCCESS ) {
+			if ( rc == LDAP_ALREADY_EXISTS ) {
+				Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+						"session container exists, tenant (%s)\n",
+						tenantp->tenant_info.tid.bv_val ?
+								tenantp->tenant_info.tid.bv_val :
+								"NULL" );
+				rc = LDAP_SUCCESS;
+			} else {
+				Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+						"failed to initialize (%s): rc (%d)\n",
+						tenantp->tenant_info.tid.bv_val ?
+								tenantp->tenant_info.tid.bv_val :
+								"NULL",
+						rc );
+				goto done;
+			}
+		} else {
+			Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+					"created session container for tenant (%s):\n",
+					tenantp->tenant_info.tid.bv_val ?
+							tenantp->tenant_info.tid.bv_val :
+							"NULL" );
+		}
+	}
+
+done:;
+
+	return rc;
+}
+
+static int
+initialize_rbac_session_permissions()
+{
+	int i, rc = LDAP_SUCCESS;
+	const char *text;
+
+	for ( i = 0; !BER_BVISNULL( &rbac_session_permission_ads[i].attr ); i++ ) {
+		rc = slap_bv2ad( &rbac_session_permission_ads[i].attr,
+				rbac_session_permission_ads[i].ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+
+done:;
+	return rc;
+}
+
+int
+rbac_initialize_repository()
+{
+	int rc = LDAP_SUCCESS;
+
+	rc = initialize_jts();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_rbac_session_permissions();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_sessions();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_audit();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	return rc;
+}
diff --git a/contrib/slapd-modules/rbac/jts.c b/contrib/slapd-modules/rbac/jts.c
new file mode 100644
index 0000000..c7c072b
--- /dev/null
+++ b/contrib/slapd-modules/rbac/jts.c
@@ -0,0 +1,198 @@
+/* jts.c - RBAC JTS initialization */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+struct slap_rbac_tenant_schema slap_rbac_jts_schema;
+
+/* to replace all JTS schema initialization */
+rbac_ad_t ft_ads[] = {
+	{ RBAC_ROLE_ASSIGNMENT,
+		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
+	{ RBAC_ROLE_CONSTRAINTS,
+		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
+	{ RBAC_USER_CONSTRAINTS,
+		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
+	{ RBAC_UID,
+		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+	{ RBAC_OBJ_NAME,
+		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
+	{ RBAC_OP_NAME,
+		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_user_ads[] = {
+	{ RBAC_ROLE_ASSIGNMENT,
+		BER_BVC("ftRA"), &slap_rbac_jts_schema.ad_role },
+	{ RBAC_ROLE_CONSTRAINTS,
+		BER_BVC("ftRC"), &slap_rbac_jts_schema.ad_role_constraint },
+	{ RBAC_USER_CONSTRAINTS,
+		BER_BVC("ftCstr"), &slap_rbac_jts_schema.ad_user_constraint },
+	{ RBAC_UID,
+		BER_BVC("uid"), &slap_rbac_jts_schema.ad_uid },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_perm_ads[] = {
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+rbac_ad_t ft_session_perm_ads[] = {
+	{ RBAC_USERS,
+		BER_BVC("ftUsers"), &slap_rbac_jts_schema.ad_permission_users },
+	{ RBAC_ROLES,
+		BER_BVC("ftRoles"), &slap_rbac_jts_schema.ad_permission_roles },
+	{ RBAC_OBJ_NAME,
+		BER_BVC("ftObjNm"), &slap_rbac_jts_schema.ad_permission_objname },
+	{ RBAC_OP_NAME,
+		BER_BVC("ftOpNm"), &slap_rbac_jts_schema.ad_permission_opname },
+
+	{ RBAC_NONE, BER_BVNULL, NULL }
+};
+
+static int
+initialize_jts_session_permission_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	for ( nattrs = 0; !BER_BVISNULL( &ft_session_perm_ads[nattrs].attr );
+			nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.session_perm_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_session_perm_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.session_perm_attrs[i].an_name =
+				ft_session_perm_ads[i].attr;
+		slap_rbac_jts_schema.session_perm_attrs[i].an_desc =
+				*ft_session_perm_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.session_perm_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.session_permissions_ads = ft_session_perm_ads;
+
+	return rc;
+}
+
+static int
+initialize_jts_permission_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	/* jts permissions configuration */
+
+	for ( nattrs = 0; !BER_BVISNULL( &ft_perm_ads[nattrs].attr ); nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.perm_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_perm_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.perm_attrs[i].an_name = ft_perm_ads[i].attr;
+		slap_rbac_jts_schema.perm_attrs[i].an_desc = *ft_perm_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.perm_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.permission_ads = ft_perm_ads;
+
+	return rc;
+}
+
+static int
+initialize_jts_user_ads()
+{
+	int i, nattrs, rc = LDAP_SUCCESS;
+
+	/* jts user attribute descriptions */
+
+	/* jts user attributes */
+	for ( nattrs = 0; !BER_BVISNULL( &ft_user_ads[nattrs].attr ); nattrs++ )
+		; /* count the number of attrs */
+
+	slap_rbac_jts_schema.user_attrs =
+			slap_sl_calloc( sizeof(AttributeName), nattrs + 1, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &ft_user_ads[i].attr ); i++ ) {
+		slap_rbac_jts_schema.user_attrs[i].an_name = ft_user_ads[i].attr;
+		slap_rbac_jts_schema.user_attrs[i].an_desc = *ft_user_ads[i].ad;
+	}
+
+	BER_BVZERO( &slap_rbac_jts_schema.user_attrs[nattrs].an_name );
+
+	slap_rbac_jts_schema.user_ads = ft_user_ads;
+
+	return rc;
+}
+
+int
+initialize_jts()
+{
+	int i, rc;
+	const char *text;
+
+	/* jts attributes */
+	for ( i = 0; !BER_BVISNULL( &ft_ads[i].attr ); i++ ) {
+		rc = slap_bv2ad( &ft_ads[i].attr, ft_ads[i].ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+
+	rc = initialize_jts_user_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_jts_permission_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	rc = initialize_jts_session_permission_ads();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+done:;
+	return rc;
+}
diff --git a/contrib/slapd-modules/rbac/ldap_rbac.h b/contrib/slapd-modules/rbac/ldap_rbac.h
new file mode 100644
index 0000000..d57fe6e
--- /dev/null
+++ b/contrib/slapd-modules/rbac/ldap_rbac.h
@@ -0,0 +1,55 @@
+#ifndef LDAP_RBAC_H
+#define LDAP_RBAC_H
+
+/* extended operations for RBAC */
+#define LDAP_RBAC_EXOP_CREATE_SESSION   "1.3.6.1.4.1.4203.555.1" /* RFC xxxx */
+#define LDAP_RBAC_EXOP_CHECK_ACCESS     "1.3.6.1.4.1.4203.555.2"
+#define LDAP_RBAC_EXOP_ADD_ACTIVE_ROLE  "1.3.6.1.4.1.4203.555.3"
+#define LDAP_RBAC_EXOP_DROP_ACTIVE_ROLE "1.3.6.1.4.1.4203.555.4"
+#define LDAP_RBAC_EXOP_DELETE_SESSION   "1.3.6.1.4.1.4203.555.5"
+#define LDAP_RBAC_EXOP_SESSION_ROLES    "1.3.6.1.4.1.4203.555.6"
+#define LDAP_RBAC_EXOP_SESSION_PERMISSIONS "1.3.6.1.4.1.4203.555.7"
+
+#define LDAP_TAG_EXOP_RBAC_SESSION_ID ((ber_tag_t)0x80U)
+#define LDAP_TAG_EXOP_RBAC_TENANT_ID ((ber_tag_t)0x81U)
+#define LDAP_TAG_EXOP_RBAC_USER_ID ((ber_tag_t)0x82U)
+#define LDAP_TAG_EXOP_RBAC_USER ((ber_tag_t)0x80U)
+#define LDAP_TAG_EXOP_RBAC_AUTHTOK ((ber_tag_t)0x83U)
+#define LDAP_TAG_EXOP_RBAC_ACTIVE_ROLE ((ber_tag_t)0xA4U)
+#define LDAP_TAG_EXOP_RBAC_OPNAME ((ber_tag_t)0x81U)
+#define LDAP_TAG_EXOP_RBAC_OBJNAME ((ber_tag_t)0x82U)
+#define LDAP_TAG_EXOP_RBAC_OBJID ((ber_tag_t)0x83U)
+#define LDAP_TAG_EXOP_RBAC_PWPOLICY_STATE ((ber_tag_t)0x85U)
+#define LDAP_TAG_EXOP_RBAC_PWPOLICY_VALUE ((ber_tag_t)0x86U)
+#define LDAP_TAG_EXOP_RBAC_ROLES ((ber_tag_t)0x04U)
+
+#define LDAP_TAG_EXOP_RBAC_USER_ID_SESS	((ber_tag_t)0x80U)
+#define LDAP_TAG_EXOP_RBAC_SESSION_ID_SESS	((ber_tag_t)0x81U)
+#define LDAP_TAG_EXOP_RBAC_ROLE_NM_SESS	((ber_tag_t)0x82U)
+
+#define RBAC_REQ_CREATE_SESSION      0
+#define RBAC_REQ_CHECK_ACCESS        1
+#define RBAC_REQ_ADD_ACTIVE_ROLE     2
+#define RBAC_REQ_DROP_ACTIVE_ROLE    3
+#define RBAC_REQ_DELETE_SESSION      4
+#define RBAC_REQ_SESSION_PERMISSIONS 5
+#define RBAC_REQ_SESSION_ROLES       6
+
+/* defines for password policy */
+#define RBAC_BIND_NEW_AUTHTOK_REQD 1
+
+#define RBAC_PASSWORD_GOOD 0
+#define RBAC_PASSWORD_EXPIRATION_WARNING 11
+#define RBAC_PASSWORD_GRACE_WARNING 12
+#define RBAC_PASSWORD_HAS_EXPIRED 100
+#define RBAC_ACCOUNT_LOCKED 101
+#define RBAC_CHANGE_AFTER_RESET 102
+#define RBAC_NO_MODIFICATIONS 103
+#define RBAC_MUST_SUPPLY_OLD 104
+#define RBAC_INSUFFICIENT_QUALITY 105
+#define RBAC_PASSWORD_TOO_SHORT 106
+#define RBAC_PASSWORD_TOO_YOUNG 107
+#define RBAC_HISTORY_VIOLATION 108
+#define RBAC_ACCOUNT_LOCKED_CONSTRAINTS 109
+
+#endif /* LDAP_RBAC_H */
diff --git a/contrib/slapd-modules/rbac/rbac.c b/contrib/slapd-modules/rbac/rbac.c
new file mode 100644
index 0000000..4d2cff5
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbac.c
@@ -0,0 +1,2169 @@
+/* rbac.c - RBAC main file */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2013-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+#define RBAC_REQ 1
+
+static slap_overinst rbac;
+
+static struct berval slap_EXOP_CREATE_SESSION =
+		BER_BVC(LDAP_RBAC_EXOP_CREATE_SESSION);
+static struct berval slap_EXOP_CHECK_ACCESS =
+		BER_BVC(LDAP_RBAC_EXOP_CHECK_ACCESS);
+static struct berval slap_EXOP_ADD_ACTIVE_ROLE =
+		BER_BVC(LDAP_RBAC_EXOP_ADD_ACTIVE_ROLE);
+static struct berval slap_EXOP_DROP_ACTIVE_ROLE =
+		BER_BVC(LDAP_RBAC_EXOP_DROP_ACTIVE_ROLE);
+static struct berval slap_EXOP_DELETE_SESSION =
+		BER_BVC(LDAP_RBAC_EXOP_DELETE_SESSION);
+static struct berval slap_EXOP_SESSION_ROLES =
+		BER_BVC(LDAP_RBAC_EXOP_SESSION_ROLES);
+
+rbac_tenant_t rbac_tenants = {
+	{
+		.schema = &slap_rbac_jts_schema,
+	},
+	NULL
+};
+
+static ConfigDriver rbac_cf_gen;
+
+static ConfigTable rbaccfg[] = {
+	{ "rbac-default-users-base-dn", "usersDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_DEFAULT_USERS_BASE_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.1 NAME 'olcRBACDefaultUsersBaseDn' "
+			"DESC 'default Base DN for RBAC users ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-default-roles-base-dn", "rolesDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_DEFAULT_ROLES_BASE_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.2 NAME 'olcRBACDefaultRolesBaseDn' "
+			"DESC 'default base DN for RBAC roles ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-default-permissions-base-dn", "permissionsDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_DEFAULT_PERMISSIONS_BASE_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.3 NAME 'olcRBACDefaultPermissionsBaseDn' "
+			"DESC 'default base DN for RBAC permissions ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-default-sessions-base-dn", "sessionsDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_DEFAULT_SESSIONS_BASE_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.4 NAME 'olcRBACDefaultSessionsBaseDn' "
+			"DESC 'default base DN for RBAC permissions ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-admin", "adminDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_ADMIN_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.5 NAME 'olcRBACAdminDn' "
+			"DESC 'default admin DN for RBAC repository ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-pwd", "adminPwd", 2, 2, 0,
+		ARG_MAGIC|RBAC_ADMIN_PWD,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.6 NAME 'olcRBACAdminPwd' "
+			"DESC 'default admin pwd for RBAC repository ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-session-admin", "sessionAdminDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_SESSION_ADMIN_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.7 NAME 'olcRBACSessionAdminDn' "
+			"DESC 'admin DN for RBAC session repository ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-session-admin-pwd", "sessionAdminPwd", 2, 2, 0,
+		ARG_MAGIC|RBAC_SESSION_ADMIN_PWD,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.8 NAME 'olcRBACSessionAdminPwd' "
+			"DESC 'admin pwd for RBAC session repository ' "
+			"SYNTAX OMsDirectoryString SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "tenant", "tenant", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_TENANT,
+		rbac_cf_gen, "(OLcfgCtAt:7.9 NAME 'olcRBACTenant' "
+			"DESC 'RBAC tenant ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-default-audit-base-dn", "auditDN", 2, 2, 0,
+		ARG_MAGIC|ARG_DN|RBAC_DEFAULT_AUDIT_BASE_DN,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.10 NAME 'olcRBACDefaultAuditBaseDn' "
+			"DESC 'default base DN for RBAC audit records ' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+	{ "rbac-default-tenant-id", "tenantId", 2, 2, 0,
+		ARG_MAGIC|RBAC_DEFAULT_TENANT_ID,
+		rbac_cf_gen,
+		"(OLcfgCtAt:7.11 NAME 'olcRBACDefaultTenantId' "
+			"DESC 'default tenant id' "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+		NULL, NULL
+	},
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs rbac_ocs[] = {
+	{ "( OLcfgCtOc:7.1 "
+			"NAME 'olcRBACConfig' "
+			"DESC 'RBAC configuration' "
+			"SUP olcOverlayConfig "
+			"MAY ( olcRBACDefaultUsersBaseDn $ olcRBACDefaultRolesBaseDn $ "
+			"olcRBACDefaultPermissionsBaseDn $ olcRBACDefaultSessionsBaseDn $ "
+			"olcRBACAdminDn $  olcRBACAdminPwd $ olcRBACSessionAdminDn $ "
+			"olcRBACSessionAdminPwd) )",
+		Cft_Overlay, rbaccfg },
+
+	{ NULL, 0, NULL }
+};
+
+static slap_verbmasks rbac_keys[] = {
+	{ BER_BVC("default_users_base_dn"), RBAC_DEFAULT_USERS_BASE_DN },
+	{ BER_BVC("default_roles_base_dn"), RBAC_DEFAULT_ROLES_BASE_DN },
+	{ BER_BVC("default_permissions_base_dn"),
+		RBAC_DEFAULT_PERMISSIONS_BASE_DN },
+	{ BER_BVC("tenant"), RBAC_TENANT },
+
+	{ BER_BVNULL, 0 }
+};
+
+static slap_verbmasks rbac_tenant_keys[] = {
+	{ BER_BVC("id"), RBAC_TENANT_ID },
+	{ BER_BVC("users_base_dn"), RBAC_USERS_BASE_DN },
+	{ BER_BVC("roles_base_dn"), RBAC_ROLES_BASE_DN },
+	{ BER_BVC("permissions_base_dn"), RBAC_PERMISSIONS_BASE_DN },
+
+	{ BER_BVNULL, 0 }
+};
+
+static void
+rbac_tenant_parse( char *tenent_info, tenant_info_t *tenants )
+{
+	return;
+}
+
+static int
+rbac_cf_gen( ConfigArgs *c )
+{
+	slap_overinst *on = (slap_overinst *)c->bi;
+	rbac_tenant_t *ri = &rbac_tenants;
+	int rc = 0;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch ( c->type ) {
+			case RBAC_DEFAULT_USERS_BASE_DN:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.users_basedn );
+				break;
+			case RBAC_DEFAULT_ROLES_BASE_DN:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.roles_basedn );
+				break;
+			case RBAC_DEFAULT_PERMISSIONS_BASE_DN:
+				value_add_one(
+						&c->rvalue_vals, &ri->tenant_info.permissions_basedn );
+				break;
+			case RBAC_DEFAULT_SESSIONS_BASE_DN:
+				value_add_one(
+						&c->rvalue_vals, &ri->tenant_info.sessions_basedn );
+				break;
+			case RBAC_DEFAULT_AUDIT_BASE_DN:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.audit_basedn );
+				break;
+			case RBAC_ADMIN_DN:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.admin );
+				break;
+			case RBAC_ADMIN_PWD:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.pwd );
+				break;
+			case RBAC_SESSION_ADMIN_DN:
+				value_add_one(
+						&c->rvalue_vals, &ri->tenant_info.session_admin );
+				break;
+			case RBAC_DEFAULT_TENANT_ID:
+				value_add_one( &c->rvalue_vals, &ri->tenant_info.tid );
+				break;
+			default:
+				break;
+		}
+		return rc;
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		/* FIXME */
+		return 1;
+	}
+	switch ( c->type ) {
+		case RBAC_DEFAULT_USERS_BASE_DN: {
+			struct berval dn = BER_BVNULL;
+			ber_str2bv( c->argv[1], 0, 0, &dn );
+			rc = dnNormalize(
+					0, NULL, NULL, &dn, &ri->tenant_info.users_basedn, NULL );
+			break;
+		}
+		case RBAC_DEFAULT_ROLES_BASE_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.roles_basedn );
+			break;
+		}
+		case RBAC_DEFAULT_PERMISSIONS_BASE_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.permissions_basedn );
+			break;
+		}
+		case RBAC_DEFAULT_SESSIONS_BASE_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.sessions_basedn );
+			break;
+		}
+		case RBAC_DEFAULT_AUDIT_BASE_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.audit_basedn );
+			break;
+		}
+		case RBAC_ADMIN_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.admin );
+			break;
+		}
+		case RBAC_ADMIN_PWD: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.pwd );
+			break;
+		}
+		case RBAC_SESSION_ADMIN_DN: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.session_admin );
+			break;
+		}
+		case RBAC_SESSION_ADMIN_PWD: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.session_admin_pwd );
+			break;
+		}
+		case RBAC_DEFAULT_TENANT_ID: {
+			ber_str2bv( c->argv[1], 0, 1, &ri->tenant_info.tid );
+			break;
+		}
+		case RBAC_TENANT: {
+			rbac_tenant_parse( c->argv[1], &ri->tenant_info );
+			break;
+		}
+		default:
+			break;
+	}
+
+	return rc;
+}
+
+/*
+ * rbac configuration
+ */
+
+tenant_info_t *
+rbac_tid2tenant( struct berval *tid )
+{
+	/* return the only tenant for now */
+	return &rbac_tenants.tenant_info;
+}
+
+//{ BER_BVC(LDAP_RBAC_EXOP_SESSION_ROLES), rbac_session_roles },
+
+static int
+slap_parse_rbac_session_roles(
+		struct berval *in,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval reqdata = BER_BVNULL;
+	rbac_req_t *reqp = NULL;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len = -1;
+
+	*text = NULL;
+
+	if ( in == NULL || in->bv_len == 0 ) {
+		*text = "empty request data field in rbac_session_roles exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	reqp = rbac_alloc_req( RBAC_REQ_SESSION_ROLES );
+
+	if ( !reqp ) {
+		*text = "unable to allocate memory for rbac_session_roles exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_dupbv_x( &reqdata, in, ctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+
+	if ( tag == LBER_ERROR ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_session_roles: "
+				"decoding error.\n" );
+		goto decoding_error;
+	}
+
+	tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_RBAC_USER_ID_SESS ) {
+		struct berval uid;
+		tag = ber_scanf( ber, "m", &uid );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_session_roles: "
+					"user id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->uid, &uid, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	//tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_RBAC_SESSION_ID_SESS ) {
+		struct berval sessid;
+		tag = ber_scanf( ber, "m", &sessid );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_session_roles: "
+					"session id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->sessid, &sessid, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag != LBER_DEFAULT || len != 0 ) {
+decoding_error:;
+
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_session_roles: "
+				"decoding error, len=%ld\n",
+				(long)len );
+		rc = LDAP_PROTOCOL_ERROR;
+		*text = "data decoding error";
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		*reqpp = reqp;
+	} else {
+		rbac_free_req( reqp );
+		*reqpp = NULL;
+	}
+
+	if ( !BER_BVISNULL( &reqdata ) ) {
+		ber_memfree_x( reqdata.bv_val, ctx );
+	}
+
+	return rc;
+}
+
+static int
+rbac_session_roles( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	const struct berval rbac_op = BER_BVC("SessionRoles");
+	rbac_req_t *reqp = NULL;
+	rbac_session_t *sessp;
+	int rc;
+
+	rs->sr_err = slap_parse_rbac_session_roles(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* checking whether the session is owned by the user */
+	if ( !rbac_is_session_owner( sessp, reqp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"session not owned by user\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rc = rbac_int_delete_session( op, sessp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"unable to delete session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/*
+	 * If we wanted to...
+	 * load these roles into a response with a sequence nested within a
+	 * sequence: (No, we're not actually doing this here.)
+	 *		0x30 LL		ber_printf( ber,  "{" );
+	 *			0x04 L1
+	 *				0x04 L2 a b c d
+	 *				0x04 L3 e f g h
+	 *				0x04 L4 i j k l
+	 * add all three ber_bvarray_add_x( &roles, &tmpbv, NULL );
+	 * close it      ber_printf( ber, "t{W}", LDAP_TAG_EXOP_RBAC_ROLES, roles );
+	 */
+
+	/*
+	 * Instead we are...
+	 * loading these roles into the response within a sequence:  (Yes, we are doing this here.)
+	 *		0x30 LL		ber_printf( ber,  "{" );
+	 *			0x04 L1 a b c d
+	 *			0x04 L2 e f g h
+	 *			0x04 L3 i j k l
+	 *	add all three ber_bvarray_add_x( &roles, &tmpbv, NULL );
+	 *	close it      ber_printf( ber, "tW", LDAP_TAG_EXOP_RBAC_ROLES, roles );
+	 */
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_init_w_nullc( ber, LBER_USE_DER );
+	BerVarray roles = NULL;
+	if ( sessp->roles ) {
+		struct berval tmpbv;
+		// open the sequence:
+		ber_printf( ber, "{" /*}*/ );
+		//char *role;
+		int i = 0;
+		//BerVarray roles = NULL;
+		for ( i = 0; !BER_BVISNULL( &sessp->roles[i] ); i++ ) {
+			tmpbv.bv_val = sessp->roles[i].bv_val;
+			tmpbv.bv_len = sessp->roles[i].bv_len;
+			// add role name:
+			ber_bvarray_add_x( &roles, &tmpbv, NULL );
+
+			//LBER_F( int )
+			//ber_bvecadd_x LDAP_P(( struct berval ***bvec,
+			//	struct berval *bv, void *ctx ));
+
+			// first attempt at sequence within a sequence...
+			// open another sequence:
+			/*
+			ber_printf( ber, "{" } );
+			// add role name (again):
+			ber_bvarray_add_x(&roles, &tmpbv, NULL);
+			// close the nested sequence:
+			ber_printf( ber, { "}" );
+*/
+			// end 2nd sequence
+		}
+		/*
+		 * This is how we add several octet strings at one time. An array of struct berval's is supplied.
+		 * The array is terminated by a struct berval with a NULL bv_val.
+		 * Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings.
+		 * But here we are using 'tW' which allows passing a collection of octets w/out a nesting within a sequence.
+         */
+		ber_printf( ber, "tW",
+				LDAP_TAG_EXOP_RBAC_ROLES, roles);
+
+		// TODO: determine why free on roles array causes a seg fault:
+		//ber_bvarray_free_x(roles, NULL);
+
+		// close the sequence:
+		ber_printf( ber, /*{*/ "N}" );
+	}
+
+	if ( rc < 0 ) {
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+	} else {
+		(void)ber_flatten( ber, &rs->sr_rspdata );
+		rs->sr_err = LDAP_SUCCESS;
+	}
+	ber_free_buf( ber );
+	// END LOAD ROLES INTO RESPONSE
+
+done:;
+	rs->sr_err = rc;
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_SESSION_ROLES.bv_val );
+
+	/* generate audit log */
+	rbac_audit(
+			op, SessionRoles, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+	rbac_free_session( sessp );
+	rbac_free_req( reqp );
+	return rs->sr_err;
+}
+
+static int
+rbac_session_rolesx( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	const struct berval rbac_op = BER_BVC("SessionRoles");
+	rbac_session_t *sessp = NULL;
+	rbac_req_t *reqp = NULL;
+	int rc;
+
+	rs->sr_err = slap_parse_rbac_session_roles(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* checking whether the session is owned by the user */
+	if ( !rbac_is_session_owner( sessp, reqp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"session not owned by user\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rc = rbac_int_delete_session( op, sessp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_roles: "
+				"unable to delete session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/*
+	 * If we wanted to...
+	 * load these roles into a response with a sequence nested within a
+	 * sequence: (No, we're not actually doing this here.)
+	 *		0x30 LL		ber_printf( ber,  "{" );
+	 *			0x04 L1
+	 *				0x04 L2 a b c d
+	 *				0x04 L3 e f g h
+	 *				0x04 L4 i j k l
+	 * add all three ber_bvarray_add_x( &roles, &tmpbv, NULL );
+	 * close it      ber_printf( ber, "t{W}", LDAP_TAG_EXOP_RBAC_ROLES, roles );
+	 */
+
+	/*
+	 * Instead we are...
+	 * loading these roles into the response within a sequence:  (Yes, we are doing this here.)
+	 *		0x30 LL		ber_printf( ber,  "{" );
+	 *			0x04 L1 a b c d
+	 *			0x04 L2 e f g h
+	 *			0x04 L3 i j k l
+	 *	add all three ber_bvarray_add_x( &roles, &tmpbv, NULL );
+	 *	close it      ber_printf( ber, "tW", LDAP_TAG_EXOP_RBAC_ROLES, roles );
+	 */
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_init_w_nullc( ber, LBER_USE_DER );
+	BerVarray roles = NULL;
+	if ( sessp->roles ) {
+		struct berval tmpbv;
+		// open the sequence:
+		ber_printf( ber, "{" /*}*/ );
+		//char *role;
+		int i = 0;
+		//BerVarray roles = NULL;
+		for ( i = 0; !BER_BVISNULL( &sessp->roles[i] ); i++ ) {
+			tmpbv.bv_val = sessp->roles[i].bv_val;
+			tmpbv.bv_len = sessp->roles[i].bv_len;
+			// add role name:
+			ber_bvarray_add_x( &roles, &tmpbv, NULL );
+
+			// first attempt at sequence within a sequence...
+			// open another sequence:
+			/*
+			ber_printf( ber, "{" } );
+			// add role name (again):
+			ber_bvarray_add_x(&roles, &tmpbv, NULL);
+			// close the nested sequence:
+			ber_printf( ber, { "}" );
+*/
+			// end 2nd sequence
+		}
+		/*
+		 * This is how we add several octet strings at one time. An array of struct berval's is supplied.
+		 * The array is terminated by a struct berval with a NULL bv_val.
+		 * Note that a construct like '{W}' is required to get an actual SEQUENCE OF octet strings.
+		 * But here we are using 'tW' which allows passing a collection of octets w/out a nesting within a sequence.
+         */
+		ber_printf( ber, "tW",
+				LDAP_TAG_EXOP_RBAC_ROLES, roles);
+
+		// TODO: determine why free on roles array causes a seg fault:
+		//ber_bvarray_free_x(roles, NULL);
+
+		// close the sequence:
+		ber_printf( ber, /*{*/ "N}" );
+	}
+
+	if ( rc < 0 ) {
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+	} else {
+		(void)ber_flatten( ber, &rs->sr_rspdata );
+		rs->sr_err = LDAP_SUCCESS;
+	}
+	ber_free_buf( ber );
+	// END LOAD ROLES INTO RESPONSE
+
+done:;
+	rs->sr_err = rc;
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_SESSION_ROLES.bv_val );
+
+	/* generate audit log */
+	rbac_audit(
+			op, SessionRoles, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+	rbac_free_session( sessp );
+	rbac_free_req( reqp );
+	return rs->sr_err;
+}
+
+/*
+ * slap_parse_rbac_create_session
+ */
+static int
+slap_parse_rbac_create_session(
+		struct berval *in,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval reqdata = BER_BVNULL;
+	rbac_req_t *reqp = NULL;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len = -1;
+
+	*text = NULL;
+
+	if ( in == NULL || in->bv_len == 0 ) {
+		*text = "empty request data field in rbac_create_session exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	reqp = rbac_alloc_req( RBAC_REQ_CREATE_SESSION );
+
+	if ( !reqp ) {
+		*text = "unable to allocate memory for bac_create_session exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_dupbv_x( &reqdata, in, ctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+
+	if ( tag == LBER_ERROR ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+				"decoding error.\n" );
+		goto decoding_error;
+	}
+
+	// Order: 1. sessionId, 2. tenantId, 3. userId, 4. password and 5. roles
+	/* must-have */
+	tag = ber_peek_tag( ber, &len );
+
+	// 1. SESSIONID
+	if ( tag == LDAP_TAG_EXOP_RBAC_SESSION_ID ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"session id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->sessid, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// 2. TENANT ID
+	if ( tag == LDAP_TAG_EXOP_RBAC_TENANT_ID ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"tenant id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->tenantid, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// 3. USERID
+	if ( tag == LDAP_TAG_EXOP_RBAC_USER_ID ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"user id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->uid, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// 4. PASSWORD
+	if ( tag == LDAP_TAG_EXOP_RBAC_AUTHTOK ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv);
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"authtok parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->authtok, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// 5. ROLES
+	if ( tag == LDAP_TAG_EXOP_RBAC_ACTIVE_ROLE ) {
+		tag = ber_scanf( ber, "W", &reqp->roles);
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"role parse failed.\n" );
+			goto decoding_error;
+		}
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag != LBER_DEFAULT || len != 0 ) {
+decoding_error:;
+
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+				"decoding error, len=%ld\n",
+				(long)len );
+		rc = LDAP_PROTOCOL_ERROR;
+		*text = "data decoding error";
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "slap_parse_rbac_create_session: "
+				"SUCCESS\n" );
+
+		*reqpp = reqp;
+	} else {
+		Debug( LDAP_DEBUG_ANY, "slap_parse_rbac_create_session: "
+				"NO SUCCESS RC=%d\n", rc );
+
+		rbac_free_req( reqp );
+		*reqpp = NULL;
+	}
+
+	if ( !BER_BVISNULL( &reqdata ) ) {
+		ber_memfree_x( reqdata.bv_val, ctx );
+	}
+
+	return rc;
+}
+
+/*
+ * rbac_create_session:
+ *     1. authenticate user
+ *     2. evaluate pwd policy
+ *     3. create session
+ */
+static int
+rbac_create_session( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	struct berval rbac_op = BER_BVC("CreateSession");
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	int rc = LDAP_SUCCESS;
+	rbac_session_t *sessp = NULL;
+	rbac_user_t *userp = NULL;
+	rbac_req_t *reqp = NULL;
+
+	rs->sr_err = slap_parse_rbac_create_session(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* read user entry */
+	userp = rbac_read_user( op, reqp );
+	if ( !userp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+				"unable to read user entry\n" );
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		rs->sr_text = "rbac_create_session: unable to read user entry";
+		goto done;
+	}
+
+	if ( !BER_BVISNULL( &userp->password ) ) {
+		/* if request is with pwd, authenticate the user */
+		rc = rbac_authenticate_user( op, userp );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+					"rbac_authenticate_user failed!\n" );
+			rs->sr_err = LDAP_INVALID_CREDENTIALS;
+			rs->sr_text = "rbac_create_session: invalid credential";
+			goto done;
+		}
+		/*
+		rbac_user_t *ui = op->o_callback->sc_private;
+		int pVal = ui->authz;
+		printf("password reset val=%d", pVal );
+*/
+
+	} else {
+		/* no pwd is provided, check whether the requesting session */
+		/* id has the access privilege to create a session on behalf */
+		/* of the user */
+		rc = rbac_create_session_acl_check( &reqp->sessid, userp );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+					"rbac_authenticate_user failed!\n" );
+			rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+			rs->sr_text = "rbac_create_session: session permission denied";
+			goto done;
+		}
+	}
+
+	/* check user temporal constraint */
+	rc = rbac_user_temporal_constraint( userp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+				"rbac_user_temporal_constraint() failed!\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_create_session: temporal constraint violation";
+		goto done;
+	}
+
+	sessp = rbac_alloc_session();
+	if ( !sessp ) {
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_create_session: unable to allocate session";
+		goto done;
+	}
+
+	rc = activate_session_roles( sessp, reqp, userp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+				"failed to activate roles to session!\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text =
+				"rbac_create_session: failed to activate roles into session";
+		goto done;
+	}
+
+	/* store uid and tenant id in session */
+	ber_dupbv( &sessp->userdn, &userp->dn );
+	ber_dupbv( &sessp->uid, &reqp->uid );
+	ber_dupbv( &sessp->tenantid, &reqp->tenantid );
+
+	/* register RBAC session */
+	rc = rbac_register_session( op, rs, sessp );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	ber_init_w_nullc( ber, LBER_USE_DER );
+	rc = ber_printf( ber, "{tO}", LDAP_TAG_EXOP_RBAC_SESSION_ID,
+			&sessp->sessid );
+	if ( rc < 0 ) {
+		rs->sr_err = LDAP_OTHER;
+		rs->sr_text = "internal error";
+	} else {
+		(void)ber_flatten( ber, &rs->sr_rspdata );
+		rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val );
+		rs->sr_err = LDAP_SUCCESS;
+	}
+
+	ber_free_buf( ber );
+
+done:;
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val );
+	/* generate audit log */
+	rbac_audit(
+			op, CreateSession, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+
+	rbac_free_req( reqp );
+	rbac_free_session( sessp );
+
+	//if (rs->sr_err != LDAP_SUCCESS) {
+	//send_ldap_result( op, rs );
+	//}
+
+	return rs->sr_err;
+}
+
+/*
+ * slap_parse_rbac_check_access
+ */
+static int
+slap_parse_rbac_check_access(
+		struct berval *in,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval reqdata = BER_BVNULL;
+	rbac_req_t *reqp = NULL;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len;
+
+	*text = NULL;
+	reqp = rbac_alloc_req( RBAC_REQ_CHECK_ACCESS );
+
+	if ( !reqp ) {
+		*text = "unable to allocate memory for slap_parse_rbac_check_access";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	if ( in == NULL || in->bv_len == 0 ) {
+		*text = "empty request data field in rbac_check_access exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_dupbv_x( &reqdata, in, ctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+
+	if ( tag == LBER_ERROR ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+				"decoding error.\n" );
+		goto decoding_error;
+	}
+
+	// sessionId is required:
+	tag = ber_peek_tag( ber, &len );
+	if ( tag != LDAP_TAG_EXOP_RBAC_SESSION_ID ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+				"decoding error.\n" );
+		goto decoding_error;
+	} else {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+					"session id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->sessid, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// operationName is required:
+	if ( tag != LDAP_TAG_EXOP_RBAC_OPNAME ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+				"decoding error.\n" );
+		goto decoding_error;
+	} else {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+					"opname parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->opname, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// objectName is required:
+	if ( tag != LDAP_TAG_EXOP_RBAC_OBJNAME ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+				"decoding error.\n" );
+		goto decoding_error;
+	} else {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+					"objname parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->objname, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	// objectId is optional:
+	if ( tag == LDAP_TAG_EXOP_RBAC_OBJID ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+					"objid parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->objid, &bv, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag != LBER_DEFAULT || len != 0 ) {
+decoding_error:;
+
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_check_access: "
+				"decoding error, len=%ld\n",
+				(long)len );
+		rc = LDAP_PROTOCOL_ERROR;
+		*text = "data decoding error";
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "slap_parse_rbac_check_access: "
+				"SUCCESS\n" );
+		*reqpp = reqp;
+	} else {
+		Debug( LDAP_DEBUG_ANY, "slap_parse_rbac_check_access: "
+				"FAIL\n" );
+		rbac_free_req( reqp );
+	}
+
+	if ( !BER_BVISNULL( &reqdata ) ) {
+		ber_memfree_x( reqdata.bv_val, ctx );
+	}
+
+	return rc;
+}
+
+// checkAcess F  (ALL)
+static int
+rbac_check_access( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_session_t *sessp = NULL;
+	rbac_permission_t *permp = NULL;
+	rbac_constraint_t *cp = NULL;
+	rbac_req_t *reqp = NULL;
+	const struct berval rbac_op = BER_BVC("CheckAccess");
+	int rc = LDAP_SUCCESS;
+	int found = 0;
+
+	rs->sr_err = slap_parse_rbac_check_access(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	BER_BVZERO( &op->o_req_dn );
+	BER_BVZERO( &op->o_req_ndn );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* read the permission using objectName and OpName */
+	permp = rbac_read_permission( op, reqp );
+	if ( !permp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"permission not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	// Convert the user-role constraint data from BerVarray to rbac_constraint_t format
+	cp = rbac_user_role_constraints( sessp->role_constraints );
+
+	// Now do the actual rbac checkAccess:
+	rc = rbac_check_session_permission( sessp, permp, cp );
+
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_user_permission: "
+				"failed\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+done:
+
+	rs->sr_err = rc;
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+
+	/* generate audit log */
+	rbac_audit( op, CheckAccess, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+
+	rbac_free_permission( permp );
+	rbac_free_req( reqp );
+	rbac_free_session( sessp );
+	rbac_free_constraints( cp );
+
+	return rs->sr_err;
+}
+
+// checkAcess A loop back
+static int
+rbac_check_accessA( Operation *op, SlapReply *rs )
+{
+	int rc = LDAP_SUCCESS;
+
+	//rs->sr_err = slap_parse_rbac_check_access(op->ore_reqdata,
+	//	&reqp, &rs->sr_text, NULL);
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+	rs->sr_err = rc;
+
+	return rc;
+}
+
+// checkAcess B parse
+static int
+rbac_check_accessB( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_req_t *reqp = NULL;
+	const struct berval rbac_op = BER_BVC("CheckAccess");
+	int rc = LDAP_SUCCESS;
+
+	Debug( LDAP_DEBUG_ANY, "rbac_check_access\n" );
+
+	rs->sr_err = slap_parse_rbac_check_access(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	BER_BVZERO( &op->o_req_dn );
+	BER_BVZERO( &op->o_req_ndn );
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+	rs->sr_err = rc;
+
+	rbac_free_req( reqp );
+
+	return rc;
+}
+
+// checkAcess C - parse request & read session record
+static int
+rbac_check_accessC( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_session_t *sessp = NULL;
+	rbac_req_t *reqp = NULL;
+	const struct berval rbac_op = BER_BVC("CheckAccess");
+	int rc = LDAP_SUCCESS;
+
+	Debug( LDAP_DEBUG_ANY, "rbac_check_access\n" );
+
+	rs->sr_err = slap_parse_rbac_check_access(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	BER_BVZERO( &op->o_req_dn );
+	BER_BVZERO( &op->o_req_ndn );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+done:
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+	rs->sr_err = rc;
+
+	rbac_free_req( reqp );
+	rbac_free_session( sessp );
+	return rc;
+}
+
+// checkAcess D, parse, read perm
+static int
+rbac_check_accessD( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_permission_t *permp = NULL;
+	rbac_req_t *reqp = NULL;
+	const struct berval rbac_op = BER_BVC("CheckAccess");
+	int rc = LDAP_SUCCESS;
+
+	Debug( LDAP_DEBUG_ANY, "rbac_check_access\n" );
+
+	rs->sr_err = slap_parse_rbac_check_access(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	BER_BVZERO( &op->o_req_dn );
+	BER_BVZERO( &op->o_req_ndn );
+
+	/* get the session using the session id */
+	/*
+	sessp = rbac_session_byid(op, reqp);
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+*/
+
+	/* read the permission using objectName and OpName */
+	permp = rbac_read_permission( op, reqp );
+	if ( !permp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"permission not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+done:
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+	rs->sr_err = rc;
+
+	rbac_free_permission( permp );
+	rbac_free_req( reqp );
+
+	return rc;
+}
+
+// checkAcess E everything but the audit insert
+static int
+rbac_check_accessE( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_session_t *sessp = NULL;
+	rbac_permission_t *permp = NULL;
+	rbac_constraint_t *cp = NULL;
+	rbac_req_t *reqp = NULL;
+	const struct berval rbac_op = BER_BVC("CheckAccess");
+	int rc = LDAP_SUCCESS;
+
+	Debug( LDAP_DEBUG_ANY, "rbac_check_access\n" );
+
+	rs->sr_err = slap_parse_rbac_check_access(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	BER_BVZERO( &op->o_req_dn );
+	BER_BVZERO( &op->o_req_ndn );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* read the permission using objectName and OpName */
+	permp = rbac_read_permission( op, reqp );
+	if ( !permp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_access: "
+				"permission not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	// Convert the user-role constraint data from BerVarray to rbac_constraint_t format
+	cp = rbac_user_role_constraints( sessp->role_constraints );
+
+	// Now do the actual rbac checkAccess:
+	rc = rbac_check_session_permission( sessp, permp, cp );
+
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_check_user_permission: "
+				"failed\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+done:
+
+	rs->sr_err = rc;
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_CHECK_ACCESS.bv_val );
+
+	/* generate audit log */
+	//rbac_audit(op, CheckAccess, sessp, reqp, rs->sr_err,
+	//	(char *) rs->sr_text);
+
+	rbac_free_permission( permp );
+	rbac_free_req( reqp );
+	rbac_free_session( sessp );
+	rbac_free_constraints( cp );
+
+	return rs->sr_err;
+}
+
+/* check whether role exists and role assigned to the user */
+static int
+rbac_check_user_role(
+		rbac_req_t *reqp,
+		rbac_session_t *sessp,
+		rbac_user_t *userp )
+{
+	int rc = 0;
+	int i;
+
+	//assert(!BER_BVISEMPTY(&reqp->roles[0]));
+	assert( !BER_BVISEMPTY( &reqp->role ) );
+
+	for ( i = 0; !BER_BVISNULL( &userp->roles[i] ); i++ ) {
+		//if (!ber_bvstrcasecmp(&userp->roles[i], &reqp->roles[0])) {
+		if ( !ber_bvstrcasecmp( &userp->roles[i], &reqp->role ) ) {
+			rc = 1; /* found the match */
+			goto done;
+		}
+	}
+
+done:;
+
+	return rc;
+}
+
+/* check whether role exists and role assigned to the session */
+static int
+rbac_check_session_role( rbac_req_t *reqp, rbac_session_t *sessp )
+{
+	int rc = 0;
+	int i;
+
+	for ( i = 0; !BER_BVISNULL( &sessp->roles[i] ); i++ ) {
+		//if (!ber_bvstrcasecmp(&sessp->roles[i], &reqp->roles[0])) {
+		if ( !ber_bvstrcasecmp( &sessp->roles[i], &reqp->role ) ) {
+			rc = 1; /* found the match */
+			goto done;
+		}
+	}
+
+done:;
+
+	return rc;
+}
+
+/* make sure user is the owner of the session */
+static int
+rbac_check_user_session( rbac_session_t *sessp, rbac_req_t *reqp )
+{
+	int rc = 0;
+
+	if ( BER_BVISNULL( &sessp->uid ) || BER_BVISNULL( &reqp->uid ) ||
+			sessp->uid.bv_len != reqp->uid.bv_len ) {
+		goto done;
+	}
+
+	if ( !strncasecmp(
+				sessp->uid.bv_val, reqp->uid.bv_val, reqp->uid.bv_len ) ) {
+		rc = 1;
+		goto done;
+	}
+
+done:;
+
+	return rc;
+}
+
+/*
+ * slap_parse_rbac_active_role
+ */
+static int
+slap_parse_rbac_active_role(
+		struct berval *in,
+		int add_or_drop_role,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval reqdata = BER_BVNULL;
+	rbac_req_t *reqp = NULL;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len = -1;
+
+	*text = NULL;
+
+	if ( in == NULL || in->bv_len == 0 ) {
+		*text = "empty request data field in rbac_create_session exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	reqp = rbac_alloc_req( add_or_drop_role );
+
+	if ( !reqp ) {
+		*text = "unable to allocate memory for rbac_add_drop_active_role exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_dupbv_x( &reqdata, in, ctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+
+	if ( tag == LBER_ERROR ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_active_role: "
+				"decoding error.\n" );
+		goto decoding_error;
+	}
+
+	tag = ber_peek_tag( ber, &len );
+	//if ( tag == LDAP_TAG_EXOP_RBAC_USER_ID ) {
+	if ( tag == LDAP_TAG_EXOP_RBAC_USER_ID_SESS ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_active_role: "
+					"user id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv( &reqp->uid, &bv );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag == LDAP_TAG_EXOP_RBAC_SESSION_ID_SESS ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_active_role: "
+					"session id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv( &reqp->sessid, &bv );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag == LDAP_TAG_EXOP_RBAC_ROLE_NM_SESS ) {
+		struct berval bv;
+		tag = ber_scanf( ber, "m", &bv );
+		//tag = ber_scanf( ber, "W", &reqp->roles);
+		//tag = ber_scanf( ber, "m", &reqp->roles);
+		//tag = ber_scanf( ber, "m", &reqp->roles[0]);
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+					"role parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv( &reqp->role, &bv );
+		//ber_dupbv(&reqp->roles[0], &bv);
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag != LBER_DEFAULT || len != 0 ) {
+decoding_error:;
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_create_session: "
+				"decoding error, len=%ld\n",
+				(long)len );
+		rc = LDAP_PROTOCOL_ERROR;
+		*text = "data decoding error";
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		*reqpp = reqp;
+	} else {
+		rbac_free_req( reqp );
+		*reqpp = NULL;
+	}
+
+	if ( !BER_BVISNULL( &reqdata ) ) {
+		ber_memfree_x( reqdata.bv_val, ctx );
+	}
+
+	return rc;
+}
+
+static int
+rbac_add_active_role( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	struct berval rbac_op = BER_BVC("AddActiveRole");
+	rbac_req_t *reqp = NULL;
+	rbac_user_t *userp = NULL;
+	rbac_session_t *sessp;
+	int rc = LDAP_SUCCESS;
+
+	rs->sr_err = slap_parse_rbac_active_role( op->ore_reqdata,
+			RBAC_REQ_ADD_ACTIVE_ROLE, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+				"session not found\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_add_active_role: session not found";
+		goto done;
+	}
+
+	/* read user entry */
+	userp = rbac_read_user( op, reqp );
+	if ( !userp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+				"unable to read user entry\n" );
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		rs->sr_text = "rbac_add_active_role: unable to read user entry";
+		goto done;
+	}
+
+	/* make sure role exists and role assigned to the user */
+	if ( !rbac_check_user_role( reqp, sessp, userp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+				"role not assigned to the user\n" );
+		rs->sr_err = LDAP_NO_SUCH_OBJECT;
+		rs->sr_text = "rbac_add_active_role: role not assigned to the user";
+		goto done;
+	}
+
+	/* make sure user is the owner of the session */
+	if ( !rbac_check_user_session( sessp, reqp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+				"user not owner of session\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_add_active_role: user not owner of the session";
+		goto done;
+	}
+
+	/* add the role to the session */
+	rc = rbac_session_add_role( op, sessp, reqp );
+	if ( rc != LDAP_SUCCESS ) {
+		rs->sr_err = rc;
+		if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
+			rs->sr_text =
+					"rbac_add_active_role: role already activated in session";
+			Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+					"role already activated in session\n" );
+		} else {
+			rs->sr_text = "rbac_add_active_role: unable to add role to session";
+			Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+					"unable to add role to session\n" );
+		}
+		goto done;
+	}
+
+done:
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_ADD_ACTIVE_ROLE.bv_val );
+
+	/* generate audit log */
+	rbac_audit(
+			op, AddActiveRole, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+
+	rbac_free_session( sessp );
+	rbac_free_user( userp );
+	rbac_free_req( reqp );
+
+	return rs->sr_err;
+}
+
+static int
+rbac_drop_active_role( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	const struct berval rbac_op = BER_BVC("DropActiveRole");
+	rbac_session_t *sessp;
+	rbac_req_t *reqp = NULL;
+	int rc = LDAP_SUCCESS;
+
+	rs->sr_err = slap_parse_rbac_active_role( op->ore_reqdata,
+			RBAC_REQ_DROP_ACTIVE_ROLE, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_drop_active_role: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	if ( BER_BVISNULL( &reqp->role ) || !sessp->roles ||
+			BER_BVISNULL( &sessp->roles[0] ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_drop_active_role: "
+				"unavailable role\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* make sure role exists and role assigned to the user */
+	if ( !rbac_check_session_role( reqp, sessp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_drop_active_role: "
+				"role not assigned to session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* make sure user is the owner of the session */
+	if ( !rbac_check_user_session( sessp, reqp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_drop_active_role: "
+				"user not owner of session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_drop_active_role: user not owner of the session";
+		goto done;
+	}
+
+	/* drop the role to the session */
+	rc = rbac_session_drop_role( op, sessp, reqp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_drop_active_role: "
+				"unable to drop active role from session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		rs->sr_text = "rbac_drop_active_role: unable to drop role from session";
+		goto done;
+	}
+
+done:
+	rs->sr_err = rc;
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_DROP_ACTIVE_ROLE.bv_val );
+
+	/* generate audit log */
+	rbac_audit(
+			op, DropActiveRole, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+
+	rbac_free_session( sessp );
+	rbac_free_req( reqp );
+
+	return rs->sr_err;
+}
+
+/*
+ * slap_parse_rbac_delete_session
+ */
+static int
+slap_parse_rbac_delete_session(
+		struct berval *in,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval reqdata = BER_BVNULL;
+	rbac_req_t *reqp = NULL;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	ber_tag_t tag;
+	ber_len_t len = -1;
+
+	*text = NULL;
+
+	if ( in == NULL || in->bv_len == 0 ) {
+		*text = "empty request data field in rbac_delete_session exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	reqp = rbac_alloc_req( RBAC_REQ_DELETE_SESSION );
+
+	if ( !reqp ) {
+		*text = "unable to allocate memory for rbac_delete_session exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	ber_dupbv_x( &reqdata, in, ctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+
+	if ( tag == LBER_ERROR ) {
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_delete_session: "
+				"decoding error.\n" );
+		goto decoding_error;
+	}
+
+	tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_RBAC_USER_ID_SESS ) {
+		struct berval uid;
+		tag = ber_scanf( ber, "m", &uid );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_delete_session: "
+					"user id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->uid, &uid, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	//tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_RBAC_SESSION_ID_SESS ) {
+		struct berval sessid;
+		tag = ber_scanf( ber, "m", &sessid );
+		if ( tag == LBER_ERROR ) {
+			Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_delete_session: "
+					"session id parse failed.\n" );
+			goto decoding_error;
+		}
+		ber_dupbv_x( &reqp->sessid, &sessid, ctx );
+		tag = ber_peek_tag( ber, &len );
+	}
+
+	if ( tag != LBER_DEFAULT || len != 0 ) {
+decoding_error:;
+
+		Debug( LDAP_DEBUG_TRACE, "slap_parse_rbac_delete_session: "
+				"decoding error, len=%ld\n",
+				(long)len );
+		rc = LDAP_PROTOCOL_ERROR;
+		*text = "data decoding error";
+	}
+
+	if ( rc == LDAP_SUCCESS ) {
+		*reqpp = reqp;
+	} else {
+		rbac_free_req( reqp );
+		*reqpp = NULL;
+	}
+
+	if ( !BER_BVISNULL( &reqdata ) ) {
+		ber_memfree_x( reqdata.bv_val, ctx );
+	}
+
+	return rc;
+}
+
+static int
+rbac_delete_session( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	const struct berval rbac_op = BER_BVC("DeleteSession");
+	rbac_session_t *sessp = NULL;
+	rbac_req_t *reqp = NULL;
+	int rc;
+
+	rs->sr_err = slap_parse_rbac_delete_session(
+			op->ore_reqdata, &reqp, &rs->sr_text, NULL );
+
+	assert( rs->sr_err == LDAP_SUCCESS );
+
+	/* get the session using the session id */
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_delete_session: "
+				"session not found\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* checking whether the session is owned by the user */
+	if ( !rbac_is_session_owner( sessp, reqp ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_delete_session: "
+				"session not owned by user\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rc = rbac_int_delete_session( op, sessp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_int_delete_session: "
+				"unable to delete session\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+done:;
+
+	rs->sr_err = rc;
+
+	// always put the OID in the response:
+	rs->sr_rspoid = ch_strdup( slap_EXOP_DELETE_SESSION.bv_val );
+
+	/* generate audit log */
+	rbac_audit(
+			op, DeleteSession, sessp, reqp, rs->sr_err, (char *)rs->sr_text );
+
+	rbac_free_session( sessp );
+	rbac_free_req( reqp );
+
+	return rs->sr_err;
+}
+
+/* returns the permissions associated with a session */
+static int
+rbac_session_permissions( Operation *op, SlapReply *rs, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	const struct berval rbac_op = BER_BVC("SessionPermissions");
+	rbac_session_t *sessp;
+
+	sessp = rbac_session_byid( op, reqp );
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_permissions: "
+				"session id not found\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rs->sr_err = rbac_int_session_permissions( op, rs, reqp, sessp );
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_permissions: "
+				"permissions not found\n" );
+		goto done;
+	}
+
+done:;
+	return rs->sr_err;
+}
+
+/* extract session permission info from op */
+int
+rbac_search_parse_session_permissions_req(
+		Operation *op,
+		rbac_req_t **reqpp,
+		const char **text,
+		void *ctx )
+{
+	int rc = LDAP_SUCCESS;
+	struct berval *sessid = NULL;
+	rbac_req_t *reqp = NULL;
+	*text = NULL;
+	struct berval rbac_session_id = BER_BVC("sessionID");
+	struct berval rbac_session_permissions_attr =
+			BER_BVC("sessionPermissions");
+	AttributeDescription *ad = NULL;
+	Filter *f;
+
+	/* check simple assertion (sessionID=<session id>) */
+	f = op->ors_filter;
+	ad = f->f_ava->aa_desc;
+	if ( !ad || ber_bvstrcasecmp( &rbac_session_id, &ad->ad_cname ) ) {
+		goto done;
+	}
+	sessid = &f->f_ava->aa_value;
+
+	if ( !rbac_is_valid_session_id( sessid ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_search_parse_session_permissions_req: "
+				"invalid session id\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* check requested attr */
+
+	if ( !op->oq_search.rs_attrs ||
+			BER_BVISNULL( &op->oq_search.rs_attrs[0].an_name ) ||
+			ber_bvstrcasecmp( &op->oq_search.rs_attrs[0].an_name,
+					&rbac_session_permissions_attr ) ||
+			!BER_BVISNULL( &op->oq_search.rs_attrs[1].an_name ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_search_parse_session_permissions_req: "
+				"only sessionPermissions allowed\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	reqp = rbac_alloc_req( RBAC_REQ_SESSION_PERMISSIONS );
+	if ( !reqp ) {
+		*text = "unable to allocate memory for rbac_session_permissions req";
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* retrieve session id from search filter */
+	ber_dupbv_x( &reqp->sessid, sessid, ctx );
+
+done:;
+
+	if ( rc == LDAP_SUCCESS ) {
+		*reqpp = reqp;
+	} else {
+		rbac_free_req( reqp );
+		*reqpp = NULL;
+	}
+
+	return rc;
+}
+
+static int
+rbac_search( Operation *op, SlapReply *rs )
+{
+	Debug( LDAP_DEBUG_ANY, "rbac_search entry\n" );
+
+	return SLAP_CB_CONTINUE;
+}
+
+/*
+static int
+rbac_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_req_t *reqp = NULL;
+	int rc = SLAP_CB_CONTINUE;
+
+	 only session_permissions is implemented for now
+	rc = rbac_search_parse_session_permissions_req(
+			op, &reqp, &rs->sr_text, NULL );
+	if ( !reqp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_search: "
+				"invalid search for session permissions\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rc = rbac_session_permissions( op, rs, reqp );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_search: "
+				"session permissions failed\n" );
+		rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	rs->sr_err = LDAP_SUCCESS;
+
+done:;
+	send_ldap_result( op, rs );
+
+	return rc;
+}
+*/
+
+static struct exop {
+	struct berval oid;
+	BI_op_extended *extended;
+} rbac_exop_table[] = {
+	{ BER_BVC(LDAP_RBAC_EXOP_CREATE_SESSION), rbac_create_session },
+	{ BER_BVC(LDAP_RBAC_EXOP_CHECK_ACCESS), rbac_check_access },
+	{ BER_BVC(LDAP_RBAC_EXOP_ADD_ACTIVE_ROLE), rbac_add_active_role },
+	{ BER_BVC(LDAP_RBAC_EXOP_DROP_ACTIVE_ROLE), rbac_drop_active_role },
+	{ BER_BVC(LDAP_RBAC_EXOP_DELETE_SESSION), rbac_delete_session },
+	{ BER_BVC(LDAP_RBAC_EXOP_SESSION_ROLES), rbac_session_roles },
+
+	{ BER_BVNULL, NULL }
+};
+
+static int
+rbac_add( Operation *op, SlapReply *rs )
+{
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_bind( Operation *op, SlapReply *rs )
+{
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_compare( Operation *op, SlapReply *rs )
+{
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_delete( Operation *op, SlapReply *rs )
+{
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_modify( Operation *op, SlapReply *rs )
+{
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_extended( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	int rc = SLAP_CB_CONTINUE;
+	int i;
+
+	for ( i = 0; rbac_exop_table[i].extended != NULL; i++ ) {
+		if ( bvmatch( &rbac_exop_table[i].oid, &op->oq_extended.rs_reqoid ) ) {
+			rc = rbac_exop_table[i].extended( op, rs );
+			switch ( rc ) {
+				case LDAP_SUCCESS:
+					break;
+				case SLAP_CB_CONTINUE:
+				case SLAPD_ABANDON:
+					return rc;
+				default:
+					send_ldap_result( op, rs );
+					return rc;
+			}
+			break;
+		}
+	}
+
+	return rc;
+}
+
+static int
+rbac_db_init( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+
+	return 0;
+}
+
+static int
+rbac_db_open( BackendDB *be, ConfigReply *cr )
+{
+	int rc = LDAP_SUCCESS;
+
+	rc = rbac_initialize_tenants( be, cr );
+
+	return rc;
+}
+
+static int
+rbac_db_close( BackendDB *be, ConfigReply *cr )
+{
+	return 0;
+}
+
+int
+rbac_initialize()
+{
+	int rc;
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_CREATE_SESSION,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_create_session, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_create_session exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_CHECK_ACCESS,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_check_access, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_check_access exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_ADD_ACTIVE_ROLE,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_add_active_role, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_add_active_role exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_DROP_ACTIVE_ROLE,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_drop_active_role, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_drop_active_role exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_DELETE_SESSION,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_delete_session, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_delete_session exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rc = load_extop2( (struct berval *)&slap_EXOP_SESSION_ROLES,
+			SLAP_EXOP_WRITES|SLAP_EXOP_HIDE, rbac_session_roles, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_initialize: "
+				"unable to register rbac_session_roles exop: %d\n",
+				rc );
+		return rc;
+	}
+
+	rbac.on_bi.bi_type = "rbac";
+	rbac.on_bi.bi_db_init = rbac_db_init;
+	rbac.on_bi.bi_db_open = rbac_db_open;
+	rbac.on_bi.bi_db_close = rbac_db_close;
+
+	rbac.on_bi.bi_op_add = rbac_add;
+	rbac.on_bi.bi_op_bind = rbac_bind;
+	rbac.on_bi.bi_op_compare = rbac_compare;
+	rbac.on_bi.bi_op_delete = rbac_delete;
+	rbac.on_bi.bi_op_modify = rbac_modify;
+	rbac.on_bi.bi_op_search = rbac_search;
+	rbac.on_bi.bi_extended = rbac_extended;
+	rbac.on_bi.bi_cf_ocs = rbac_ocs;
+
+	/*	rbac.on_bi.bi_connection_destroy = rbac_connection_destroy; */
+
+	rc = config_register_schema( rbaccfg, rbac_ocs );
+	if ( rc ) return rc;
+
+	rc = rbac_initialize_repository();
+	if ( rc != LDAP_SUCCESS ) {
+		return rc;
+	}
+
+	return overlay_register( &rbac );
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return rbac_initialize();
+}
diff --git a/contrib/slapd-modules/rbac/rbac.h b/contrib/slapd-modules/rbac/rbac.h
new file mode 100644
index 0000000..4461236
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbac.h
@@ -0,0 +1,402 @@
+/* rbac.h -  */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1999-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ *
+ */
+
+#ifndef RBAC_H
+#define RBAC_H
+
+LDAP_BEGIN_DECL
+
+#include "ldap_rbac.h"
+
+#define USE_NEW_THREAD_CONTEXT 1
+#define RBAC_BUFLEN 1024
+
+/* tenant initialization op */
+#define INIT_AUDIT_CONTAINER 0x01
+#define INIT_SESSION_CONTAINER 0x02
+
+typedef struct rbac_ad {
+	int type;
+	struct berval attr;
+	AttributeDescription **ad;
+} rbac_ad_t;
+
+/* RBAC AttributeDescriptions */
+struct slap_rbac_internal_schema {
+	/* slapd schema */
+	AttributeDescription *ad_uid;
+
+	/* RBAC tenant */
+	AttributeDescription *ad_tenant_id;
+
+	/* RBAC sessions */
+	AttributeDescription *ad_session_id;
+	AttributeDescription *ad_session_user_dn;
+	AttributeDescription *ad_session_roles;
+	AttributeDescription *ad_session_role_constraints;
+
+	/* RBAC session permissions */
+	AttributeDescription *ad_permission_opname;
+	AttributeDescription *ad_permission_objname;
+	AttributeDescription *ad_permission_rolename;
+
+	/* RBAC audit */
+	AttributeDescription *ad_audit_op; /* rbac op: create_session */
+	AttributeDescription *ad_audit_id;
+	AttributeDescription *ad_audit_roles;
+	AttributeDescription *ad_audit_requested_roles;
+	AttributeDescription *ad_audit_timestamp;
+	AttributeDescription *ad_audit_resources;
+	AttributeDescription *ad_audit_objects;
+	AttributeDescription *ad_audit_operations; /* resource ops */
+	AttributeDescription *ad_audit_result;
+	AttributeDescription *ad_audit_properties;
+	AttributeDescription *ad_audit_messages;
+
+	/* RBAC session attributes */
+	AttributeName *session_attrs;
+};
+
+extern struct slap_rbac_internal_schema slap_rbac_schema;
+
+/* attributes in tenant repository */
+struct slap_rbac_tenant_schema {
+	/* user role assignments, role constraints, and user constraint */
+	AttributeDescription *ad_role;
+	AttributeDescription *ad_role_constraint;
+	AttributeDescription *ad_user_constraint;
+	AttributeDescription *ad_uid;
+
+	/* session permission */
+	AttributeDescription *ad_permission_users;
+	AttributeDescription *ad_permission_roles;
+	AttributeDescription *ad_permission_objname;
+	AttributeDescription *ad_permission_opname;
+
+	/* the list of attributes when doing searches in the jts repo */
+	AttributeName *user_attrs;
+	AttributeName *perm_attrs; /* attrs to retrieve for check access */
+	AttributeName *session_perm_attrs; /* attrs for session permissions */
+
+	/* the corresponding list of attribute description mapping */
+	rbac_ad_t *user_ads;
+	rbac_ad_t *permission_ads;
+	rbac_ad_t *session_permissions_ads;
+};
+
+extern struct slap_rbac_tenant_schema slap_rbac_jts_schema;
+
+/* types of RBAC requests */
+typedef struct rbac_request {
+	int req_type;
+	struct berval sessid;
+	struct berval tenantid;
+
+	/* session creation */
+	struct berval uid;
+	struct berval authtok;
+	BerVarray roles;
+	struct berval role;
+
+	/* check access */
+	struct berval opname;
+	struct berval objname;
+	struct berval objid;
+} rbac_req_t;
+
+typedef struct rbac_constraint {
+	struct berval name; /* user name or role name */
+	int allowed_inactivity; /* secs */
+	int begin_time; /* secs */
+	int end_time; /* secs */
+	lutil_timet begin_date;
+	lutil_timet end_date;
+	lutil_timet begin_lock_date;
+	lutil_timet end_lock_date;
+	int day_mask;
+	struct rbac_constraint *next;
+} rbac_constraint_t;
+
+/* holds RBAC info */
+typedef struct tenant_info {
+	struct berval tid; /* tenant id */
+	struct berval admin;
+	struct berval pwd;
+	struct berval users_basedn;
+	struct berval roles_basedn;
+	struct berval audit_basedn;
+	struct berval permissions_basedn;
+	struct berval sessions_basedn;
+	struct berval session_admin;
+	struct berval session_admin_pwd;
+	struct slap_rbac_tenant_schema *schema;
+} tenant_info_t;
+
+typedef struct rbac_tenant {
+	tenant_info_t tenant_info;
+	struct rbac_tenant *next;
+} rbac_tenant_t;
+
+/* for RBAC callback */
+typedef struct rbac_callback_info {
+	tenant_info_t *tenantp;
+	void *private;
+} rbac_callback_info_t;
+
+/* RBAC user */
+typedef struct rbac_user {
+	struct berval tenantid;
+	struct berval uid;
+	struct berval dn;
+	struct berval constraints;
+	struct berval password;
+	struct berval msg;
+	int authz; /* flag for bind (pwd policy) info */
+	BerVarray roles;
+	BerVarray role_constraints;
+#if 0 /* additional parameters from Fortress */
+	private String userId;
+	@XmlElement(nillable = true)
+		private char[] password;
+	@XmlElement(nillable = true)
+		private char[] newPassword;
+	private String internalId;
+	@XmlElement(nillable = true)
+		private List<UserRole> roles;
+	@XmlElement(nillable = true)
+		private List<UserAdminRole> adminRoles;
+	private String pwPolicy;
+	private String cn;
+	private String sn;
+	private String dn;
+	private String ou;
+	private String description;
+	private String beginTime;
+	private String endTime;
+	private String beginDate;
+	private String endDate;
+	private String beginLockDate;
+	private String endLockDate;
+	private String dayMask;
+	private String name;
+	private int timeout;
+	private boolean reset;
+	private boolean locked;
+	private Boolean system;
+	@XmlElement(nillable = true)
+		private Props props = new Props();
+	@XmlElement(nillable = true)
+		private Address address;
+	@XmlElement(nillable = true)
+		private List<String> phones;
+	@XmlElement(nillable = true)
+		private List<String> mobiles;
+	@XmlElement(nillable = true)
+		private List<String> emails;
+#endif /* 0 */
+} rbac_user_t;
+
+enum {
+	RBAC_NONE = 0,
+	RBAC_TENANT,
+	RBAC_TENANT_ID,
+	RBAC_USERS_BASE_DN,
+	RBAC_ROLES_BASE_DN,
+	RBAC_PERMISSIONS_BASE_DN,
+	RBAC_ADMIN_DN,
+	RBAC_ADMIN_PWD,
+	RBAC_SESSIONS_BASE_DN,
+	RBAC_SESSION_ADMIN_DN,
+	RBAC_SESSION_ADMIN_PWD,
+	RBAC_ROLE_ASSIGNMENT,
+	RBAC_ROLE_CONSTRAINTS,
+	RBAC_USER_CONSTRAINTS,
+	RBAC_UID,
+	RBAC_USERS,
+	RBAC_ROLES,
+	RBAC_OBJ_NAME,
+	RBAC_OP_NAME,
+	RBAC_ROLE_NAME,
+	RBAC_SESSION_ID,
+	RBAC_USER_DN,
+	RBAC_AUDIT_ROLES,
+	RBAC_AUDIT_RESOURCES,
+	RBAC_AUDIT_RESULT,
+	RBAC_AUDIT_TIMESTAMP,
+	RBAC_AUDIT_PROPERTIES,
+	RBAC_AUDIT_OP,
+	RBAC_AUDIT_ID,
+	RBAC_AUDIT_REQUESTED_ROLES,
+	RBAC_AUDIT_OBJS,
+	RBAC_AUDIT_OPS,
+	RBAC_AUDIT_MSGS,
+	RBAC_LAST
+};
+
+enum {
+	RBAC_DEFAULT_TENANT_ID = RBAC_LAST,
+	RBAC_DEFAULT_USERS_BASE_DN,
+	RBAC_DEFAULT_PERMISSIONS_BASE_DN,
+	RBAC_DEFAULT_ROLES_BASE_DN,
+	RBAC_DEFAULT_SESSIONS_BASE_DN,
+	RBAC_DEFAULT_AUDIT_BASE_DN
+};
+
+typedef struct rbac_user_idlist {
+	char *user_id;
+	struct rbac_user_idlist *next;
+} rbac_user_idlist_t;
+
+/* RBAC sessions */
+#define RBAC_SESSION_RDN_EQ "rbacSessid="
+#define RBAC_AUDIT_RDN_EQ "rbacAuditId="
+
+typedef struct rbac_session {
+	rbac_user_t *user;
+	struct berval tenantid;
+	struct berval sessid;
+	struct berval uid;
+	struct berval userdn;
+	char uuidbuf[ LDAP_LUTIL_UUIDSTR_BUFSIZE ];
+	struct berval sessdn;
+	long last_access;
+	int timeout;
+	int warning_id;
+	int error_id;
+	int grace_logins;
+	int expiration_secs;
+	int is_authenticated; /* boolean */
+	struct berval message;
+	BerVarray roles;
+	BerVarray role_constraints;
+} rbac_session_t;
+
+/* RBAC roles */
+typedef struct rbac_role {
+	char *name;
+	char *description;
+	struct rbac_role *parent;
+	struct rbac_role *next;
+} rbac_role_t;
+
+typedef struct rbac_role_list {
+	char *name;
+	struct rbac_role_list *next;
+} rbac_role_list_t;
+
+/* RBAC permissions */
+typedef struct rbac_permission {
+	struct berval dn;
+	int admin; /* boolean */
+	struct berval internalId;
+	BerVarray opName;
+	BerVarray objName;
+	struct berval objectId;
+	struct berval abstractName;
+	struct berval type;
+	BerVarray roles;
+	BerVarray uids;
+	struct rbac_permission *next;
+} rbac_permission_t;
+
+/* RBAC Audit */
+typedef enum {
+	CreateSession = 0,
+	CheckAccess,
+	AddActiveRole,
+	DropActiveRole,
+	SessionPermissions,
+	DeleteSession,
+	SessionRoles
+} audit_op_t;
+
+/* function prototypes */
+
+int rbac_initialize_repository( void );
+int rbac_initialize_tenants( BackendDB *be, ConfigReply *cr );
+
+/* RBAC tenant information */
+tenant_info_t *rbac_tid2tenant( struct berval *tid );
+
+rbac_req_t *rbac_alloc_req( int type );
+void rbac_free_req( rbac_req_t *reqp );
+
+rbac_user_t *rbac_read_user( Operation *op, rbac_req_t *rabc_reqp );
+int rbac_authenticate_user( Operation *op, rbac_user_t *user );
+int rbac_user_temporal_constraint( rbac_user_t *userp );
+void rbac_free_user( rbac_user_t *user );
+
+rbac_session_t *rbac_alloc_session( void );
+int rbac_is_valid_session_id( struct berval *sessid );
+rbac_session_t *rbac_session_byid( Operation *op, rbac_req_t *reqp );
+int rbac_is_session_owner( rbac_session_t *sessp, rbac_req_t *reqp );
+int rbac_register_session( Operation *op, SlapReply *rs, rbac_session_t *sess );
+int rbac_int_delete_session( Operation *op, rbac_session_t *sessp );
+int rbac_session_add_role(
+	Operation *op,
+	rbac_session_t *sessp,
+	rbac_req_t *reqp );
+int rbac_session_drop_role(
+	Operation *op,
+	rbac_session_t *sessp,
+	rbac_req_t *reqp );
+int rbac_int_session_permissions(
+	Operation *op,
+	SlapReply *rs,
+	rbac_req_t *reqp,
+	rbac_session_t *sessp );
+int activate_session_roles(
+	rbac_session_t *sessp,
+	rbac_req_t *reqp,
+	rbac_user_t *userp );
+void rbac_free_session( rbac_session_t *sessp );
+
+rbac_constraint_t *rbac_user_role_constraints( BerVarray values );
+rbac_constraint_t *rbac_role2constraint(
+	struct berval *role,
+	rbac_constraint_t *role_constraints );
+rbac_constraint_t *rbac_bv2constraint( struct berval *bv );
+int rbac_check_time_constraint( rbac_constraint_t *cp );
+void rbac_free_constraint( rbac_constraint_t *cp );
+void rbac_free_constraints( rbac_constraint_t *constraints );
+
+rbac_permission_t *rbac_read_permission( Operation *op, rbac_req_t *rbac_reqp );
+int rbac_check_session_permission(
+	rbac_session_t *sessp,
+	rbac_permission_t *permp,
+	rbac_constraint_t *role_constraints );
+void rbac_free_permission( rbac_permission_t *permp );
+
+/* audit functions */
+void rbac_audit(
+	Operation *op,
+	audit_op_t rbac_op,
+	rbac_session_t *sessp,
+	rbac_req_t *reqp,
+	int result,
+	char *msg );
+
+/* acl functions */
+int rbac_create_session_acl_check( struct berval *sessid, rbac_user_t *userp );
+
+void rbac_to_lower( struct berval *bv );
+
+LDAP_END_DECL
+
+#endif /* RBAC_H */
diff --git a/contrib/slapd-modules/rbac/rbacacl.c b/contrib/slapd-modules/rbac/rbacacl.c
new file mode 100644
index 0000000..269dcf5
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacacl.c
@@ -0,0 +1,37 @@
+/* rbacacl.c - RBAC ACL */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+int
+rbac_create_session_acl_check( struct berval *sessid, rbac_user_t *userp )
+{
+	int rc = LDAP_SUCCESS;
+
+	return rc;
+}
diff --git a/contrib/slapd-modules/rbac/rbacaudit.c b/contrib/slapd-modules/rbac/rbacaudit.c
new file mode 100644
index 0000000..ef04ece
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacaudit.c
@@ -0,0 +1,233 @@
+/* rbacaudit.c - RBAC Audit */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+static struct rbac_audit_op {
+	audit_op_t op;
+	struct berval op_bv;
+} rbac_audit_ops[] = {
+	{ CreateSession, BER_BVC("CreateSession") },
+	{ CheckAccess, BER_BVC("CheckAccess") },
+	{ AddActiveRole, BER_BVC("AddActiveRole") },
+	{ DropActiveRole, BER_BVC("DropActiveRole") },
+	{ SessionPermissions, BER_BVC("SessionPermissions") },
+	{ DeleteSession, BER_BVC("DeleteSession") },
+	{ SessionRoles, BER_BVC("SessionRoles") },
+
+	{ -1, BER_BVNULL }
+};
+
+static int
+rbac_audit_fake_cb( Operation *op, SlapReply *rs )
+{
+	Debug( LDAP_DEBUG_ANY, "rbac_audit_fake_cb\n" );
+
+	return 0;
+}
+
+void
+rbac_audit(
+		Operation *op,
+		audit_op_t rbac_op,
+		rbac_session_t *sessp,
+		rbac_req_t *reqp,
+		int result,
+		char *msg )
+{
+	int op_idx, rc = LDAP_SUCCESS;
+	int found = 0;
+	struct berval timestamp;
+	tenant_info_t *tenantp = rbac_tid2tenant( &sessp->tenantid );
+	slap_callback cb = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Entry *e = NULL;
+	struct berval auditObjectClass = BER_BVC("rbacAudit");
+	struct berval auditResultSuccess = BER_BVC("success");
+	struct berval auditResultFailed = BER_BVC("failed");
+	struct berval bv, rdn, nrdn;
+	char rdnbuf[RBAC_BUFLEN];
+	time_t now;
+	char nowstr[LDAP_LUTIL_GENTIME_BUFSIZE];
+
+	for ( op_idx = 0; rbac_audit_ops[op_idx].op != -1; op_idx++ ) {
+		if ( rbac_op == rbac_audit_ops[op_idx].op ) {
+			/* legit audit op */
+			found = 1;
+			break;
+		}
+	}
+
+	if ( !found ) goto done;
+
+	e = entry_alloc();
+
+	/* audit timestamp */
+	now = slap_get_time(); /* stored for later consideration */
+	timestamp.bv_val = nowstr;
+	timestamp.bv_len = sizeof(nowstr);
+	slap_timestamp( &now, &timestamp );
+
+	/* construct audit record DN; FIXME: random() call  */
+	sprintf( rdnbuf, "%s%d", RBAC_AUDIT_RDN_EQ, (int)op->o_tid );
+	strcat( rdnbuf, "-" );
+	strncat( rdnbuf, timestamp.bv_val, timestamp.bv_len );
+	bv.bv_val = &rdnbuf[0];
+	bv.bv_len = strlen( &rdnbuf[0] );
+
+	rc = dnPrettyNormal( NULL, &bv, &rdn, &nrdn, NULL );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_audit: "
+				"unable to normalize audit rDN (rc=%d)\n", rc );
+		goto done;
+	}
+
+	/* FIXME: audit_basedn should have been normalized */
+	build_new_dn( &e->e_name, &tenantp->audit_basedn, &rdn, NULL );
+	build_new_dn( &e->e_nname, &tenantp->audit_basedn, &nrdn, NULL );
+
+	ch_free( rdn.bv_val );
+	ch_free( nrdn.bv_val );
+
+	/* add timestamp */
+	attr_merge_one( e, slap_rbac_schema.ad_audit_timestamp, &timestamp, NULL );
+
+	/* add rbac audit objectClass */
+
+	attr_merge_one( e, slap_schema.si_ad_objectClass, &auditObjectClass, NULL );
+	attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+			&auditObjectClass, NULL );
+
+	/* audit op */
+	attr_merge_one( e, slap_rbac_schema.ad_audit_op,
+			&rbac_audit_ops[op_idx].op_bv, NULL );
+
+	/* userid */
+	if ( sessp && !BER_BVISNULL( &sessp->uid ) ) {
+		attr_merge_one( e, slap_schema.si_ad_uid, &sessp->uid, NULL );
+	}
+
+	/* session id */
+
+	if ( sessp && !BER_BVISNULL( &sessp->sessid ) ) {
+		AttributeDescription *ad = NULL;
+		const char *text = NULL;
+		struct berval sessid = BER_BVC("rbacSessid");
+
+		rc = slap_bv2ad( &sessid, &ad, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+		attr_merge_one( e, ad, &sessp->sessid, NULL );
+	}
+
+	/* audit result */
+	attr_merge_one( e, slap_rbac_schema.ad_audit_result,
+			result == LDAP_SUCCESS ? &auditResultSuccess : &auditResultFailed,
+			NULL );
+
+	switch ( rbac_op ) {
+		case CreateSession:
+			/* audit roles */
+			if ( sessp && sessp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_roles, sessp->roles,
+						NULL );
+			}
+			if ( reqp && reqp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_requested_roles,
+						reqp->roles, NULL );
+			}
+			break;
+
+		case CheckAccess:
+			if ( sessp && sessp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_roles, sessp->roles,
+						NULL );
+			}
+			if ( reqp && !BER_BVISEMPTY( &reqp->opname ) ) {
+				attr_merge_one( e, slap_rbac_schema.ad_audit_operations,
+						&reqp->opname, NULL );
+			}
+			if ( reqp && !BER_BVISEMPTY( &reqp->objname ) ) {
+				attr_merge_one( e, slap_rbac_schema.ad_audit_objects,
+						&reqp->objname, NULL );
+			}
+			break;
+
+		case AddActiveRole:
+			if ( reqp && reqp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_requested_roles,
+						reqp->roles, NULL );
+			}
+			break;
+
+		case DropActiveRole:
+			/* audit roles */
+			if ( reqp && reqp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_requested_roles,
+						reqp->roles, NULL );
+			}
+			break;
+
+		case SessionPermissions:
+			if ( sessp && sessp->roles ) {
+				attr_merge( e, slap_rbac_schema.ad_audit_roles, sessp->roles,
+						NULL );
+			}
+			break;
+
+		case DeleteSession:
+		case SessionRoles:
+		default:
+			break;
+	}
+
+	/* record the audit record */
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_audit_fake_cb;
+	op2.o_callback = &cb;
+
+	op2.o_tag = LDAP_REQ_ADD;
+	op2.o_protocol = LDAP_VERSION3;
+	op2.o_req_dn = e->e_name;
+	op2.o_req_ndn = e->e_nname;
+	op2.ora_e = e;
+	op2.o_bd = select_backend( &op2.o_req_ndn, 0 );
+	op2.o_dn = op2.o_bd->be_rootdn;
+	op2.o_ndn = op2.o_bd->be_rootndn;
+
+	op2.ors_limit = NULL;
+	rc = op2.o_bd->be_add( &op2, &rs2 );
+
+done:
+	if ( e ) entry_free( e );
+
+	return;
+}
diff --git a/contrib/slapd-modules/rbac/rbacperm.c b/contrib/slapd-modules/rbac/rbacperm.c
new file mode 100644
index 0000000..e1f6d79
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacperm.c
@@ -0,0 +1,233 @@
+/* rbacperm.c - RBAC permission */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+static int
+rbac_read_permission_cb( Operation *op, SlapReply *rs )
+{
+	rbac_callback_info_t *cbp = op->o_callback->sc_private;
+	rbac_ad_t *permission_ads;
+	rbac_permission_t *permp;
+	int i;
+
+	if ( rs->sr_type != REP_SEARCH ) return 0;
+
+	assert( cbp );
+
+	permp = ch_calloc( 1, sizeof(rbac_permission_t) );
+	permission_ads = cbp->tenantp->schema->permission_ads;
+
+	ber_dupbv( &permp->dn, &rs->sr_entry->e_name );
+	for ( i = 0; !BER_BVISNULL( &permission_ads[i].attr ); i++ ) {
+		Attribute *attr = NULL;
+		attr = attr_find( rs->sr_entry->e_attrs, *permission_ads[i].ad );
+		if ( attr != NULL ) {
+			switch ( permission_ads[i].type ) {
+				case RBAC_USERS:
+					ber_bvarray_dup_x( &permp->uids, attr->a_nvals, NULL );
+					break;
+				case RBAC_ROLES:
+					ber_bvarray_dup_x( &permp->roles, attr->a_nvals, NULL );
+					break;
+				default:
+					break;
+			}
+		}
+	}
+
+	cbp->private = (void *)permp;
+
+	return 0;
+}
+
+/*
+ * check whether roles assigned to a user allows access to roles in
+ * a permission, subject to role constraints
+ */
+int
+rbac_check_session_permission(
+		rbac_session_t *sessp,
+		rbac_permission_t *permp,
+		rbac_constraint_t *role_constraints )
+{
+	int rc = LDAP_INSUFFICIENT_ACCESS;
+	rbac_constraint_t *cp = NULL;
+	int i, j;
+
+	if ( !sessp->roles || !permp->roles ) goto done;
+
+	for ( i = 0; !BER_BVISNULL( &sessp->roles[i] ); i++ ) {
+		for ( j = 0; !BER_BVISNULL( &permp->roles[j] ); j++ ) {
+			if ( ber_bvstrcasecmp( &sessp->roles[i], &permp->roles[j] ) == 0 ) {
+				/* role temporal constraint */
+				cp = rbac_role2constraint( &permp->roles[j], role_constraints );
+				if ( !cp || rbac_check_time_constraint( cp ) == LDAP_SUCCESS ) {
+					rc = LDAP_SUCCESS;
+					goto done;
+				}
+			}
+		}
+	}
+done:;
+	return rc;
+}
+
+rbac_permission_t *
+rbac_read_permission( Operation *op, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_callback_info_t rbac_cb;
+	int rc = LDAP_SUCCESS;
+	char fbuf[1024];
+	struct berval filter = { sizeof(fbuf), fbuf };
+	char permbuf[1024];
+	struct berval permdn = { sizeof(permbuf), permbuf };
+	struct berval permndn = BER_BVNULL;
+	char pcls[] = "(objectClass=ftOperation)";
+	SlapReply rs2 = { REP_RESULT };
+	slap_callback cb = { 0 };
+	tenant_info_t *tenantp = rbac_tid2tenant( &reqp->tenantid );
+
+#if 0 /* check valid object name and op name */
+	if ( !is_valid_opname( &reqp->opname ) ||
+			!is_valid_objname( &reqp->objname ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_permission: "
+				"invalid opname (%s) or objname (%s)\n",
+				reqp->opname.bv_val, reqp->objname.bv_val );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+#endif
+
+	if ( !tenantp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_permission: "
+				"missing tenant information\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	if ( reqp->objid.bv_val != NULL ) {
+		permdn.bv_len = snprintf( permdn.bv_val, permdn.bv_len,
+				"ftObjId=%s+ftOpNm=%s,ftObjNm=%s,%s", reqp->objid.bv_val,
+				reqp->opname.bv_val, reqp->objname.bv_val,
+				tenantp->permissions_basedn.bv_val );
+	} else {
+		permdn.bv_len = snprintf( permdn.bv_val, permdn.bv_len,
+				"ftOpNm=%s,ftObjNm=%s,%s", reqp->opname.bv_val,
+				reqp->objname.bv_val, tenantp->permissions_basedn.bv_val );
+	}
+
+	rc = dnNormalize( 0, NULL, NULL, &permdn, &permndn, NULL );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_permission: "
+				"unable to normalize permission DN\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	filter.bv_val = pcls;
+	filter.bv_len = strlen( pcls );
+	rbac_cb.tenantp = tenantp;
+	rbac_cb.private = NULL;
+
+	Operation op2 = *op;
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_read_permission_cb;
+	op2.o_callback = &cb;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_dn = tenantp->admin;
+	op2.o_ndn = tenantp->admin;
+	op2.o_req_dn = permdn;
+	op2.o_req_ndn = permndn;
+	op2.ors_filterstr = filter;
+	op2.ors_filter = str2filter_x( &op2, filter.bv_val );
+	op2.ors_scope = LDAP_SCOPE_BASE;
+	op2.ors_attrs = tenantp->schema->perm_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
+	op2.ors_attrsonly = 0;
+	op2.ors_limit = NULL;
+	op2.o_bd = frontendDB;
+	rc = op2.o_bd->be_search( &op2, &rs2 );
+	filter_free_x( &op2, op2.ors_filter, 1 );
+
+done:;
+	ch_free( permndn.bv_val );
+
+	if ( rc != LDAP_SUCCESS ) {
+		rbac_free_permission((rbac_permission_t *)rbac_cb.private);
+	}
+
+	return (rbac_permission_t *)rbac_cb.private;
+}
+
+void
+rbac_free_permission( rbac_permission_t *permp )
+{
+	if ( !permp ) return;
+
+	if ( !BER_BVISNULL( &permp->dn ) ) {
+		ber_memfree( permp->dn.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &permp->internalId ) ) {
+		ber_memfree( permp->internalId.bv_val );
+	}
+
+	if ( permp->opName ) {
+		ber_bvarray_free( permp->opName );
+	}
+
+	if ( permp->objName ) {
+		ber_bvarray_free( permp->objName );
+	}
+
+	if ( !BER_BVISNULL( &permp->objectId ) ) {
+		ber_memfree( permp->objectId.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &permp->abstractName ) ) {
+		ber_memfree( permp->abstractName.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &permp->type ) ) {
+		ber_memfree( permp->type.bv_val );
+	}
+
+	if ( permp->roles ) {
+		ber_bvarray_free( permp->roles );
+	}
+
+	if ( permp->uids ) {
+		ber_bvarray_free( permp->uids );
+	}
+	ch_free( permp );
+
+	return;
+}
diff --git a/contrib/slapd-modules/rbac/rbacreq.c b/contrib/slapd-modules/rbac/rbacreq.c
new file mode 100644
index 0000000..9942a00
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacreq.c
@@ -0,0 +1,89 @@
+/* rbacreq.c - RBAC requests */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+rbac_req_t *
+rbac_alloc_req( int type )
+{
+	rbac_req_t *reqp = NULL;
+
+	reqp = ch_calloc( 1, sizeof(rbac_req_t) );
+
+	reqp->req_type = type;
+	BER_BVZERO( &reqp->sessid );
+	BER_BVZERO( &reqp->tenantid );
+	/* session creation */
+	BER_BVZERO( &reqp->uid );
+	BER_BVZERO( &reqp->authtok );
+	reqp->roles = NULL;
+	/* check access  */
+	BER_BVZERO( &reqp->opname );
+	BER_BVZERO( &reqp->objname );
+	BER_BVZERO( &reqp->objid );
+	/* add/drop role */
+	BER_BVZERO( &reqp->role );
+
+	return reqp;
+}
+
+void
+rbac_free_req( rbac_req_t *reqp )
+{
+	if ( !reqp ) return;
+
+	if ( !BER_BVISNULL( &reqp->sessid ) )
+		ber_memfree( reqp->sessid.bv_val );
+
+	if ( !BER_BVISNULL( &reqp->tenantid ) )
+		ber_memfree( reqp->tenantid.bv_val );
+
+	/* session creation */
+	if ( !BER_BVISNULL( &reqp->uid ) )
+		ber_memfree( reqp->uid.bv_val );
+
+	if ( !BER_BVISNULL( &reqp->authtok ) )
+		ber_memfree( reqp->authtok.bv_val );
+
+	if ( reqp->roles )
+		ber_bvarray_free( reqp->roles );
+
+	/* check access  */
+	if ( !BER_BVISNULL( &reqp->opname ) )
+		ber_memfree( reqp->opname.bv_val );
+
+	if ( !BER_BVISNULL( &reqp->objname ) )
+		ber_memfree( reqp->objname.bv_val );
+
+	if ( !BER_BVISNULL( &reqp->objid ) )
+		ber_memfree( reqp->objid.bv_val );
+
+	ch_free( reqp );
+
+	return;
+}
diff --git a/contrib/slapd-modules/rbac/rbacsess.c b/contrib/slapd-modules/rbac/rbacsess.c
new file mode 100644
index 0000000..d18e312
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacsess.c
@@ -0,0 +1,999 @@
+/* rbacsess.c - RBAC session */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+static slap_callback nullsc = { NULL, NULL, NULL, NULL };
+
+extern rbac_ad_t rbac_session_permission_ads[];
+extern rbac_ad_t rbac_session_ads[];
+
+struct berval slapo_session_oc = BER_BVC("rbacSession");
+
+typedef struct session_perm_req {
+	Operation *op;
+	SlapReply *rs;
+	struct berval *sessid;
+	struct berval permdn;
+	tenant_info_t *tenantp;
+} session_perm_req_t;
+
+static int
+rbac_sess_fake_cb( Operation *op, SlapReply *rs )
+{
+	Debug( LDAP_DEBUG_ANY, "rbac_sess_fake_cb\n" );
+
+	return 0;
+}
+
+static int
+rbac_send_session_permission(
+		session_perm_req_t *sess_perm_reqp,
+		rbac_permission_t *perm )
+{
+	int i, rc = LDAP_SUCCESS;
+	Operation *op = sess_perm_reqp->op;
+	SlapReply *rs = sess_perm_reqp->rs;
+	struct berval *sessidp = sess_perm_reqp->sessid;
+	struct berval *permdnp = &sess_perm_reqp->permdn;
+
+	Entry *e = entry_alloc();
+	e->e_attrs = NULL;
+	ber_dupbv( &e->e_name, permdnp );
+	ber_dupbv( &e->e_nname, permdnp );
+	e->e_private = NULL;
+	attr_merge_one( e, slap_rbac_schema.ad_session_id, sessidp, NULL );
+
+	for ( i = 0; !BER_BVISNULL( &rbac_session_permission_ads[i].attr ); i++ ) {
+		switch ( rbac_session_permission_ads[i].type ) {
+			case RBAC_OP_NAME:
+				attr_merge_one( e, *rbac_session_permission_ads[i].ad,
+						&perm->opName[0], NULL );
+				break;
+			case RBAC_OBJ_NAME:
+				attr_merge_one( e, *rbac_session_permission_ads[i].ad,
+						&perm->objName[0], NULL );
+				break;
+			case RBAC_ROLE_NAME:
+				attr_merge( e, *rbac_session_permission_ads[i].ad, perm->roles,
+						NULL );
+				break;
+			default:
+				break;
+		}
+	}
+
+	rs->sr_entry = e;
+	rs->sr_flags = REP_ENTRY_MUSTRELEASE;
+	rc = send_search_entry( op, rs );
+
+	return rc;
+}
+
+static int
+rbac_session_permissions_cb( Operation *op, SlapReply *rs )
+{
+	session_perm_req_t *sess_perm_reqp = op->o_callback->sc_private;
+	tenant_info_t *tenantp = NULL;
+	rbac_permission_t *permp = NULL;
+	rbac_ad_t *session_permissions_ads;
+	int i;
+
+	if ( rs->sr_type != REP_SEARCH ) return 0;
+
+	assert( sess_perm_reqp );
+
+	tenantp = sess_perm_reqp->tenantp;
+	session_permissions_ads = tenantp->schema->session_permissions_ads;
+
+	permp = ch_calloc( 1, sizeof(rbac_permission_t) );
+
+	for ( i = 0; !BER_BVISNULL( &session_permissions_ads[i].attr ); i++ ) {
+		Attribute *attr = NULL;
+
+		attr = attr_find(
+				rs->sr_entry->e_attrs, *session_permissions_ads[i].ad );
+		if ( attr != NULL ) {
+			switch ( session_permissions_ads[i].type ) {
+				case RBAC_USERS:
+					ber_bvarray_dup_x( &permp->uids, attr->a_nvals, NULL );
+					break;
+				case RBAC_ROLES:
+					ber_bvarray_dup_x( &permp->roles, attr->a_nvals, NULL );
+					break;
+				case RBAC_OBJ_NAME:
+					ber_bvarray_dup_x( &permp->objName, attr->a_nvals, NULL );
+					break;
+				case RBAC_OP_NAME:
+					ber_bvarray_dup_x( &permp->opName, attr->a_nvals, NULL );
+					break;
+			}
+		}
+	}
+
+	rbac_send_session_permission( sess_perm_reqp, permp );
+	rbac_free_permission( permp );
+	permp = NULL;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rbac_read_session_cb( Operation *op, SlapReply *rs )
+{
+	rbac_session_t *sessp = op->o_callback->sc_private;
+	int i;
+
+	if ( rs->sr_type != REP_SEARCH ) return 0;
+
+	ber_dupbv( &sessp->sessdn, &rs->sr_entry->e_name );
+
+	for ( i = 0; !BER_BVISNULL( &rbac_session_ads[i].attr ); i++ ) {
+		Attribute *attr = NULL;
+		attr = attr_find( rs->sr_entry->e_attrs, *rbac_session_ads[i].ad );
+		if ( attr != NULL ) {
+			switch ( rbac_session_ads[i].type ) {
+				case RBAC_SESSION_ID:
+					ber_dupbv( &sessp->sessid, &attr->a_vals[0] );
+					break;
+				case RBAC_USER_DN:
+					ber_dupbv( &sessp->userdn, &attr->a_vals[0] );
+					break;
+				case RBAC_ROLES:
+					ber_bvarray_dup_x( &sessp->roles, attr->a_nvals, NULL );
+					break;
+				case RBAC_ROLE_CONSTRAINTS:
+					ber_bvarray_dup_x(
+							&sessp->role_constraints, attr->a_nvals, NULL );
+					break;
+				case RBAC_UID:
+					ber_dupbv( &sessp->uid, &attr->a_vals[0] );
+					break;
+				case RBAC_TENANT_ID:
+					ber_dupbv( &sessp->tenantid, &attr->a_vals[0] );
+					break;
+				default:
+					break;
+			}
+		}
+	}
+
+	//return SLAP_CB_CONTINUE;
+	return 0;
+}
+
+/* check whether the session is owned by the user */
+int
+rbac_is_session_owner( rbac_session_t *sessp, rbac_req_t *reqp )
+{
+	int rc = 0;
+
+	if ( BER_BVISEMPTY( &sessp->uid ) || BER_BVISEMPTY( &reqp->uid ) ) {
+		Debug( LDAP_DEBUG_ANY, "session not owned by user\n" );
+		rc = 0;
+		goto done;
+	}
+
+	if ( !ber_bvstrcasecmp( &sessp->uid, &reqp->uid ) ) {
+		rc = 1;
+		goto done;
+	}
+
+done:;
+	return rc;
+}
+
+int
+rbac_session_add_role( Operation *op, rbac_session_t *sessp, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	slap_callback cb = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	tenant_info_t *tenantp = NULL;
+	struct berval vals[2];
+	Modifications mod;
+	int rc = LDAP_SUCCESS;
+
+	tenantp = rbac_tid2tenant( &reqp->tenantid );
+	if ( !tenantp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_add_role: "
+				"no tenant info with the req\n" );
+		goto done;
+	}
+
+	// convert the role name to lower case:
+	rbac_to_lower( &reqp->role );
+
+	//ber_dupbv( &vals[0], &reqp->roles[0]);
+	ber_dupbv( &vals[0], &reqp->role );
+	BER_BVZERO( &vals[1] );
+
+	/* create mod list */
+	mod.sml_op = LDAP_MOD_ADD;
+	mod.sml_flags = 0;
+	mod.sml_type = slap_rbac_schema.ad_session_roles->ad_cname;
+	mod.sml_desc = slap_rbac_schema.ad_session_roles;
+	mod.sml_numvals = 1;
+	mod.sml_values = vals;
+	mod.sml_nvalues = NULL;
+	mod.sml_next = NULL;
+
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_sess_fake_cb;
+	op2.o_callback = &cb;
+
+	op2.o_tag = LDAP_REQ_MODIFY;
+	op2.orm_modlist = &mod;
+	op2.o_req_dn = sessp->sessdn;
+	op2.o_req_ndn = sessp->sessdn;
+	op2.o_bd = select_backend( &op2.o_req_ndn, 0 );
+	op2.o_dn = op2.o_bd->be_rootdn;
+	op2.o_ndn = op2.o_bd->be_rootdn;
+	op2.ors_limit = NULL;
+	rc = op2.o_bd->be_modify( &op2, &rs2 );
+	ch_free( vals[0].bv_val );
+
+done:;
+	if ( rc == LDAP_TYPE_OR_VALUE_EXISTS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_add_active_role: "
+				"role already activated in session\n" );
+	}
+	return rc;
+}
+
+int
+rbac_session_drop_role( Operation *op, rbac_session_t *sessp, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	slap_callback cb = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	tenant_info_t *tenantp = NULL;
+	Modifications *m = NULL;
+	int rc = LDAP_SUCCESS;
+
+	tenantp = rbac_tid2tenant( &reqp->tenantid );
+	if ( !tenantp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_drop_role: "
+				"no tenant info with the req\n" );
+		goto done;
+	}
+
+	/* create mod list */
+	m = ch_calloc( sizeof(Modifications), 1 );
+	m->sml_op = LDAP_MOD_DELETE;
+	m->sml_flags = 0;
+	m->sml_type = slap_rbac_schema.ad_session_roles->ad_cname;
+	m->sml_desc = slap_rbac_schema.ad_session_roles;
+	m->sml_numvals = 1;
+	m->sml_values = ch_calloc( sizeof(struct berval), 2 );
+	m->sml_nvalues = ch_calloc( sizeof(struct berval), 2 );
+	//ber_dupbv( &m->sml_values[0], &reqp->roles[0]);
+
+	// convert the role name to lower case:
+	rbac_to_lower( &reqp->role );
+
+	ber_dupbv( &m->sml_values[0], &reqp->role );
+
+	// todo: determine if this needs to be done:
+	//BER_BVZERO(&m->sml_values[1]);
+
+	ber_dupbv( &m->sml_nvalues[0], &reqp->role );
+	BER_BVZERO( &m->sml_nvalues[1] );
+
+	//ber_dupbv( &m->sml_nvalues[0], &reqp->roles[0]);
+	//ber_dupbv( &m->sml_nvalues[0], &reqp->role);
+	//BER_BVZERO(&m->sml_nvalues[1]);
+
+	m->sml_next = NULL;
+
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_sess_fake_cb;
+	op2.o_callback = &cb;
+
+	op2.o_dn = tenantp->session_admin;
+	op2.o_ndn = tenantp->session_admin;
+	op2.o_tag = LDAP_REQ_MODIFY;
+	op2.orm_modlist = m;
+	op2.o_req_dn = sessp->sessdn;
+	op2.o_req_ndn = sessp->sessdn;
+	op2.o_bd = select_backend( &op2.o_req_ndn, 0 );
+
+	op2.ors_limit = NULL;
+	rc = op2.o_bd->be_modify( &op2, &rs2 );
+
+done:;
+	if ( m ) {
+		slap_mods_free( m, 1 );
+	}
+
+	return rc;
+}
+
+/* delete the session */
+int
+rbac_int_delete_session( Operation *op, rbac_session_t *sessp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	slap_callback cb = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	tenant_info_t *tenantp = NULL;
+	int rc = LDAP_SUCCESS;
+
+	tenantp = rbac_tid2tenant( &sessp->tenantid );
+	if ( !tenantp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_drop_role: "
+				"no tenant info with the req\n" );
+		goto done;
+	}
+
+	/* delete RBAC session */
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_sess_fake_cb;
+	op2.o_callback = &cb;
+
+	op2.o_dn = tenantp->session_admin;
+	op2.o_ndn = tenantp->session_admin;
+	op2.o_tag = LDAP_REQ_DELETE;
+	op2.o_req_dn = sessp->sessdn;
+	op2.o_req_ndn = sessp->sessdn;
+	op2.o_bd = select_backend( &op2.o_req_ndn, 0 );
+	rc = op2.o_bd->be_delete( &op2, &rs2 );
+
+done:;
+	return rc;
+}
+
+rbac_session_t *
+rbac_alloc_session()
+{
+	rbac_session_t *sessp = NULL;
+
+	sessp = ch_malloc( sizeof(rbac_session_t) );
+	sessp->sessid.bv_len =
+			lutil_uuidstr( sessp->uuidbuf, sizeof(sessp->uuidbuf) );
+	sessp->sessid.bv_val = sessp->uuidbuf;
+
+	sessp->user = NULL;
+	BER_BVZERO( &sessp->tenantid );
+	BER_BVZERO( &sessp->uid );
+	BER_BVZERO( &sessp->userdn );
+	BER_BVZERO( &sessp->sessdn );
+	BER_BVZERO( &sessp->message );
+
+	sessp->last_access = 0;
+	sessp->timeout = 0;
+	sessp->warning_id = 0;
+	sessp->error_id = 0;
+	sessp->grace_logins = 0;
+	sessp->expiration_secs = 0;
+	sessp->is_authenticated = 0;
+
+	sessp->roles = NULL;
+	sessp->role_constraints = NULL;
+
+	return sessp;
+}
+
+int
+rbac_register_session( Operation *op, SlapReply *rs, rbac_session_t *sessp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	struct berval rdn, nrdn;
+	SlapReply rs2 = { REP_RESULT };
+	OperationBuffer opbuf;
+	Operation *op2;
+	Connection conn = { 0 };
+	Entry *e = NULL;
+	int rc = LDAP_SUCCESS;
+	char rdnbuf[
+		STRLENOF(RBAC_SESSION_RDN_EQ) + LDAP_LUTIL_UUIDSTR_BUFSIZE + 1];
+	tenant_info_t *tenantp = rbac_tid2tenant( &sessp->tenantid );
+#ifdef USE_NEW_THREAD_CONTEXT
+	void *thrctx = ldap_pvt_thread_pool_context();
+#else
+	void *thrctx = op->o_tmpmemctx;
+#endif
+
+	if ( !sessp ) {
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* dynamic objects */
+	e = entry_alloc();
+
+	strcpy( rdnbuf, RBAC_SESSION_RDN_EQ );
+	strncat( rdnbuf, sessp->sessid.bv_val, sessp->sessid.bv_len );
+	rdn.bv_val = rdnbuf;
+	rdn.bv_len = STRLENOF(RBAC_SESSION_RDN_EQ) + sessp->sessid.bv_len;
+	nrdn.bv_val = rdnbuf;
+	nrdn.bv_len = STRLENOF(RBAC_SESSION_RDN_EQ) + sessp->sessid.bv_len;
+
+	build_new_dn( &e->e_name, &tenantp->sessions_basedn, &rdn, NULL );
+	build_new_dn( &e->e_nname, &tenantp->sessions_basedn, &nrdn, NULL );
+
+	attr_merge_one( e, slap_schema.si_ad_objectClass, &slapo_session_oc, NULL );
+	attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+			&slapo_session_oc, NULL );
+	attr_merge_one( e, slap_rbac_schema.ad_session_id, &sessp->sessid, NULL );
+
+	if ( !BER_BVISNULL( &sessp->uid ) ) {
+		attr_merge_one( e, slap_schema.si_ad_uid, &sessp->uid, NULL );
+	}
+
+	/* add tenant id */
+	if ( !BER_BVISNULL( &sessp->tenantid ) ) {
+		attr_merge_one(
+				e, slap_rbac_schema.ad_tenant_id, &sessp->tenantid, NULL );
+	}
+
+	/* add the userdn */
+	if ( !BER_BVISNULL( &sessp->userdn ) ) {
+		attr_merge_one(
+				e, slap_rbac_schema.ad_session_user_dn, &sessp->userdn, NULL );
+	}
+
+	if ( sessp->roles ) {
+		attr_merge( e, slap_rbac_schema.ad_session_roles, sessp->roles, NULL );
+	}
+
+	// TODO: ensure this is correct way to store constraints in session:
+	if ( sessp->role_constraints ) {
+		attr_merge( e, slap_rbac_schema.ad_session_role_constraints,
+				sessp->role_constraints, NULL );
+	}
+	/* rendered dynmaicObject */
+	attr_merge_one( e, slap_schema.si_ad_objectClass,
+			&slap_schema.si_oc_dynamicObject->soc_cname, NULL );
+
+	/* store RBAC session */
+	connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+	op2 = &opbuf.ob_op;
+	//Operation op2 = *op;
+	//op2.o_callback = &nullsc;
+	//rbac_callback_info_t rbac_cb;
+	//cb.sc_private      = &rbac_cb;
+	//cb.sc_response     = rbac_sess_fake_cb;
+	//op2.o_callback    = &cb;
+	//op2.ors_limit     = NULL;
+	op->o_callback = &nullsc;
+	op2->o_dn = tenantp->session_admin;
+	op2->o_ndn = tenantp->session_admin;
+	op2->o_tag = LDAP_REQ_ADD;
+	op2->o_protocol = LDAP_VERSION3;
+	op2->o_req_dn = e->e_name;
+	op2->o_req_ndn = e->e_nname;
+	op2->ora_e = e;
+	op2->o_bd = frontendDB;
+
+	rc = op2->o_bd->be_add( op2, &rs2 );
+
+done:;
+	if ( e ) entry_free( e );
+	return rc;
+}
+
+int
+rbac_register_session2( Operation *op, SlapReply *rs, rbac_session_t *sessp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	struct berval rdn, nrdn;
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	//OperationBuffer opbuf;
+	//Connection conn = {0};
+	Entry *e = NULL;
+	int rc = LDAP_SUCCESS;
+	char rdnbuf[STRLENOF(RBAC_SESSION_RDN_EQ) + LDAP_LUTIL_UUIDSTR_BUFSIZE +
+			1];
+	tenant_info_t *tenantp = rbac_tid2tenant( &sessp->tenantid );
+	slap_callback cb = { 0 };
+	//#ifdef USE_NEW_THREAD_CONTEXT
+	//	void *thrctx = ldap_pvt_thread_pool_context();
+	//#else
+	//	void *thrctx = op->o_tmpmemctx;
+	//#endif
+
+	if ( !sessp ) {
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* dynamic objects */
+	e = entry_alloc();
+
+	strcpy( rdnbuf, RBAC_SESSION_RDN_EQ );
+	strncat( rdnbuf, sessp->sessid.bv_val, sessp->sessid.bv_len );
+	rdn.bv_val = rdnbuf;
+	rdn.bv_len = STRLENOF(RBAC_SESSION_RDN_EQ) + sessp->sessid.bv_len;
+	nrdn.bv_val = rdnbuf;
+	nrdn.bv_len = STRLENOF(RBAC_SESSION_RDN_EQ) + sessp->sessid.bv_len;
+
+	build_new_dn( &e->e_name, &tenantp->sessions_basedn, &rdn, NULL );
+	build_new_dn( &e->e_nname, &tenantp->sessions_basedn, &nrdn, NULL );
+
+	attr_merge_one( e, slap_schema.si_ad_objectClass, &slapo_session_oc, NULL );
+	attr_merge_one( e, slap_schema.si_ad_structuralObjectClass,
+			&slapo_session_oc, NULL );
+	attr_merge_one( e, slap_rbac_schema.ad_session_id, &sessp->sessid, NULL );
+
+	if ( !BER_BVISNULL( &sessp->uid ) ) {
+		attr_merge_one( e, slap_schema.si_ad_uid, &sessp->uid, NULL );
+	}
+
+	/* add tenant id */
+	if ( !BER_BVISNULL( &sessp->tenantid ) ) {
+		attr_merge_one(
+				e, slap_rbac_schema.ad_tenant_id, &sessp->tenantid, NULL );
+	}
+
+	/* add the userdn */
+	if ( !BER_BVISNULL( &sessp->userdn ) ) {
+		attr_merge_one(
+				e, slap_rbac_schema.ad_session_user_dn, &sessp->userdn, NULL );
+	}
+
+	if ( sessp->roles ) {
+		attr_merge( e, slap_rbac_schema.ad_session_roles, sessp->roles, NULL );
+	}
+
+	// TODO: ensure this is correct way to store constraints in session:
+	if ( sessp->role_constraints ) {
+		attr_merge( e, slap_rbac_schema.ad_session_role_constraints,
+				sessp->role_constraints, NULL );
+	}
+	/* rendered dynmaicObject */
+	attr_merge_one( e, slap_schema.si_ad_objectClass,
+			&slap_schema.si_oc_dynamicObject->soc_cname, NULL );
+
+	/* store RBAC session */
+	//connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+	//op2 = &opbuf.ob_op;
+	//op2.o_ctrlflag = op->o_ctrlflag;
+	// todo this ain't right"
+	//op2.o_ctrlflag = 0;
+	//OperationBuffer *opbuf;
+	//memset( opbuf, 0, sizeof(OperationBuffer));
+	//op2.o_hdr = &opbuf->ob_hdr;
+	//op2.o_controls = opbuf->ob_controls;
+
+	// fails on modify.c:353 with segfault
+
+	//op2.o_callback = &nullsc;
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_sess_fake_cb;
+	op2.o_callback = &cb;
+	op2.o_dn = tenantp->session_admin;
+	op2.o_ndn = tenantp->session_admin;
+	op2.o_tag = LDAP_REQ_ADD;
+	op2.o_protocol = LDAP_VERSION3;
+	op2.o_req_dn = e->e_name;
+	op2.o_req_ndn = e->e_nname;
+	op2.ora_e = e;
+	op2.o_bd = frontendDB;
+	//op2.ors_limit     = NULL;
+
+	rc = op2.o_bd->be_add( &op2, &rs2 );
+
+done:;
+	if ( e ) entry_free( e );
+
+	return rc;
+}
+
+int
+rbac_is_valid_session_id( struct berval *sessid )
+{
+	/* TODO: simple test */
+	if ( !sessid || sessid->bv_len != 36 ) {
+		if ( !sessid ) {
+			Debug( LDAP_DEBUG_ANY, "rbac_is_valid_session_id: "
+					"null sessid\n" );
+		} else {
+			Debug( LDAP_DEBUG_ANY, "rbac_is_valid_session_id: "
+					"len (%lu)\n",
+					sessid->bv_len );
+		}
+		return 0;
+	}
+
+	else {
+		return 1;
+	}
+}
+
+/* create an rbac request with the session ID */
+rbac_req_t *
+rbac_is_search_session_permissions( Operation *op )
+{
+	rbac_req_t *reqp = NULL;
+
+	/* check whether the search for sessionPermissions and *
+	 * with a valid sessionID */
+
+	return reqp;
+}
+
+rbac_session_t *
+rbac_session_byid_fake( Operation *op, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_session_t *sessp = NULL;
+	int rc = LDAP_SUCCESS;
+	char fbuf[RBAC_BUFLEN];
+	struct berval filter = { sizeof(fbuf), fbuf };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	rbac_callback_info_t rbac_cb;
+	slap_callback cb = { 0 };
+	tenant_info_t *tenantp = NULL;
+
+	if ( !rbac_is_valid_session_id( &reqp->sessid ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_byid: "
+				"invalid session id (%s)\n",
+				reqp->sessid.bv_val );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	sessp = rbac_alloc_session();
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_byid: "
+				"unable to allocate session memory\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	tenantp = rbac_tid2tenant( &reqp->tenantid );
+
+	/* session id filter */
+	memset( fbuf, 0, sizeof(fbuf) );
+	strcpy( fbuf, RBAC_SESSION_RDN_EQ );
+	strncpy( &fbuf[0] + sizeof(RBAC_SESSION_RDN_EQ) - 1, reqp->sessid.bv_val,
+			reqp->sessid.bv_len );
+	filter.bv_val = fbuf;
+	filter.bv_len = strlen( fbuf );
+
+	//cb.sc_private     = sessp;
+	//cb.sc_response    = rbac_read_session_cb;
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_sess_fake_cb;
+	op2.o_callback = &cb;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_dn = tenantp->session_admin;
+	op2.o_ndn = tenantp->session_admin;
+	op2.o_req_dn = tenantp->sessions_basedn;
+	op2.o_req_ndn = tenantp->sessions_basedn;
+	op2.ors_filterstr = filter;
+	op2.ors_filter = str2filter_x( &op2, filter.bv_val );
+	op2.ors_scope = LDAP_SCOPE_SUBTREE;
+	op2.ors_attrs = slap_rbac_schema.session_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
+	op2.o_bd = frontendDB;
+	// hyc change to fix seg fault:
+	op2.ors_limit = NULL;
+
+	rc = op2.o_bd->be_search( &op2, &rs2 );
+	filter_free_x( &op2, op2.ors_filter, 1 );
+
+done:
+	// TODO: find equivalent way of check nentries (broke with fake connection fix)
+	//if ( rc != LDAP_SUCCESS || rs2.sr_nentries <= 0 ) {
+	if ( rc != LDAP_SUCCESS ) {
+		rbac_free_session( sessp );
+		sessp = NULL;
+	}
+
+	return sessp;
+}
+
+rbac_session_t *
+rbac_session_byid( Operation *op, rbac_req_t *reqp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	rbac_session_t *sessp = NULL;
+	int rc = LDAP_SUCCESS;
+	char fbuf[RBAC_BUFLEN];
+	struct berval filter = { sizeof(fbuf), fbuf };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	slap_callback cb = { 0 };
+	tenant_info_t *tenantp = NULL;
+
+	if ( !rbac_is_valid_session_id( &reqp->sessid ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_byid: "
+				"invalid session id (%s)\n",
+				reqp->sessid.bv_val );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	sessp = rbac_alloc_session();
+	if ( !sessp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_session_byid: "
+				"unable to allocate session memory\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	tenantp = rbac_tid2tenant( &reqp->tenantid );
+
+	/* session id filter */
+	memset( fbuf, 0, sizeof(fbuf) );
+	strcpy( fbuf, RBAC_SESSION_RDN_EQ );
+	strncpy( &fbuf[0] + sizeof(RBAC_SESSION_RDN_EQ) - 1, reqp->sessid.bv_val,
+			reqp->sessid.bv_len );
+	filter.bv_val = fbuf;
+	filter.bv_len = strlen( fbuf );
+
+	cb.sc_private = sessp;
+	cb.sc_response = rbac_read_session_cb;
+	op2.o_callback = &cb;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_dn = tenantp->session_admin;
+	op2.o_ndn = tenantp->session_admin;
+	op2.o_req_dn = tenantp->sessions_basedn;
+	op2.o_req_ndn = tenantp->sessions_basedn;
+	op2.ors_filterstr = filter;
+	op2.ors_filter = str2filter_x( &op2, filter.bv_val );
+	op2.ors_scope = LDAP_SCOPE_SUBTREE;
+	op2.ors_attrs = slap_rbac_schema.session_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
+	op2.o_bd = frontendDB;
+	// hyc change to fix seg fault:
+	op2.ors_limit = NULL;
+
+	rc = op2.o_bd->be_search( &op2, &rs2 );
+	filter_free_x( &op2, op2.ors_filter, 1 );
+
+done:
+	// TODO: find equivalent way of check nentries (broke with fake connection fix)
+	//if ( rc != LDAP_SUCCESS || rs2.sr_nentries <= 0 ) {
+	if ( rc != LDAP_SUCCESS ) {
+		rbac_free_session( sessp );
+		sessp = NULL;
+	}
+
+	return sessp;
+}
+
+static char *
+rbac_int_session_permissions_filterstr( Operation *op, rbac_session_t *sessp )
+{
+	char filterbuf[RBAC_BUFLEN];
+	int i;
+
+	memset( filterbuf, 0, sizeof(filterbuf) );
+
+	strcat( filterbuf, "(&(objectClass=ftOperation)(|" );
+	strcat( filterbuf, "(ftUsers=" );
+	strcat( filterbuf, sessp->uid.bv_val );
+	strcat( filterbuf, ")" );
+
+	/* add ftRoles filters */
+	for ( i = 0; !BER_BVISEMPTY( &sessp->roles[i] ); i++ ) {
+		strcat( filterbuf, "(ftRoles=" );
+		strncat( filterbuf, sessp->roles[i].bv_val, sessp->roles[i].bv_len );
+		strcat( filterbuf, ")" );
+	}
+	strcat( filterbuf, "))" );
+	return strdup( filterbuf );
+}
+
+int
+rbac_int_session_permissions(
+		Operation *op,
+		SlapReply *rs,
+		rbac_req_t *reqp,
+		rbac_session_t *sessp )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	tenant_info_t *tenantp = NULL;
+	int rc;
+	struct berval filter;
+	char *filterstr;
+	struct berval permndn = BER_BVNULL;
+	OperationBuffer opbuf;
+	Connection conn = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Operation *op2;
+	slap_callback cb = { 0 };
+	char permbuf[1024];
+	session_perm_req_t sess_perm_req;
+#ifdef USE_NEW_THREAD_CONTEXT
+	void *thrctx = ldap_pvt_thread_pool_context();
+#else
+	void *thrctx = op->o_tmpmemctx;
+#endif
+
+	tenantp = rbac_tid2tenant( &reqp->tenantid );
+
+	/* construct session permissions dn */
+	memset( permbuf, 0, sizeof(permbuf) );
+	strcat( permbuf, "rbacSessid=" );
+	strncat( permbuf, sessp->sessid.bv_val, sessp->sessid.bv_len );
+	strcat( permbuf, ",dc=rbac" );
+	sess_perm_req.op = op;
+	sess_perm_req.rs = rs;
+	sess_perm_req.permdn.bv_val = permbuf;
+	sess_perm_req.permdn.bv_len = strlen( permbuf );
+	sess_perm_req.sessid = &reqp->sessid;
+	sess_perm_req.tenantp = tenantp;
+
+	filterstr = rbac_int_session_permissions_filterstr( op, sessp );
+	if ( !filterstr ) {
+		Debug( LDAP_DEBUG_ANY, "unable to construct filter for session permissions\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+	filter.bv_val = filterstr;
+	filter.bv_len = strlen( filterstr );
+
+	rc = dnNormalize(
+			0, NULL, NULL, &tenantp->permissions_basedn, &permndn, NULL );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_permission: "
+				"unable to normalize permission DN\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	connection_fake_init2( &conn, &opbuf, thrctx, 0 );
+	op2 = &opbuf.ob_op;
+	//Operation op2 = *op;
+	cb.sc_private = &sess_perm_req;
+	cb.sc_response = rbac_session_permissions_cb;
+	op2->o_callback = &cb;
+	op2->o_tag = LDAP_REQ_SEARCH;
+	op2->o_dn = tenantp->admin;
+	op2->o_ndn = tenantp->admin;
+	op2->o_req_dn = tenantp->permissions_basedn;
+	op2->o_req_ndn = permndn;
+	op2->ors_filterstr = filter;
+	op2->ors_filter = str2filter_x( op, filter.bv_val );
+	op2->ors_scope = LDAP_SCOPE_SUB;
+	op2->ors_attrs = tenantp->schema->session_perm_attrs;
+	op2->ors_tlimit = SLAP_NO_LIMIT;
+	op2->ors_slimit = SLAP_NO_LIMIT;
+	op2->ors_attrsonly = 0;
+	op2->o_bd = frontendDB;
+	//op2.ors_limit     = NULL;
+	rc = op2->o_bd->be_search( op2, &rs2 );
+	filter_free_x( op, op2->ors_filter, 1 );
+
+done:;
+	/* generate audit log */
+	rbac_audit( op, SessionPermissions, sessp, reqp, rc, (char *)rs->sr_text );
+
+	rs->sr_err = rc;
+	return rs->sr_err;
+}
+
+void
+rbac_free_session( rbac_session_t *sessp )
+{
+	if ( !sessp ) return;
+
+	if ( sessp->user ) {
+		rbac_free_user( sessp->user );
+	}
+
+	if ( !BER_BVISNULL( &sessp->uid ) ) {
+		ber_memfree( sessp->uid.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &sessp->tenantid ) ) {
+		ber_memfree( sessp->tenantid.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &sessp->userdn ) ) {
+		ber_memfree( sessp->userdn.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &sessp->sessdn ) ) {
+		ber_memfree( sessp->sessdn.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &sessp->message ) ) {
+		ber_memfree( sessp->message.bv_val );
+	}
+
+	if ( sessp->roles ) {
+		ber_bvarray_free( sessp->roles );
+	}
+
+	if ( sessp->role_constraints ) {
+		ber_bvarray_free( sessp->role_constraints );
+	}
+
+	ch_free( sessp );
+
+	return;
+}
+
+/* roles included from request are activated into a session only when
+ * they exist and have been assigned to the user. If no roles included in request, all
+ * roles assigned to the user are activated into the rbac session.
+ */
+int
+activate_session_roles(
+		rbac_session_t *sessp,
+		rbac_req_t *reqp,
+		rbac_user_t *userp )
+{
+	int i, j, rc = LDAP_UNWILLING_TO_PERFORM;
+	if ( !sessp || !reqp || !userp ) {
+		goto done;
+	}
+
+	/* no role requested, assign all roles from the user to the session. */
+	if ( reqp->roles == NULL || BER_BVISNULL( &reqp->roles[0] ) ) {
+		//if (!reqp->roles || BER_BVISNULL(&reqp->roles[0])) {
+		/* no roles assigned to the user */
+		if ( !userp->roles || BER_BVISNULL( &userp->roles[0] ) ) goto done;
+		for ( i = 0; !BER_BVISNULL( &userp->roles[i] ); i++ ) {
+			struct berval role;
+			ber_dupbv_x( &role, &userp->roles[i], NULL );
+			ber_bvarray_add( &sessp->roles, &role );
+			rc = LDAP_SUCCESS;
+		}
+
+		// TODO: smm 20141218 - make sure this is correct way to add constraints to user session.
+		for ( i = 0; !BER_BVISNULL( &userp->role_constraints[i] ); i++ ) {
+			struct berval roleconstraint;
+			ber_dupbv_x( &roleconstraint, &userp->role_constraints[i], NULL );
+			ber_bvarray_add( &sessp->role_constraints, &roleconstraint );
+			rc = LDAP_SUCCESS;
+		}
+
+	} else {
+		for ( i = 0; !BER_BVISNULL( &reqp->roles[i] ); i++ ) {
+			for ( j = 0; !BER_BVISNULL( &userp->roles[j] ); j++ ) {
+				if ( !ber_bvstrcasecmp( &reqp->roles[i], &userp->roles[j] ) ) {
+					/* requested role is assigned to the user */
+					struct berval role;
+					ber_dupbv_x( &role, &userp->roles[i], NULL );
+					ber_bvarray_add( &sessp->roles, &role );
+					rc = LDAP_SUCCESS;
+				}
+			}
+		}
+	}
+
+done:;
+	return rc;
+}
diff --git a/contrib/slapd-modules/rbac/rbacuser.c b/contrib/slapd-modules/rbac/rbacuser.c
new file mode 100644
index 0000000..59d3c01
--- /dev/null
+++ b/contrib/slapd-modules/rbac/rbacuser.c
@@ -0,0 +1,620 @@
+/* rbacuser.c - RBAC users */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+static int ppolicy_cid = -1;
+
+static rbac_user_t *
+rbac_alloc_user()
+{
+	rbac_user_t *userp = ch_calloc( 1, sizeof(rbac_user_t) );
+
+	BER_BVZERO( &userp->tenantid );
+	BER_BVZERO( &userp->uid );
+	BER_BVZERO( &userp->dn );
+	BER_BVZERO( &userp->password );
+	BER_BVZERO( &userp->constraints );
+	BER_BVZERO( &userp->msg );
+	userp->roles = NULL;
+	userp->role_constraints = NULL;
+
+	return userp;
+}
+
+static int
+rbac_read_user_cb( Operation *op, SlapReply *rs )
+{
+	rbac_callback_info_t *cbp = op->o_callback->sc_private;
+	rbac_ad_t *user_ads;
+	rbac_user_t *userp = NULL;
+	int rc = 0, i;
+
+	Debug( LDAP_DEBUG_ANY, "rbac_read_user_cb\n" );
+
+	if ( rs->sr_type != REP_SEARCH ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_user_cb: "
+				"sr_type != REP_SEARCH\n" );
+		return 0;
+	}
+
+	assert( cbp );
+
+	user_ads = cbp->tenantp->schema->user_ads;
+
+	userp = rbac_alloc_user();
+	if ( !userp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_user_cb: "
+				"rbac_alloc_user failed\n" );
+
+		goto done;
+	}
+
+	ber_dupbv( &userp->dn, &rs->sr_entry->e_name );
+
+	Debug( LDAP_DEBUG_ANY, "DEBUG rbac_read_user_cb (%s): "
+			"rc (%d)\n",
+			userp->dn.bv_val, rc );
+
+	for ( i = 0; !BER_BVISNULL( &user_ads[i].attr ); i++ ) {
+		Attribute *attr = NULL;
+
+		attr = attr_find( rs->sr_entry->e_attrs, *user_ads[i].ad );
+		if ( attr != NULL ) {
+			switch ( user_ads[i].type ) {
+				case RBAC_ROLE_ASSIGNMENT:
+					ber_bvarray_dup_x( &userp->roles, attr->a_nvals, NULL );
+					break;
+				case RBAC_ROLE_CONSTRAINTS:
+					ber_bvarray_dup_x(
+							&userp->role_constraints, attr->a_nvals, NULL );
+					break;
+				case RBAC_USER_CONSTRAINTS:
+					ber_dupbv_x( &userp->constraints, &attr->a_nvals[0], NULL );
+					break;
+				case RBAC_UID:
+					ber_dupbv_x( &userp->uid, &attr->a_nvals[0], NULL );
+					break;
+				default:
+					break;
+			}
+		}
+	}
+
+done:;
+	cbp->private = userp;
+
+	return 0;
+}
+
+static int
+rbac_bind_cb( Operation *op, SlapReply *rs )
+{
+	rbac_user_t *ui = op->o_callback->sc_private;
+
+	LDAPControl *ctrl = ldap_control_find(
+			LDAP_CONTROL_PASSWORDPOLICYRESPONSE, rs->sr_ctrls, NULL );
+	if ( ctrl ) {
+		LDAP *ld;
+		ber_int_t expire, grace;
+		LDAPPasswordPolicyError error;
+
+		ldap_create( &ld );
+		if ( ld ) {
+			int rc = ldap_parse_passwordpolicy_control(
+					ld, ctrl, &expire, &grace, &error );
+			if ( rc == LDAP_SUCCESS ) {
+				ui->authz = RBAC_PASSWORD_GOOD;
+				if ( grace > 0 ) {
+					//ui->msg.bv_len = sprintf(ui->msg.bv_val,
+					//		"Password expired; %d grace logins remaining",
+					//		grace);
+					ui->authz = RBAC_BIND_NEW_AUTHTOK_REQD;
+				} else if ( error != PP_noError ) {
+					ber_str2bv( ldap_passwordpolicy_err2txt( error ), 0, 0,
+							&ui->msg );
+
+					switch ( error ) {
+						case PP_passwordExpired:
+							ui->authz = RBAC_PASSWORD_EXPIRATION_WARNING;
+
+							if ( expire >= 0 ) {
+								char *unit = "seconds";
+								if ( expire > 60 ) {
+									expire /= 60;
+									unit = "minutes";
+								}
+								if ( expire > 60 ) {
+									expire /= 60;
+									unit = "hours";
+								}
+								if ( expire > 24 ) {
+									expire /= 24;
+									unit = "days";
+								}
+#if 0 /* Who warns about expiration so far in advance? */
+								if (expire > 7) {
+									expire /= 7;
+									unit = "weeks";
+								}
+								if (expire > 4) {
+									expire /= 4;
+									unit = "months";
+								}
+								if (expire > 12) {
+									expire /= 12;
+									unit = "years";
+								}
+#endif
+							}
+
+							//rs->sr_err = ;
+							break;
+						case PP_accountLocked:
+							ui->authz = RBAC_ACCOUNT_LOCKED;
+							//rs->sr_err = ;
+							break;
+						case PP_changeAfterReset:
+							ui->authz = RBAC_CHANGE_AFTER_RESET;
+							rs->sr_err = LDAP_SUCCESS;
+							break;
+						case PP_passwordModNotAllowed:
+							ui->authz = RBAC_NO_MODIFICATIONS;
+							//rs->sr_err = ;
+							break;
+						case PP_mustSupplyOldPassword:
+							ui->authz = RBAC_MUST_SUPPLY_OLD;
+							//rs->sr_err = ;
+							break;
+						case PP_insufficientPasswordQuality:
+							ui->authz = RBAC_INSUFFICIENT_QUALITY;
+							//rs->sr_err = ;
+							break;
+						case PP_passwordTooShort:
+							ui->authz = RBAC_PASSWORD_TOO_SHORT;
+							//rs->sr_err = ;
+							break;
+						case PP_passwordTooYoung:
+							ui->authz = RBAC_PASSWORD_TOO_YOUNG;
+							//rs->sr_err = ;
+							break;
+						case PP_passwordInHistory:
+							ui->authz = RBAC_HISTORY_VIOLATION;
+							//rs->sr_err = ;
+							break;
+						case PP_noError:
+						default:
+							// do nothing
+							//ui->authz = RBAC_PASSWORD_GOOD;
+							rs->sr_err = LDAP_SUCCESS;
+							break;
+					}
+
+//					switch (error) {
+//					case PP_passwordExpired:
+						/* report this during authz */
+//						rs->sr_err = LDAP_SUCCESS;
+						/* fallthru */
+//					case PP_changeAfterReset:
+//						ui->authz = RBAC_BIND_NEW_AUTHTOK_REQD;
+//					}
+				}
+			}
+			ldap_unbind_ext( ld, NULL, NULL );
+		}
+	}
+
+	return 0;
+}
+
+/* exported user functions */
+int
+rbac_authenticate_user( Operation *op, rbac_user_t *userp )
+{
+	int rc = LDAP_SUCCESS;
+	slap_callback cb = { 0 };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	LDAPControl *sctrls[4];
+	LDAPControl sctrl[3];
+	int nsctrls = 0;
+	LDAPControl c;
+	struct berval ber_bvnull = BER_BVNULL;
+	struct berval dn, ndn;
+
+	rc = dnPrettyNormal( 0, &userp->dn, &dn, &ndn, NULL );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	cb.sc_response = rbac_bind_cb;
+	cb.sc_private = userp;
+	op2.o_callback = &cb;
+	op2.o_dn = ber_bvnull;
+	op2.o_ndn = ber_bvnull;
+	op2.o_tag = LDAP_REQ_BIND;
+	op2.o_protocol = LDAP_VERSION3;
+	op2.orb_method = LDAP_AUTH_SIMPLE;
+	op2.orb_cred = userp->password;
+	op2.o_req_dn = dn;
+	op2.o_req_ndn = ndn;
+
+	// loading the ldap pw policy controls loaded into here, added by smm:
+	c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+	c.ldctl_value.bv_val = NULL;
+	c.ldctl_value.bv_len = 0;
+	c.ldctl_iscritical = 0;
+	sctrl[nsctrls] = c;
+	sctrls[nsctrls] = &sctrl[nsctrls];
+	sctrls[++nsctrls] = NULL;
+	op2.o_ctrls = sctrls;
+
+	if ( ppolicy_cid < 0 ) {
+		rc = slap_find_control_id( LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+				&ppolicy_cid );
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+	// smm - need to set the control flag too:
+	op2.o_ctrlflag[ppolicy_cid] = SLAP_CONTROL_CRITICAL;
+
+	slap_op_time( &op2.o_time, &op2.o_tincr );
+	op2.o_bd = frontendDB;
+	rc = op2.o_bd->be_bind( &op2, &rs2 );
+	if ( userp->authz > 0 ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_authenticate_user (%s): "
+				"password policy violation (%d)\n",
+				userp->dn.bv_val ? userp->dn.bv_val : "NULL", userp->authz );
+	}
+
+done:;
+	ch_free( dn.bv_val );
+	ch_free( ndn.bv_val );
+
+	Debug( LDAP_DEBUG_ANY, "rbac_authenticate_user (%s): "
+			"rc (%d)\n",
+			userp->dn.bv_val ? userp->dn.bv_val : "NULL", rc );
+	return rc;
+}
+
+/*
+	isvalidusername(): from OpenLDAP ~/contrib/slapd-modules/nssov/passwd.c
+	Checks to see if the specified name is a valid user name.
+
+    This test is based on the definition from POSIX (IEEE Std 1003.1, 2004, 3.426 User Name
+	 and 3.276 Portable Filename Character Set):
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_426
+	 http://www.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276
+
+	 The standard defines user names valid if they contain characters from
+	 the set [A-Za-z0-9._-] where the hyphen should not be used as first
+	 character. As an extension this test allows the dolar '$' sign as the last
+	 character to support Samba special accounts.
+*/
+static int
+isvalidusername( struct berval *bv )
+{
+	int i;
+	char *name = bv->bv_val;
+	if ( (name == NULL) || ( name[0] == '\0' ) ) return 0;
+	/* check first character */
+	if ( !( ( name[0] >= 'A' && name[0] <= 'Z' ) ||
+				 ( name[0] >= 'a' && name[0] <= 'z' ) ||
+				 ( name[0] >= '0' && name[0] <= '9' ) || name[0] == '.' ||
+				 name[0] == '_' ) )
+		return 0;
+	/* check other characters */
+	for ( i = 1; i < bv->bv_len; i++ ) {
+		if ( name[i] == '$' ) {
+			/* if the char is $ we require it to be the last char */
+			if ( name[i + 1] != '\0' ) return 0;
+		} else if ( !( ( name[i] >= 'A' && name[i] <= 'Z' ) ||
+							( name[i] >= 'a' && name[i] <= 'z' ) ||
+							( name[i] >= '0' && name[i] <= '9' ) ||
+							name[i] == '.' || name[i] == '_' ||
+							name[i] == '-' ) )
+			return 0;
+	}
+	/* no test failed so it must be good */
+	return -1;
+}
+
+rbac_user_t *
+rbac_read_user( Operation *op, rbac_req_t *reqp )
+{
+	int rc = LDAP_SUCCESS;
+	tenant_info_t *tenantp = rbac_tid2tenant( &reqp->tenantid );
+	rbac_user_t *userp = NULL;
+	char fbuf[RBAC_BUFLEN];
+	struct berval filter = { sizeof(fbuf), fbuf };
+	SlapReply rs2 = { REP_RESULT };
+	Operation op2 = *op;
+	slap_callback cb = { 0 };
+	rbac_callback_info_t rbac_cb;
+
+	if ( !tenantp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_user: "
+				"missing tenant information\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* uid is a pre-requisite for reading the user information */
+	if ( BER_BVISNULL( &reqp->uid ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_user: "
+				"missing uid, unable to read user entry\n" );
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	if ( !isvalidusername( &reqp->uid ) ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_read_user: "
+				"invalid user id\n" );
+		rc = LDAP_NO_SUCH_OBJECT;
+		goto done;
+	}
+
+	rbac_cb.tenantp = tenantp;
+	rbac_cb.private = NULL;
+
+	memset( fbuf, 0, sizeof(fbuf) );
+	strcpy( fbuf, "uid=" );
+	strncat( fbuf, reqp->uid.bv_val, reqp->uid.bv_len );
+	filter.bv_val = fbuf;
+	filter.bv_len = strlen( fbuf );
+
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_create_session: "
+				"invalid DN syntax\n" );
+		goto done;
+	}
+
+	cb.sc_private = &rbac_cb;
+	cb.sc_response = rbac_read_user_cb;
+	op2.o_callback = &cb;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_dn = tenantp->admin;
+	op2.o_ndn = tenantp->admin;
+	op2.o_req_dn = tenantp->users_basedn;
+	op2.o_req_ndn = tenantp->users_basedn;
+	op2.ors_filterstr = filter;
+	op2.ors_filter = str2filter_x( &op2, filter.bv_val );
+	op2.ors_scope = LDAP_SCOPE_SUBTREE;
+	op2.ors_attrs = tenantp->schema->user_attrs;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_slimit = SLAP_NO_LIMIT;
+	op2.ors_attrsonly = 0;
+	op2.o_bd = frontendDB;
+	op2.ors_limit = NULL;
+	rc = op2.o_bd->be_search( &op2, &rs2 );
+	filter_free_x( &op2, op2.ors_filter, 1 );
+
+done:;
+	if ( rc == LDAP_SUCCESS && rbac_cb.private ) {
+		userp = (rbac_user_t *)rbac_cb.private;
+		if ( !BER_BVISNULL( &reqp->authtok ) )
+			ber_dupbv( &userp->password, &reqp->authtok );
+		rbac_cb.private = NULL;
+		return userp;
+	} else {
+		userp = (rbac_user_t *)rbac_cb.private;
+		rbac_free_user( userp );
+		return NULL;
+	}
+}
+
+/* evaluate temporal constraints for the user */
+int
+rbac_user_temporal_constraint( rbac_user_t *userp )
+{
+	int rc = LDAP_SUCCESS;
+	rbac_constraint_t *cp = NULL;
+
+	if ( BER_BVISNULL( &userp->constraints ) ) {
+		/* no temporal constraint */
+		goto done;
+	}
+
+	cp = rbac_bv2constraint( &userp->constraints );
+	if ( !cp ) {
+		Debug( LDAP_DEBUG_ANY, "rbac_user_temporal_constraint: "
+				"invalid user constraint \n" );
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	rc = rbac_check_time_constraint( cp );
+
+done:;
+	rbac_free_constraint( cp );
+
+	return rc;
+}
+
+/*
+rbac_constraint_t *
+rbac_user_role_constraintsx(rbac_user_t *userp)
+{
+	rbac_constraint_t *tmp, *cp = NULL;
+	int i = 0;
+
+	if (!userp || !userp->role_constraints)
+		goto done;
+
+	while (!BER_BVISNULL(&userp->role_constraints[i])) {
+		tmp = rbac_bv2constraint(&userp->role_constraints[i++]);
+		if (tmp) {
+			if (!cp) {
+				cp = tmp;
+			} else {
+				tmp->next = cp;
+				cp = tmp;
+			}
+		}
+	}
+
+done:;
+	return cp;
+}
+*/
+
+rbac_constraint_t *
+rbac_user_role_constraints( BerVarray values )
+{
+	rbac_constraint_t *curr, *head = NULL;
+	int i = 0;
+
+	if ( values ) {
+		while ( !BER_BVISNULL( &values[i] ) ) {
+			curr = rbac_bv2constraint( &values[i++] );
+			if ( curr ) {
+				curr->next = head;
+				head = curr;
+			}
+		}
+	}
+
+	return head;
+}
+
+/*
+
+void main() {
+   item * curr, * head;
+   int i;
+
+   head = NULL;
+
+   for(i=1;i<=10;i++) {
+      curr = (item *)malloc(sizeof(item));
+      curr->val = i;
+      curr->next  = head;
+      head = curr;
+   }
+
+   curr = head;
+
+   while(curr) {
+      printf("%d\n", curr->val);
+      curr = curr->next ;
+   }
+}
+
+ */
+
+/*
+ *
+rbac_user_role_constraints2(BerVarray values)
+{
+	rbac_constraint_t *tmp, *cp = NULL;
+	int i = 0;
+
+	if (!values)
+		goto done;
+
+	while (!BER_BVISNULL(&values[i])) {
+		tmp = rbac_bv2constraint(&values[i++]);
+		if (tmp) {
+			if (!cp) {
+				cp = tmp;
+			} else {
+				tmp->next = cp;
+				cp = tmp;
+				//cp->next = tmp;
+				//cp = tmp->next;
+
+			}
+		}
+	}
+
+done:;
+	return cp;
+}
+
+
+rbac_user_role_constraints3(rbac_constraint_t *values)
+{
+	rbac_constraint_t *tmp, *cp = NULL;
+	int i = 0;
+
+	if (!values)
+		goto done;
+
+	while (!BER_BVISNULL(values[i])) {
+		tmp = rbac_bv2constraint(&values[i++]);
+		if (tmp) {
+			if (!cp) {
+				cp = tmp;
+			} else {
+				tmp->next = cp;
+				cp = tmp;
+			}
+		}
+	}
+
+done:;
+	return cp;
+}
+*/
+
+void
+rbac_free_user( rbac_user_t *userp )
+{
+	if ( !userp ) return;
+
+	if ( !BER_BVISNULL( &userp->tenantid ) ) {
+		ber_memfree( userp->tenantid.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &userp->uid ) ) {
+		ber_memfree( userp->uid.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &userp->dn ) ) {
+		ber_memfree( userp->dn.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &userp->constraints ) ) {
+		ber_memfree( userp->constraints.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &userp->password ) ) {
+		ber_memfree( userp->password.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &userp->msg ) ) {
+		ber_memfree( userp->msg.bv_val );
+	}
+
+	if ( userp->roles ) ber_bvarray_free( userp->roles );
+
+	if ( userp->role_constraints ) ber_bvarray_free( userp->role_constraints );
+
+	ch_free( userp );
+}
diff --git a/contrib/slapd-modules/rbac/slapo-rbac.5 b/contrib/slapd-modules/rbac/slapo-rbac.5
new file mode 100644
index 0000000..453bcbc
--- /dev/null
+++ b/contrib/slapd-modules/rbac/slapo-rbac.5
@@ -0,0 +1,157 @@
+.TH SLAPO_RBAC 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 1999-2021 SYMAS Corporation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo\-rbac \- RBAC0 overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.SH DESCRIPTION
+.LP
+The 
+.B slapo-rbac
+overlay
+is an implementation of the ANSI INCITS 359 Role-Based Access Control (RBAC) Core.
+When instantiated, it intercepts, decodes and enforces specific RBAC policies per the Apache Fortress RBAC data formats.
+.P
+The overlay provides a set of extended operations.
+They include session create/delete, checkAccess, addActiveRole, dropActiveRole and sessionRoles.
+.P
+
+.SH CONFIGURATION
+These 
+.B slapd.conf
+configuration options apply to the slapo-rbac overlay. 
+
+.TP
+.B overlay	rbac
+This tag gets applied to the RBAC configuration db (see example below).
+.TP
+.B rbac-default-users-base-dn "ou=People,dc=example,dc=com"
+Points to the container that contains the Apache Fortress users.
+.TP
+.B rbac-default-roles-base-dn "ou=Roles,ou=RBAC,dc=example,dc=com"
+Points to the container that contains the Apache Fortress roles.
+.TP
+.B rbac-default-permissions-base-dn "ou=Permissions,ou=RBAC,dc=example,dc=com"
+Points to the container that contains the Apache Fortress perms.
+.TP
+.B rbac-default-sessions-base-dn "cn=rbac"
+Points to the suffix of the RBAC sessions.
+.TP
+.B rbac-default-audit-base-dn "cn=audit"
+Points to the suffix where the audit records are stored.
+.TP
+.B rbac-admin "cn=manager,dc=example,dc=com"
+A service account that has read access to the entire Apache Fortress DIT.
+.TP
+.B rbac-pwd "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+The password according to the service account.
+.TP
+.B rbac-session-admin "cn=manager,cn=rbac"
+The root dn of the RBAC sessions database.
+.TP
+.B rbac-session-admin-pwd {SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+The password corresponding with the session database.
+.TP
+.RE
+
+.SH EXAMPLES
+.LP
+.RS
+.nf
+
+This overlay requires the
+.B rbac.schema
+loaded and three additional database config sections, one to store rbac
+sessions, second to store the audit records and third to hold the overlay's
+config parameters. They should appear after the existing Apache Fortress db
+config.
+
+.TP 
+1. Session Database: Used to store the RBAC sessions corresponding to a logged in user.
+.B database	mdb
+.B suffix	"cn=rbac"
+.B rootdn	"cn=manager,cn=rbac"
+.B rootpw	{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+.B index	rbacSessid  eq
+.B directory	"/var/openldap/rbacsess"
+.B overlay	dds
+.B dds-default-ttl	3600
+.B dds-max-dynamicObjects	100000
+.B dbnosync
+.B checkpoint	64 5
+.PP
+
+.TP
+2. Audit Database: Stores records that track user's activities.
+.B database	mdb
+.B suffix	"cn=audit"
+.B rootdn	"cn=manager,cn=audit"
+.B rootpw	{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+.B directory	"/var/openldap/rbacaudit"
+.B dbnosync
+.B checkpoint    64 5
+
+.PP
+
+.TP
+3. Config Database: Stores the parameters needed for this overlay to work.
+.B database	mdb
+.B suffix		"dc=rbac"
+.B rootdn		"cn=manager,dc=rbac"
+.B rootpw		{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+.B directory	"/var/openldap/rbacoverlay"
+.B overlay	rbac
+.B rbac-default-tenant-id "example"
+.B rbac-default-users-base-dn "ou=People,dc=example,dc=com"
+.B rbac-default-roles-base-dn "ou=Roles,ou=RBAC,dc=example,dc=com"
+.B rbac-default-permissions-base-dn "ou=Permissions,ou=RBAC,dc=example,dc=com"
+.B rbac-default-sessions-base-dn "cn=rbac"
+.B rbac-default-audit-base-dn "cn=audit"
+.B rbac-admin "cn=manager,dc=example,dc=com"
+.B rbac-pwd "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+.B rbac-session-admin "cn=manager,cn=rbac"
+.B rbac-session-admin-pwd {SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+
+.fi
+.RE
+
+.SH SEE ALSO
+.BR ldap (3),
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapo\-chain (5).
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.BR ldap (3),
+.BR slapd.conf (5),
+.BR slapd\-config (5),
+.BR slapo\-chain (5).
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.UR https://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf
+.UE ANSI INCITS 359 Role-Based Access Control specification
+
+.UR https://github.com/apache/directory-fortress-core/blob/master/README.md
+.UE Apache Fortress README
+
+.UR https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md
+.UE Apache Fortress OpenLDAP Quickstart 
+
+.UR https://github.com/apache/directory-fortress-core/blob/master/ldap/schema/fortress.schema
+.UE Apache Fortress RBAC schema
+
+.SH BUGS
+This overlay is experimental.
+
+.SH ACKNOWLEDGEMENTS
+.P
+This module was written in 2013 by Ted Cheng of Symas Corporation
+with a little help from Matt Hardin, Howard Chu, Shawn McKinney.
+.P
+.so ../Project
diff --git a/contrib/slapd-modules/rbac/util.c b/contrib/slapd-modules/rbac/util.c
new file mode 100644
index 0000000..11a5e54
--- /dev/null
+++ b/contrib/slapd-modules/rbac/util.c
@@ -0,0 +1,531 @@
+/* util.c - RBAC utility */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ */
+
+#include "portable.h"
+
+#include <stdio.h>
+
+#include <ac/ctype.h>
+#include <ac/string.h>
+
+#include "slap.h"
+#include "slap-config.h"
+#include "lutil.h"
+
+#include "rbac.h"
+
+#define DELIMITER '$'
+
+#define SUNDAY 0x01
+#define MONDAY 0x02
+#define TUESDAY 0x04
+#define WEDNESDAY 0x08
+#define THURSDAY 0x10
+#define FRIDAY 0x20
+#define SATURDAY 0x40
+
+#define ALL_WEEK "all"
+
+void
+rbac_free_constraint( rbac_constraint_t *cp )
+{
+	if ( !cp ) return;
+
+	if ( !BER_BVISNULL( &cp->name ) ) {
+		ch_free( cp->name.bv_val );
+	}
+
+	ch_free( cp );
+}
+
+void
+rbac_free_constraints( rbac_constraint_t *constraints )
+{
+	rbac_constraint_t *cp, *tmp;
+
+	if ( !constraints ) return;
+
+	tmp = constraints;
+	while ( tmp ) {
+		cp = tmp->next;
+		rbac_free_constraint( tmp );
+		tmp = cp;
+	}
+
+	return;
+}
+
+rbac_constraint_t *
+rbac_alloc_constraint()
+{
+	rbac_constraint_t *cp = NULL;
+
+	cp = ch_calloc( 1, sizeof(rbac_constraint_t) );
+	return cp;
+}
+
+static int
+is_well_formed_constraint( struct berval *bv )
+{
+	int rc = LDAP_SUCCESS;
+
+	/* assume well-formed role/user-constraints, for the moment */
+
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY, "is_well_formed_constraint: "
+				"rbac role/user constraint not well-formed: %s\n",
+				bv->bv_val );
+	}
+
+	return rc;
+}
+
+/* input contains 4 digits, representing time */
+/* in hhmm format */
+static int
+constraint_parse_time( char *input )
+{
+	int btime;
+	char *ptr = input;
+
+	btime = ( *ptr++ - '0' ) * 12;
+	btime += ( *ptr++ - '0' );
+	btime *= 60; /* turning into mins */
+	btime += ( *ptr++ - '0' ) * 10;
+	btime += ( *ptr++ - '0' );
+	btime *= 60; /* turning into secs */
+
+	return btime;
+}
+
+/* input contains 4 digits, representing year */
+/* in yyyy format */
+static int
+constraint_parse_year( char *input )
+{
+	int i;
+	int year = 0;
+	char *ptr = input;
+
+	for ( i = 0; i <= 3; i++, ptr++ ) {
+		year = year * 10 + *ptr - '0';
+	}
+
+	return year;
+}
+
+/* input contains 2 digits, representing month */
+/* in mm format */
+static int
+constraint_parse_month( char *input )
+{
+	int i;
+	int month = 0;
+	char *ptr = input;
+
+	for ( i = 0; i < 2; i++, ptr++ ) {
+		month = month * 10 + *ptr - '0';
+	}
+
+	return month;
+}
+
+/* input contains 2 digits, representing day in month */
+/* in dd format */
+static int
+constraint_parse_day_in_month( char *input )
+{
+	int i;
+	int day_in_month = 0;
+	char *ptr = input;
+
+	for ( i = 0; i < 2; i++, ptr++ ) {
+		day_in_month = day_in_month * 10 + *ptr - '0';
+	}
+
+	return day_in_month;
+}
+
+rbac_constraint_t *
+rbac_bv2constraint( struct berval *bv )
+{
+	rbac_constraint_t *cp = NULL;
+	int rc = LDAP_SUCCESS;
+	char *ptr, *endp = NULL;
+	int len = 0;
+	int year, month, mday;
+
+	if ( !bv || BER_BVISNULL( bv ) ) goto done;
+
+	rc = is_well_formed_constraint( bv );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	cp = rbac_alloc_constraint();
+	if ( !cp ) {
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* constraint name */
+	ptr = bv->bv_val;
+	endp = ptr;
+	while ( *endp != DELIMITER ) {
+		endp++;
+		len++;
+	}
+
+	if ( len > 0 ) {
+		cp->name.bv_val = ch_malloc( len + 1 );
+		strncpy( cp->name.bv_val, ptr, len );
+		cp->name.bv_val[len] = '\0';
+		cp->name.bv_len = len;
+	} else {
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	/* allowed inactivity period */
+	ptr = endp;
+	endp++;
+	if ( isdigit( *endp ) ) {
+		int secs = 0;
+		while ( isdigit( *endp ) ) {
+			secs = secs * 10 + *endp - '0';
+			endp++;
+		}
+		cp->allowed_inactivity = secs;
+	} else if ( *endp != DELIMITER ) {
+		rc = LDAP_OTHER;
+		goto done;
+	}
+
+	ptr = endp;
+	endp = ptr + 1;
+
+	/* begin time */
+	if ( isdigit( *endp ) ) {
+		cp->begin_time = constraint_parse_time( endp );
+		while ( isdigit( *endp ) )
+			endp++;
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* end time */
+	if ( isdigit( *endp ) ) {
+		cp->end_time = constraint_parse_time( endp );
+		while ( isdigit( *endp ) )
+			endp++;
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* begin year/month/day_in_month */
+	if ( isdigit( *endp ) ) {
+		lutil_tm tm;
+		year = constraint_parse_year( endp );
+		endp += 4;
+		month = constraint_parse_month( endp );
+		endp += 2;
+		mday = constraint_parse_day_in_month( endp );
+		endp += 2;
+
+		tm.tm_year = year - 1900;
+		tm.tm_mon = month - 1;
+		tm.tm_mday = mday;
+		tm.tm_sec = 0;
+		tm.tm_min = 0;
+		tm.tm_hour = 0;
+
+		lutil_tm2time( &tm, &cp->begin_date );
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* end year/month/day_in_month */
+	if ( isdigit( *endp ) ) {
+		lutil_tm tm;
+		year = constraint_parse_year( endp );
+		endp += 4;
+		month = constraint_parse_month( endp );
+		endp += 2;
+		mday = constraint_parse_day_in_month( endp );
+		endp += 2;
+
+		tm.tm_year = year - 1900;
+		tm.tm_mon = month - 1;
+		tm.tm_mday = mday;
+		tm.tm_sec = 0;
+		tm.tm_min = 0;
+		tm.tm_hour = 0;
+
+		lutil_tm2time( &tm, &cp->end_date );
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* begin lock year/month/day_in_month */
+	if ( isdigit( *endp ) ) {
+		lutil_tm tm;
+		year = constraint_parse_year( endp );
+		endp += 4;
+		month = constraint_parse_month( endp );
+		endp += 2;
+		mday = constraint_parse_day_in_month( endp );
+		endp += 2;
+
+		tm.tm_year = year - 1900;
+		tm.tm_mon = month - 1;
+		tm.tm_mday = mday;
+		tm.tm_sec = 0;
+		tm.tm_min = 0;
+		tm.tm_hour = 0;
+
+		lutil_tm2time( &tm, &cp->begin_lock_date );
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* end lock year/month/day_in_month */
+	if ( isdigit( *endp ) ) {
+		lutil_tm tm;
+
+		year = constraint_parse_year( endp );
+		endp += 4;
+		month = constraint_parse_month( endp );
+		endp += 2;
+		mday = constraint_parse_day_in_month( endp );
+		endp += 2;
+
+		tm.tm_year = year - 1900;
+		tm.tm_mon = month - 1;
+		tm.tm_mday = mday;
+		tm.tm_sec = 0;
+		tm.tm_min = 0;
+		tm.tm_hour = 0;
+
+		lutil_tm2time( &tm, &cp->end_lock_date );
+	}
+
+	ptr = endp;
+	while ( *ptr != DELIMITER )
+		ptr++;
+	endp = ptr + 1;
+
+	/* dayMask */
+
+	/* allow "all" to mean the entire week */
+	if ( strncasecmp( endp, ALL_WEEK, strlen( ALL_WEEK ) ) == 0 ) {
+		cp->day_mask = SUNDAY | MONDAY | TUESDAY | WEDNESDAY | THURSDAY |
+				FRIDAY | SATURDAY;
+	}
+
+	while ( *endp && isdigit( *endp ) ) {
+		switch ( *endp - '0' ) {
+			case 1:
+				cp->day_mask |= SUNDAY;
+				break;
+			case 2:
+				cp->day_mask |= MONDAY;
+				break;
+			case 3:
+				cp->day_mask |= TUESDAY;
+				break;
+			case 4:
+				cp->day_mask |= WEDNESDAY;
+				break;
+			case 5:
+				cp->day_mask |= THURSDAY;
+				break;
+			case 6:
+				cp->day_mask |= FRIDAY;
+				break;
+			case 7:
+				cp->day_mask |= SATURDAY;
+				break;
+			default:
+				/* should not be here */
+				rc = LDAP_OTHER;
+				goto done;
+		}
+		endp++;
+	}
+
+done:;
+	if ( rc != LDAP_SUCCESS ) {
+		rbac_free_constraint( cp );
+		cp = NULL;
+	}
+
+	return cp;
+}
+
+static int
+constraint_day_of_week( rbac_constraint_t *cp, int wday )
+{
+	int rc = LDAP_UNWILLING_TO_PERFORM;
+
+	/* assumption: Monday is 1st day of a week */
+	switch ( wday ) {
+		case 1:
+			if ( !(cp->day_mask & MONDAY) ) goto done;
+			break;
+		case 2:
+			if ( !(cp->day_mask & TUESDAY) ) goto done;
+			break;
+		case 3:
+			if ( !(cp->day_mask & WEDNESDAY) ) goto done;
+			break;
+		case 4:
+			if ( !(cp->day_mask & THURSDAY) ) goto done;
+			break;
+		case 5:
+			if ( !(cp->day_mask & FRIDAY) ) goto done;
+			break;
+		case 6:
+			if ( !(cp->day_mask & SATURDAY) ) goto done;
+			break;
+		case 0:
+		case 7:
+			if ( !(cp->day_mask & SUNDAY) ) goto done;
+			break;
+		default:
+			/* should not be here */
+			goto done;
+	}
+
+	rc = LDAP_SUCCESS;
+
+done:;
+	return rc;
+}
+
+int
+rbac_check_time_constraint( rbac_constraint_t *cp )
+{
+	int rc = LDAP_UNWILLING_TO_PERFORM;
+	time_t now;
+	struct tm result, *resultp;
+
+	now = slap_get_time();
+
+	/*
+	 * does slapd support day-of-week (wday)?
+	 * using native routine for now.
+	 * Win32's gmtime call is already thread-safe, to the _r
+	 * decorator is unneeded.
+	 */
+#ifdef _WIN32
+	resultp = gmtime( &now );
+#else
+	resultp = gmtime_r( &now, &result );
+#endif
+	if ( !resultp ) goto done;
+#if 0
+	timestamp.bv_val = timebuf;
+	timestamp.bv_len = sizeof(timebuf);
+	slap_timestamp(&now, &timestamp);
+	lutil_parsetime(timestamp.bv_val, &now_tm);
+	lutil_tm2time(&now_tm, &now_tt);
+#endif
+
+	if ( ( cp->begin_date.tt_sec > 0 && cp->begin_date.tt_sec > now ) ||
+			( cp->end_date.tt_sec > 0 && cp->end_date.tt_sec < now ) ) {
+		/* not within allowed time period */
+		goto done;
+	}
+
+	/* allowed time period during a day */
+	if ( cp->begin_time > 0 && cp->end_time > 0 ) {
+		int timeofday = ( resultp->tm_hour * 60 + resultp->tm_min ) * 60 +
+				resultp->tm_sec;
+		if ( timeofday < cp->begin_time || timeofday > cp->end_time ) {
+			/* not within allowed time period in a day */
+			goto done;
+		}
+	}
+
+	/* allowed day in a week */
+	if ( cp->day_mask > 0 ) {
+		rc = constraint_day_of_week( cp, resultp->tm_wday );
+		if ( rc != LDAP_SUCCESS ) goto done;
+	}
+
+	/* during lock-out period? */
+	if ( ( cp->begin_lock_date.tt_sec > 0 &&
+				 cp->begin_lock_date.tt_sec < now ) &&
+			( cp->end_lock_date.tt_sec > 0 &&
+					cp->end_lock_date.tt_sec > now ) ) {
+		/* within locked out period */
+		rc = LDAP_UNWILLING_TO_PERFORM;
+		goto done;
+	}
+
+	/* passed all tests */
+	rc = LDAP_SUCCESS;
+
+done:;
+	return rc;
+}
+
+rbac_constraint_t *
+rbac_role2constraint( struct berval *role, rbac_constraint_t *role_constraints )
+{
+	rbac_constraint_t *cp = NULL;
+
+	if ( !role_constraints || !role ) goto done;
+
+	cp = role_constraints;
+	while ( cp ) {
+		if ( ber_bvstrcasecmp( role, &cp->name ) == 0 ) {
+			/* found the role constraint */
+			goto done;
+		}
+		cp = cp->next;
+	}
+
+done:;
+	return cp;
+}
+
+void
+rbac_to_lower( struct berval *bv )
+{
+	// convert the berval to lower case:
+	int i;
+	for ( i = 0; i < bv->bv_len; i++ ) {
+		bv->bv_val[i] = tolower( bv->bv_val[i] );
+	}
+}
diff --git a/contrib/slapd-modules/samba4/Makefile b/contrib/slapd-modules/samba4/Makefile
new file mode 100644
index 0000000..f53d130
--- /dev/null
+++ b/contrib/slapd-modules/samba4/Makefile
@@ -0,0 +1,68 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_RDNVAL=SLAPD_MOD_DYNAMIC \
+	-DSLAPD_OVER_PGUID=SLAPD_MOD_DYNAMIC \
+	-DSLAPD_OVER_VERNUM=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = pguid.la rdnval.la vernum.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+pguid.la: pguid.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+rdnval.la: rdnval.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+vernum.la: vernum.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/samba4/README b/contrib/slapd-modules/samba4/README
new file mode 100644
index 0000000..65745b1
--- /dev/null
+++ b/contrib/slapd-modules/samba4/README
@@ -0,0 +1,72 @@
+# $OpenLDAP$
+
+This directory contains slapd overlays specific to samba4 LDAP backend:
+
+	- pguid (not used)
+	- rdnval (under evaluation)
+	- vernum (under evaluation)
+
+
+  - PGUID
+
+This overlay maintains the operational attribute "parentUUID".  It contains
+the entryUUID of the parent entry.  This overlay is not being considered
+right now.
+
+
+  - RDNVAL
+
+This overlay maintains the operational attribute "rdnValue".  It contains
+the value of the entry's RDN.  This attribute is defined by the overlay
+itself as
+
+	( 1.3.6.1.4.1.4203.666.1.58
+		NAME 'rdnValue'
+		DESC 'the value of the naming attributes'
+		SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+		EQUALITY caseIgnoreMatch
+		USAGE dSAOperation
+		NO-USER-MODIFICATION )
+
+under OpenLDAP's development OID arc.  This OID is temporary.
+
+To use the overlay, add:
+
+	moduleload <path to>rdnval.so
+	...
+
+	database <whatever>
+	...
+	overlay rdnval
+
+to your slapd configuration file.  An instance is required for each database
+that needs to maintain this attribute.
+
+
+  - VERNUM
+
+This overlay increments a counter any time an attribute is modified.
+It is intended to increment the counter 'msDS-KeyVersionNumber' when
+the attribute 'unicodePwd' is modified.
+ 
+
+These overlays are only set up to be built as a dynamically loaded modules.
+On most platforms, in order for the modules to be usable, all of the 
+library dependencies must also be available as shared libraries.
+
+If you need to build the overlays statically, you will have to move them
+into the slapd/overlays directory and edit the Makefile and overlays.c
+to reference them. 
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+Copyright 2009-2022 The OpenLDAP Foundation.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/samba4/pguid.c b/contrib/slapd-modules/samba4/pguid.c
new file mode 100644
index 0000000..4b0b066
--- /dev/null
+++ b/contrib/slapd-modules/samba4/pguid.c
@@ -0,0 +1,460 @@
+/* pguid.c - Parent GUID value overlay */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_PGUID
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "slap.h"
+#include "slap-config.h"
+
+#include "lutil.h"
+
+/*
+ * Maintain an attribute (parentUUID) that contains the value
+ * of the entryUUID of the parent entry (used by Samba4)
+ */
+
+static AttributeDescription	*ad_parentUUID;
+
+static slap_overinst 		pguid;
+
+static int
+pguid_op_add( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+	struct berval pdn, pndn;
+	Entry *e = NULL;
+	Attribute *a;
+	int rc;
+
+	/* don't care about suffix entry */
+	if ( dn_match( &op->o_req_ndn, &op->o_bd->be_nsuffix[0] ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	dnParent( &op->o_req_dn, &pdn );
+	dnParent( &op->o_req_ndn, &pndn );
+
+	rc = overlay_entry_get_ov( op, &pndn, NULL, slap_schema.si_ad_entryUUID, 0, &e, on );
+	if ( rc != LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_op_add: unable to get parent entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, pdn.bv_val, rc );
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+	if ( a == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_op_add: unable to find entryUUID of parent entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, pdn.bv_val, rc );
+		
+	} else {
+		assert( a->a_numvals == 1 );
+
+		if ( op->ora_e != NULL ) {
+			attr_merge_one( op->ora_e, ad_parentUUID, &a->a_vals[0], a->a_nvals == a->a_vals ? NULL : &a->a_nvals[0] );
+		
+		} else {
+			Modifications *ml;
+			Modifications *mod;
+
+			assert( op->ora_modlist != NULL );
+
+			for ( ml = op->ora_modlist; ml != NULL; ml = ml->sml_next ) {
+				if ( ml->sml_mod.sm_desc == slap_schema.si_ad_entryUUID ) {
+					break;
+				}
+			}
+
+			if ( ml == NULL ) {
+				ml = op->ora_modlist;
+			}
+
+			mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+			mod->sml_flags = SLAP_MOD_INTERNAL;
+			mod->sml_op = LDAP_MOD_ADD;
+			mod->sml_desc = ad_parentUUID;
+			mod->sml_type = ad_parentUUID->ad_cname;
+			mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
+			mod->sml_nvalues = NULL;
+			mod->sml_numvals = 1;
+
+			ber_dupbv( &mod->sml_values[0], &a->a_vals[0] );
+			BER_BVZERO( &mod->sml_values[1] );
+
+			mod->sml_next = ml->sml_next;
+			ml->sml_next = mod;
+		}
+	}
+
+	if ( e != NULL ) {
+		(void)overlay_entry_release_ov( op, e, 0, on );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+pguid_op_rename( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+	Entry *e = NULL;
+	Attribute *a;
+	int rc;
+
+	if ( op->orr_nnewSup == NULL ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	rc = overlay_entry_get_ov( op, op->orr_nnewSup, NULL, slap_schema.si_ad_entryUUID, 0, &e, on );
+	if ( rc != LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_op_rename: unable to get newSuperior entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, op->orr_newSup->bv_val, rc );
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+	if ( a == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_op_rename: unable to find entryUUID of newSuperior entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, op->orr_newSup->bv_val, rc );
+		
+	} else {
+		Modifications *mod;
+
+		assert( a->a_numvals == 1 );
+
+		mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+		mod->sml_flags = SLAP_MOD_INTERNAL;
+		mod->sml_op = LDAP_MOD_REPLACE;
+		mod->sml_desc = ad_parentUUID;
+		mod->sml_type = ad_parentUUID->ad_cname;
+		mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
+		mod->sml_nvalues = NULL;
+		mod->sml_numvals = 1;
+
+		ber_dupbv( &mod->sml_values[0], &a->a_vals[0] );
+		BER_BVZERO( &mod->sml_values[1] );
+
+		mod->sml_next = op->orr_modlist;
+		op->orr_modlist = mod;
+	}
+
+	if ( e != NULL ) {
+		(void)overlay_entry_release_ov( op, e, 0, on );
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+pguid_db_init(
+	BackendDB	*be,
+	ConfigReply	*cr)
+{
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"pguid_db_init: pguid cannot be used as global overlay.\n" );
+		return 1;
+	}
+
+	if ( be->be_nsuffix == NULL ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"pguid_db_init: database must have suffix\n" );
+		return 1;
+	}
+
+	if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"pguid_db_init: missing rootdn for database DN=\"%s\", YMMV\n",
+			be->be_suffix[ 0 ].bv_val );
+	}
+
+	return 0;
+}
+
+typedef struct pguid_mod_t {
+	struct berval ndn;
+	struct berval pguid;
+	struct pguid_mod_t *next;
+} pguid_mod_t;
+
+typedef struct {
+	slap_overinst *on;
+	pguid_mod_t *mods;
+} pguid_repair_cb_t;
+
+static int
+pguid_repair_cb( Operation *op, SlapReply *rs )
+{
+	int rc;
+	pguid_repair_cb_t *pcb = op->o_callback->sc_private;
+	Entry *e = NULL;
+	Attribute *a;
+	struct berval pdn, pndn;
+
+	switch ( rs->sr_type ) {
+	case REP_SEARCH:
+		break;
+
+	case REP_SEARCHREF:
+	case REP_RESULT:
+		return rs->sr_err;
+
+	default:
+		assert( 0 );
+	}
+
+	assert( rs->sr_entry != NULL );
+
+	dnParent( &rs->sr_entry->e_name, &pdn );
+	dnParent( &rs->sr_entry->e_nname, &pndn );
+
+	rc = overlay_entry_get_ov( op, &pndn, NULL, slap_schema.si_ad_entryUUID, 0, &e, pcb->on );
+	if ( rc != LDAP_SUCCESS || e == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_repair_cb: unable to get parent entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, pdn.bv_val, rc );
+		return 0;
+	}
+
+	a = attr_find( e->e_attrs, slap_schema.si_ad_entryUUID );
+	if ( a == NULL ) {
+		Debug( LDAP_DEBUG_ANY, "%s: pguid_repair_cb: unable to find entryUUID of parent entry DN=\"%s\" (%d)\n",
+			op->o_log_prefix, pdn.bv_val, rc );
+		
+	} else {
+		ber_len_t len;
+		pguid_mod_t *mod;
+
+		assert( a->a_numvals == 1 );
+
+		len = sizeof( pguid_mod_t ) + rs->sr_entry->e_nname.bv_len + 1 + a->a_vals[0].bv_len + 1;
+		mod = op->o_tmpalloc( len, op->o_tmpmemctx );
+		mod->ndn.bv_len = rs->sr_entry->e_nname.bv_len;
+		mod->ndn.bv_val = (char *)&mod[1];
+		mod->pguid.bv_len = a->a_vals[0].bv_len;
+		mod->pguid.bv_val = (char *)&mod->ndn.bv_val[mod->ndn.bv_len + 1];
+		lutil_strncopy( mod->ndn.bv_val, rs->sr_entry->e_nname.bv_val, rs->sr_entry->e_nname.bv_len );
+		lutil_strncopy( mod->pguid.bv_val, a->a_vals[0].bv_val, a->a_vals[0].bv_len );
+
+		mod->next = pcb->mods;
+		pcb->mods = mod;
+
+		Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair_cb: scheduling entry DN=\"%s\" for repair\n",
+			op->o_log_prefix, rs->sr_entry->e_name.bv_val );
+	}
+
+	if ( e != NULL ) {
+		(void)overlay_entry_release_ov( op, e, 0, pcb->on );
+	}
+
+	return 0;
+}
+
+static int
+pguid_repair( BackendDB *be )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	void *ctx = ldap_pvt_thread_pool_context();
+	Connection conn = { 0 };
+	OperationBuffer opbuf;
+	Operation *op;
+	slap_callback sc = { 0 };
+	pguid_repair_cb_t pcb = { 0 };
+	SlapReply rs = { REP_RESULT };
+	pguid_mod_t *pmod;
+	int nrepaired = 0;
+
+	connection_fake_init2( &conn, &opbuf, ctx, 0 );
+	op = &opbuf.ob_op;
+
+	op->o_tag = LDAP_REQ_SEARCH;
+	memset( &op->oq_search, 0, sizeof( op->oq_search ) );
+
+	op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
+
+	op->o_req_dn = op->o_bd->be_suffix[ 0 ];
+	op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
+
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	op->ors_scope = LDAP_SCOPE_SUBORDINATE;
+	op->ors_tlimit = SLAP_NO_LIMIT;
+	op->ors_slimit = SLAP_NO_LIMIT;
+	op->ors_attrs = slap_anlist_no_attrs;
+
+	op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_parentUUID->ad_cname.bv_len;
+	op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+	snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
+		"(!(%s=*))", ad_parentUUID->ad_cname.bv_val );
+
+	op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
+	if ( op->ors_filter == NULL ) {
+		rs.sr_err = LDAP_OTHER;
+		goto done_search;
+	}
+	
+	op->o_callback = &sc;
+	sc.sc_response = pguid_repair_cb;
+	sc.sc_private = &pcb;
+	pcb.on = on;
+
+	(void)op->o_bd->bd_info->bi_op_search( op, &rs );
+
+	op->o_tag = LDAP_REQ_MODIFY;
+	sc.sc_response = slap_null_cb;
+	sc.sc_private = NULL;
+	memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
+
+	for ( pmod = pcb.mods; pmod != NULL; ) {
+		pguid_mod_t *pnext;
+
+		Modifications *mod;
+		SlapReply rs2 = { REP_RESULT };
+
+		mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+		mod->sml_flags = SLAP_MOD_INTERNAL;
+		mod->sml_op = LDAP_MOD_REPLACE;
+		mod->sml_desc = ad_parentUUID;
+		mod->sml_type = ad_parentUUID->ad_cname;
+		mod->sml_values = ch_malloc( sizeof( struct berval ) * 2 );
+		mod->sml_nvalues = NULL;
+		mod->sml_numvals = 1;
+		mod->sml_next = NULL;
+
+		ber_dupbv( &mod->sml_values[0], &pmod->pguid );
+		BER_BVZERO( &mod->sml_values[1] );
+
+		op->o_req_dn = pmod->ndn;
+		op->o_req_ndn = pmod->ndn;
+
+		op->orm_modlist = mod;
+		op->o_bd->be_modify( op, &rs2 );
+		slap_mods_free( op->orm_modlist, 1 );
+		if ( rs2.sr_err == LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "%s: pguid_repair: entry DN=\"%s\" repaired\n",
+				op->o_log_prefix, pmod->ndn.bv_val );
+			nrepaired++;
+
+		} else {
+			Debug( LDAP_DEBUG_ANY, "%s: pguid_repair: entry DN=\"%s\" repair failed (%d)\n",
+				op->o_log_prefix, pmod->ndn.bv_val, rs2.sr_err );
+		}
+
+		pnext = pmod->next;
+		op->o_tmpfree( pmod, op->o_tmpmemctx );
+		pmod = pnext;
+	}
+
+done_search:;
+	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	filter_free_x( op, op->ors_filter, 1 );
+
+	Log( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
+		"pguid: repaired=%d\n", nrepaired );
+
+	return rs.sr_err;
+}
+
+/* search all entries without parentUUID; "repair" them */
+static int
+pguid_db_open(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	if ( SLAP_SINGLE_SHADOW( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"pguid incompatible with shadow database \"%s\".\n",
+			be->be_suffix[ 0 ].bv_val );
+		return 1;
+	}
+
+	pguid_repair( be );
+
+	return 0;
+}
+
+static struct {
+	char	*desc;
+	AttributeDescription **adp;
+} as[] = {
+	{ "( 1.3.6.1.4.1.4203.666.1.59 "
+		"NAME 'parentUUID' "
+		"DESC 'the value of the entryUUID of the parent' "
+		"EQUALITY UUIDMatch "
+		"ORDERING UUIDOrderingMatch "
+		"SYNTAX 1.3.6.1.1.16.1 "
+		"USAGE dSAOperation "
+		"SINGLE-VALUE "
+		"NO-USER-MODIFICATION " 
+		")",
+		&ad_parentUUID },
+	{ NULL }
+};
+
+int
+pguid_initialize(void)
+{
+	int code, i;
+
+	for ( i = 0; as[ i ].desc != NULL; i++ ) {
+		code = register_at( as[ i ].desc, as[ i ].adp, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"pguid_initialize: register_at #%d failed\n",
+				i );
+			return code;
+		}
+
+		/* Allow Manager to set these as needed */
+		if ( is_at_no_user_mod( (*as[ i ].adp)->ad_type ) ) {
+			(*as[ i ].adp)->ad_type->sat_flags |=
+				SLAP_AT_MANAGEABLE;
+		}
+	}
+
+	pguid.on_bi.bi_type = "pguid";
+
+	pguid.on_bi.bi_op_add = pguid_op_add;
+	pguid.on_bi.bi_op_modrdn = pguid_op_rename;
+
+	pguid.on_bi.bi_db_init = pguid_db_init;
+	pguid.on_bi.bi_db_open = pguid_db_open;
+
+	return overlay_register( &pguid );
+}
+
+#if SLAPD_OVER_PGUID == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return pguid_initialize();
+}
+#endif /* SLAPD_OVER_PGUID == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_PGUID */
diff --git a/contrib/slapd-modules/samba4/rdnval.c b/contrib/slapd-modules/samba4/rdnval.c
new file mode 100644
index 0000000..dfe0e47
--- /dev/null
+++ b/contrib/slapd-modules/samba4/rdnval.c
@@ -0,0 +1,657 @@
+/* rdnval.c - RDN value overlay */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_RDNVAL
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "slap.h"
+#include "slap-config.h"
+
+#include "lutil.h"
+
+/*
+ * Maintain an attribute (rdnValue) that contains the values of each AVA
+ * that builds up the RDN of an entry.  This is required for interoperation
+ * with Samba4.  It mimics the "name" attribute provided by Active Directory.
+ * The naming attributes must be directoryString-valued, or compatible.
+ * For example, IA5String values are cast into directoryString unless
+ * consisting of the empty string ("").
+ */
+
+static AttributeDescription	*ad_rdnValue;
+static Syntax			*syn_IA5String;
+
+static slap_overinst 		rdnval;
+
+static int
+rdnval_is_valid( AttributeDescription *desc, struct berval *value )
+{
+	if ( desc->ad_type->sat_syntax == slap_schema.si_syn_directoryString ) {
+		return 1;
+	}
+
+	if ( desc->ad_type->sat_syntax == syn_IA5String
+		&& !BER_BVISEMPTY( value ) )
+	{
+		return 1;
+	}
+
+	return 0;
+}
+
+static int
+rdnval_unique_check_cb( Operation *op, SlapReply *rs )
+{
+	if ( rs->sr_type == REP_SEARCH ) {
+		int *p = (int *)op->o_callback->sc_private;
+		(*p)++;
+	}
+
+	return 0;
+}
+
+static int
+rdnval_unique_check( Operation *op, BerVarray vals )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+
+	BackendDB db = *op->o_bd;
+	Operation op2 = *op;
+	SlapReply rs2 = { 0 };
+	int i;
+	BerVarray fvals;
+	char *ptr;
+	int gotit = 0;
+	slap_callback cb = { 0 };
+
+	/* short-circuit attempts to add suffix entry */
+	if ( op->o_tag == LDAP_REQ_ADD
+		&& be_issuffix( op->o_bd, &op->o_req_ndn ) )
+	{
+		return LDAP_SUCCESS;
+	}
+
+	op2.o_bd = &db;
+	op2.o_bd->bd_info = (BackendInfo *)on->on_info;
+	op2.o_tag = LDAP_REQ_SEARCH;
+	op2.o_dn = op->o_bd->be_rootdn;
+	op2.o_ndn = op->o_bd->be_rootndn;
+	op2.o_callback = &cb;
+	cb.sc_response = rdnval_unique_check_cb;
+	cb.sc_private = (void *)&gotit;
+
+	dnParent( &op->o_req_ndn, &op2.o_req_dn );
+	op2.o_req_ndn = op2.o_req_dn;
+
+	op2.ors_limit = NULL;
+	op2.ors_slimit = 1;
+	op2.ors_tlimit = SLAP_NO_LIMIT;
+	op2.ors_attrs = slap_anlist_no_attrs;
+	op2.ors_attrsonly = 1;
+	op2.ors_deref = LDAP_DEREF_NEVER;
+	op2.ors_scope = LDAP_SCOPE_ONELEVEL;
+
+	for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ )
+		/* just count */ ;
+
+	fvals = op->o_tmpcalloc( sizeof( struct berval ), i + 1,
+		op->o_tmpmemctx );
+
+	op2.ors_filterstr.bv_len = 0;
+	if ( i > 1 ) {
+		op2.ors_filterstr.bv_len = STRLENOF( "(&)" );
+	}
+
+	for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) {
+		ldap_bv2escaped_filter_value_x( &vals[ i ], &fvals[ i ],
+			1, op->o_tmpmemctx );
+		op2.ors_filterstr.bv_len += ad_rdnValue->ad_cname.bv_len
+			+ fvals[ i ].bv_len + STRLENOF( "(=)" );
+	}
+
+	op2.ors_filterstr.bv_val = op->o_tmpalloc( op2.ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+
+	ptr = op2.ors_filterstr.bv_val;
+	if ( i > 1 ) {
+		ptr = lutil_strcopy( ptr, "(&" );
+	}
+	for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) {
+		*ptr++ = '(';
+		ptr = lutil_strncopy( ptr, ad_rdnValue->ad_cname.bv_val, ad_rdnValue->ad_cname.bv_len );
+		*ptr++ = '=';
+		ptr = lutil_strncopy( ptr, fvals[ i ].bv_val, fvals[ i ].bv_len );
+		*ptr++ = ')';
+	}
+
+	if ( i > 1 ) {
+		*ptr++ = ')';
+	}
+	*ptr = '\0';
+
+	assert( ptr == op2.ors_filterstr.bv_val + op2.ors_filterstr.bv_len );
+	op2.ors_filter = str2filter_x( op, op2.ors_filterstr.bv_val );
+	assert( op2.ors_filter != NULL );
+
+	(void)op2.o_bd->be_search( &op2, &rs2 );
+
+	filter_free_x( op, op2.ors_filter, 1 );
+	op->o_tmpfree( op2.ors_filterstr.bv_val, op->o_tmpmemctx );
+	for ( i = 0; !BER_BVISNULL( &vals[ i ] ); i++ ) {
+		if ( vals[ i ].bv_val != fvals[ i ].bv_val ) {
+			op->o_tmpfree( fvals[ i ].bv_val, op->o_tmpmemctx );
+		}
+	}
+	op->o_tmpfree( fvals, op->o_tmpmemctx );
+
+	if ( rs2.sr_err != LDAP_SUCCESS || gotit > 0 ) {
+		return LDAP_CONSTRAINT_VIOLATION;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+rdnval_rdn2vals(
+	Operation *op,
+	SlapReply *rs,
+	struct berval *dn,
+	struct berval *ndn,
+	BerVarray *valsp,
+	BerVarray *nvalsp,
+	int *numvalsp )
+{
+	LDAPRDN rdn = NULL, nrdn = NULL;
+	int nAVA, i;
+
+	assert( *valsp == NULL );
+	assert( *nvalsp == NULL );
+
+	*numvalsp = 0;
+
+	if ( ldap_bv2rdn_x( dn, &rdn, (char **)&rs->sr_text,
+		LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+	{
+		Debug( LDAP_DEBUG_TRACE,
+			"%s rdnval: can't figure out "
+			"type(s)/value(s) of rdn DN=\"%s\"\n",
+			op->o_log_prefix, dn->bv_val );
+		rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+		rs->sr_text = "unknown type(s) used in RDN";
+
+		goto done;
+	}
+
+	if ( ldap_bv2rdn_x( ndn, &nrdn,
+		(char **)&rs->sr_text, LDAP_DN_FORMAT_LDAP, op->o_tmpmemctx ) )
+	{
+		Debug( LDAP_DEBUG_TRACE,
+			"%s rdnval: can't figure out "
+			"type(s)/value(s) of normalized rdn DN=\"%s\"\n",
+			op->o_log_prefix, ndn->bv_val );
+		rs->sr_err = LDAP_INVALID_DN_SYNTAX;
+		rs->sr_text = "unknown type(s) used in RDN";
+
+		goto done;
+	}
+
+	for ( nAVA = 0; rdn[ nAVA ]; nAVA++ )
+		/* count'em */ ;
+
+	/* NOTE: we assume rdn and nrdn contain the same AVAs! */
+
+	*valsp = ch_calloc( sizeof( struct berval ), nAVA + 1 );
+	*nvalsp = ch_calloc( sizeof( struct berval ), nAVA + 1 );
+
+	/* Add new attribute values to the entry */
+	for ( i = 0; rdn[ i ]; i++ ) {
+		AttributeDescription	*desc = NULL;
+
+		rs->sr_err = slap_bv2ad( &rdn[ i ]->la_attr,
+			&desc, &rs->sr_text );
+
+		if ( rs->sr_err != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE,
+				"%s rdnval: %s: %s\n",
+				op->o_log_prefix,
+				rs->sr_text, 
+				rdn[ i ]->la_attr.bv_val );
+			goto done;
+		}
+
+		if ( !rdnval_is_valid( desc, &rdn[ i ]->la_value ) ) {
+			Debug( LDAP_DEBUG_TRACE,
+				"%s rdnval: syntax of naming attribute '%s' "
+				"not compatible with directoryString",
+				op->o_log_prefix, rdn[ i ]->la_attr.bv_val );
+			continue;
+		}
+
+		if ( value_find_ex( desc,
+				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
+					SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+				*nvalsp,
+				&nrdn[ i ]->la_value,
+				op->o_tmpmemctx )
+			== LDAP_NO_SUCH_ATTRIBUTE )
+		{
+			ber_dupbv( &(*valsp)[ *numvalsp ], &rdn[ i ]->la_value );
+			ber_dupbv( &(*nvalsp)[ *numvalsp ], &nrdn[ i ]->la_value );
+
+			(*numvalsp)++;
+		}
+	}
+
+	if ( rdnval_unique_check( op, *valsp ) != LDAP_SUCCESS ) {
+		rs->sr_err = LDAP_CONSTRAINT_VIOLATION;
+		rs->sr_text = "rdnValue not unique within siblings";
+		goto done;
+	}
+
+done:;
+	if ( rdn != NULL ) {
+		ldap_rdnfree_x( rdn, op->o_tmpmemctx );
+	}
+
+	if ( nrdn != NULL ) {
+		ldap_rdnfree_x( nrdn, op->o_tmpmemctx );
+	}
+
+	if ( rs->sr_err != LDAP_SUCCESS ) {
+		if ( *valsp != NULL ) {
+			ber_bvarray_free( *valsp );
+			ber_bvarray_free( *nvalsp );
+			*valsp = NULL;
+			*nvalsp = NULL;
+			*numvalsp = 0;
+		}
+	}
+
+	return rs->sr_err;
+}
+
+static int
+rdnval_op_add( Operation *op, SlapReply *rs )
+{
+	Attribute *a, **ap;
+	int numvals = 0;
+	BerVarray vals = NULL, nvals = NULL;
+	int rc;
+
+	/* NOTE: should we accept an entry still in mods format? */
+	assert( op->ora_e != NULL );
+
+	if ( BER_BVISEMPTY( &op->ora_e->e_nname ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_find( op->ora_e->e_attrs, ad_rdnValue );
+	if ( a != NULL ) {
+		/* TODO: check consistency? */
+		return SLAP_CB_CONTINUE;
+	}
+
+	rc = rdnval_rdn2vals( op, rs, &op->ora_e->e_name, &op->ora_e->e_nname,
+		&vals, &nvals, &numvals );
+	if ( rc != LDAP_SUCCESS ) {
+		send_ldap_result( op, rs );
+	}
+
+	a = attr_alloc( ad_rdnValue );
+
+	a->a_vals = vals;
+	a->a_nvals = nvals;
+	a->a_numvals = numvals;
+
+	for ( ap = &op->ora_e->e_attrs; *ap != NULL; ap = &(*ap)->a_next )
+		/* goto tail */ ;
+
+	*ap = a;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rdnval_op_rename( Operation *op, SlapReply *rs )
+{
+	Modifications *ml, **mlp;
+	int numvals = 0;
+	BerVarray vals = NULL, nvals = NULL;
+	struct berval old;
+	int rc;
+
+	dnRdn( &op->o_req_ndn, &old );
+	if ( dn_match( &old, &op->orr_nnewrdn ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	rc = rdnval_rdn2vals( op, rs, &op->orr_newrdn, &op->orr_nnewrdn,
+		&vals, &nvals, &numvals );
+	if ( rc != LDAP_SUCCESS ) {
+		send_ldap_result( op, rs );
+	}
+
+	ml = ch_calloc( sizeof( Modifications ), 1 );
+	ml->sml_values = vals;
+	ml->sml_nvalues = nvals;
+
+	ml->sml_numvals = numvals;
+
+	ml->sml_op = LDAP_MOD_REPLACE;
+	ml->sml_flags = SLAP_MOD_INTERNAL;
+	ml->sml_desc = ad_rdnValue;
+	ml->sml_type = ad_rdnValue->ad_cname;
+
+	for ( mlp = &op->orr_modlist; *mlp != NULL; mlp = &(*mlp)->sml_next )
+		/* goto tail */ ;
+
+	*mlp = ml;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+rdnval_db_init(
+	BackendDB	*be,
+	ConfigReply	*cr)
+{
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"rdnval_db_init: rdnval cannot be used as global overlay.\n" );
+		return 1;
+	}
+
+	if ( be->be_nsuffix == NULL ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"rdnval_db_init: database must have suffix\n" );
+		return 1;
+	}
+
+	if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"rdnval_db_init: missing rootdn for database DN=\"%s\", YMMV\n",
+			be->be_suffix[ 0 ].bv_val );
+	}
+
+	return 0;
+}
+
+typedef struct rdnval_mod_t {
+	struct berval ndn;
+	BerVarray vals;
+	BerVarray nvals;
+	int numvals;
+	struct rdnval_mod_t *next;
+} rdnval_mod_t;
+
+typedef struct {
+	BackendDB *bd;
+	rdnval_mod_t *mods;
+} rdnval_repair_cb_t;
+
+static int
+rdnval_repair_cb( Operation *op, SlapReply *rs )
+{
+	int rc;
+	rdnval_repair_cb_t *rcb = op->o_callback->sc_private;
+	rdnval_mod_t *mod;
+	BerVarray vals = NULL, nvals = NULL;
+	int numvals = 0;
+	ber_len_t len;
+	BackendDB *save_bd = op->o_bd;
+
+	switch ( rs->sr_type ) {
+	case REP_SEARCH:
+		break;
+
+	case REP_SEARCHREF:
+	case REP_RESULT:
+		return rs->sr_err;
+
+	default:
+		assert( 0 );
+	}
+
+	assert( rs->sr_entry != NULL );
+
+	op->o_bd = rcb->bd;
+	rc = rdnval_rdn2vals( op, rs, &rs->sr_entry->e_name, &rs->sr_entry->e_nname,
+		&vals, &nvals, &numvals );
+	op->o_bd = save_bd;
+	if ( rc != LDAP_SUCCESS ) {
+		return 0;
+	}
+
+	len = sizeof( rdnval_mod_t ) + rs->sr_entry->e_nname.bv_len + 1;
+	mod = op->o_tmpalloc( len, op->o_tmpmemctx );
+	mod->ndn.bv_len = rs->sr_entry->e_nname.bv_len;
+	mod->ndn.bv_val = (char *)&mod[1];
+	lutil_strncopy( mod->ndn.bv_val, rs->sr_entry->e_nname.bv_val, rs->sr_entry->e_nname.bv_len );
+	mod->vals = vals;
+	mod->nvals = nvals;
+	mod->numvals = numvals;
+
+	mod->next = rcb->mods;
+	rcb->mods = mod;
+
+	Debug( LDAP_DEBUG_TRACE, "%s: rdnval_repair_cb: scheduling entry DN=\"%s\" for repair\n",
+		op->o_log_prefix, rs->sr_entry->e_name.bv_val );
+
+	return 0;
+}
+
+static int
+rdnval_repair( BackendDB *be )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	void *ctx = ldap_pvt_thread_pool_context();
+	Connection conn = { 0 };
+	OperationBuffer opbuf;
+	Operation *op;
+	BackendDB db;
+	slap_callback sc = { 0 };
+	rdnval_repair_cb_t rcb = { 0 };
+	SlapReply rs = { REP_RESULT };
+	rdnval_mod_t *rmod;
+	int nrepaired = 0;
+
+	connection_fake_init2( &conn, &opbuf, ctx, 0 );
+	op = &opbuf.ob_op;
+
+	op->o_tag = LDAP_REQ_SEARCH;
+	memset( &op->oq_search, 0, sizeof( op->oq_search ) );
+
+	assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) );
+
+	op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
+	assert( op->o_bd != NULL );
+	assert( op->o_bd->be_nsuffix != NULL );
+
+	op->o_req_dn = op->o_bd->be_suffix[ 0 ];
+	op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
+
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	op->ors_scope = LDAP_SCOPE_SUBTREE;
+	op->ors_tlimit = SLAP_NO_LIMIT;
+	op->ors_slimit = SLAP_NO_LIMIT;
+	op->ors_attrs = slap_anlist_no_attrs;
+
+	op->ors_filterstr.bv_len = STRLENOF( "(!(=*))" ) + ad_rdnValue->ad_cname.bv_len;
+	op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+	snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
+		"(!(%s=*))", ad_rdnValue->ad_cname.bv_val );
+
+	op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
+	if ( op->ors_filter == NULL ) {
+		rs.sr_err = LDAP_OTHER;
+		goto done_search;
+	}
+	
+	op->o_callback = &sc;
+	sc.sc_response = rdnval_repair_cb;
+	sc.sc_private = &rcb;
+	rcb.bd = &db;
+	db = *be;
+	db.bd_info = (BackendInfo *)on;
+
+	(void)op->o_bd->bd_info->bi_op_search( op, &rs );
+
+	op->o_tag = LDAP_REQ_MODIFY;
+	sc.sc_response = slap_null_cb;
+	sc.sc_private = NULL;
+	memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
+
+	for ( rmod = rcb.mods; rmod != NULL; ) {
+		rdnval_mod_t *rnext;
+
+		Modifications *mod;
+		SlapReply rs2 = { REP_RESULT };
+
+		mod = (Modifications *) ch_malloc( sizeof( Modifications ) );
+		mod->sml_flags = SLAP_MOD_INTERNAL;
+		mod->sml_op = LDAP_MOD_REPLACE;
+		mod->sml_desc = ad_rdnValue;
+		mod->sml_type = ad_rdnValue->ad_cname;
+		mod->sml_values = rmod->vals;
+		mod->sml_nvalues = rmod->nvals;
+		mod->sml_numvals = rmod->numvals;
+		mod->sml_next = NULL;
+
+		op->o_req_dn = rmod->ndn;
+		op->o_req_ndn = rmod->ndn;
+
+		op->orm_modlist = mod;
+
+		op->o_bd->be_modify( op, &rs2 );
+
+		slap_mods_free( op->orm_modlist, 1 );
+		if ( rs2.sr_err == LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "%s: rdnval_repair: entry DN=\"%s\" repaired\n",
+				op->o_log_prefix, rmod->ndn.bv_val );
+			nrepaired++;
+
+		} else {
+			Debug( LDAP_DEBUG_ANY, "%s: rdnval_repair: entry DN=\"%s\" repair failed (%d)\n",
+				op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err );
+		}
+
+		rnext = rmod->next;
+		op->o_tmpfree( rmod, op->o_tmpmemctx );
+		rmod = rnext;
+	}
+
+done_search:;
+	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	filter_free_x( op, op->ors_filter, 1 );
+
+	Log( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
+		"rdnval: repaired=%d\n", nrepaired );
+
+	return 0;
+}
+
+/* search all entries without parentUUID; "repair" them */
+static int
+rdnval_db_open(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	if ( SLAP_SINGLE_SHADOW( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"rdnval incompatible with shadow database \"%s\".\n",
+			be->be_suffix[ 0 ].bv_val );
+		return 1;
+	}
+
+	return rdnval_repair( be );
+}
+
+static struct {
+	char	*desc;
+	AttributeDescription **adp;
+} as[] = {
+	{ "( 1.3.6.1.4.1.4203.666.1.58 "
+		"NAME 'rdnValue' "
+		"DESC 'the value of the naming attributes' "
+		"SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' "
+		"EQUALITY caseIgnoreMatch "
+		"USAGE dSAOperation "
+		"NO-USER-MODIFICATION " 
+		")",
+		&ad_rdnValue },
+	{ NULL }
+};
+
+int
+rdnval_initialize(void)
+{
+	int code, i;
+
+	for ( i = 0; as[ i ].desc != NULL; i++ ) {
+		code = register_at( as[ i ].desc, as[ i ].adp, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"rdnval_initialize: register_at #%d failed\n",
+				i );
+			return code;
+		}
+
+		/* Allow Manager to set these as needed */
+		if ( is_at_no_user_mod( (*as[ i ].adp)->ad_type ) ) {
+			(*as[ i ].adp)->ad_type->sat_flags |=
+				SLAP_AT_MANAGEABLE;
+		}
+	}
+
+	syn_IA5String = syn_find( "1.3.6.1.4.1.1466.115.121.1.26" );
+	if ( syn_IA5String == NULL ) {
+		Debug( LDAP_DEBUG_ANY,
+			"rdnval_initialize: unable to find syntax '1.3.6.1.4.1.1466.115.121.1.26' (IA5String)\n" );
+		return LDAP_OTHER;
+	}
+
+	rdnval.on_bi.bi_type = "rdnval";
+
+	rdnval.on_bi.bi_op_add = rdnval_op_add;
+	rdnval.on_bi.bi_op_modrdn = rdnval_op_rename;
+
+	rdnval.on_bi.bi_db_init = rdnval_db_init;
+	rdnval.on_bi.bi_db_open = rdnval_db_open;
+
+	return overlay_register( &rdnval );
+}
+
+#if SLAPD_OVER_RDNVAL == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return rdnval_initialize();
+}
+#endif /* SLAPD_OVER_RDNVAL == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_RDNVAL */
diff --git a/contrib/slapd-modules/samba4/vernum.c b/contrib/slapd-modules/samba4/vernum.c
new file mode 100644
index 0000000..d70dc92
--- /dev/null
+++ b/contrib/slapd-modules/samba4/vernum.c
@@ -0,0 +1,459 @@
+/* vernum.c - RDN value overlay */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2008 Pierangelo Masarati.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_VERNUM
+
+#include <stdio.h>
+
+#include "ac/string.h"
+#include "ac/socket.h"
+
+#include "slap.h"
+#include "slap-config.h"
+
+#include "lutil.h"
+
+/*
+ * Maintain an attribute (e.g. msDS-KeyVersionNumber) that consists
+ * in a counter of modifications of another attribute (e.g. unicodePwd).
+ */
+
+typedef struct vernum_t {
+	AttributeDescription	*vn_attr;
+	AttributeDescription	*vn_vernum;
+} vernum_t;
+
+static AttributeDescription	*ad_msDS_KeyVersionNumber;
+
+static struct berval		val_init = BER_BVC( "0" );
+static slap_overinst 		vernum;
+
+static int
+vernum_op_add( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	vernum_t	*vn = (vernum_t *)on->on_bi.bi_private;
+
+	Attribute *a, **ap;
+	int rc;
+
+	/* NOTE: should we accept an entry still in mods format? */
+	assert( op->ora_e != NULL );
+
+	if ( BER_BVISEMPTY( &op->ora_e->e_nname ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_find( op->ora_e->e_attrs, vn->vn_attr );
+	if ( a == NULL ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	if ( attr_find( op->ora_e->e_attrs, vn->vn_vernum ) != NULL ) {
+		/* already present - leave it alone */
+		return SLAP_CB_CONTINUE;
+	}
+
+	a = attr_alloc( vn->vn_vernum );
+
+	value_add_one( &a->a_vals, &val_init );
+	a->a_nvals = a->a_vals;
+	a->a_numvals = 1;
+
+	for ( ap = &op->ora_e->e_attrs; *ap != NULL; ap = &(*ap)->a_next )
+		/* goto tail */ ;
+
+	*ap = a;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+vernum_op_modify( Operation *op, SlapReply *rs )
+{
+	slap_overinst	*on = (slap_overinst *) op->o_bd->bd_info;
+	vernum_t	*vn = (vernum_t *)on->on_bi.bi_private;
+
+	Modifications *ml, **mlp;
+	struct berval val = BER_BVC( "1" );
+	int rc;
+	unsigned got = 0;
+
+	for ( ml = op->orm_modlist; ml != NULL; ml = ml->sml_next ) {
+		if ( ml->sml_desc == vn->vn_vernum ) {
+			/* already present - leave it alone
+			 * (or should we increment it anyway?) */
+			return SLAP_CB_CONTINUE;
+		}
+
+		if ( ml->sml_desc == vn->vn_attr ) {
+			got = 1;
+		}
+	}
+
+	if ( !got ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	for ( mlp = &op->orm_modlist; *mlp != NULL; mlp = &(*mlp)->sml_next )
+		/* goto tail */ ;
+
+	/* ITS#6561 */
+#ifdef SLAP_MOD_ADD_IF_NOT_PRESENT
+	/* the initial value is only added if the vernum attr is not present */
+	ml = ch_calloc( sizeof( Modifications ), 1 );
+	ml->sml_values = ch_calloc( sizeof( struct berval ) , 2 );
+	value_add_one( &ml->sml_values, &val_init );
+	ml->sml_nvalues = NULL;
+	ml->sml_numvals = 1;
+	ml->sml_op = SLAP_MOD_ADD_IF_NOT_PRESENT;
+	ml->sml_flags = SLAP_MOD_INTERNAL;
+	ml->sml_desc = vn->vn_vernum;
+	ml->sml_type = vn->vn_vernum->ad_cname;
+
+	*mlp = ml;
+	mlp = &ml->sml_next;
+#endif /* SLAP_MOD_ADD_IF_NOT_PRESENT */
+
+	/* this increments by 1 the vernum attr */
+	ml = ch_calloc( sizeof( Modifications ), 1 );
+	ml->sml_values = ch_calloc( sizeof( struct berval ) , 2 );
+	value_add_one( &ml->sml_values, &val );
+	ml->sml_nvalues = NULL;
+	ml->sml_numvals = 1;
+	ml->sml_op = LDAP_MOD_INCREMENT;
+	ml->sml_flags = SLAP_MOD_INTERNAL;
+	ml->sml_desc = vn->vn_vernum;
+	ml->sml_type = vn->vn_vernum->ad_cname;
+
+	*mlp = ml;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+vernum_db_init(
+	BackendDB	*be,
+	ConfigReply	*cr)
+{
+	slap_overinst	*on = (slap_overinst *) be->bd_info;
+	vernum_t	*vn = NULL;
+
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: vernum cannot be used as global overlay.\n" );
+		return 1;
+	}
+
+	if ( be->be_nsuffix == NULL ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: database must have suffix\n" );
+		return 1;
+	}
+
+	if ( BER_BVISNULL( &be->be_rootndn ) || BER_BVISEMPTY( &be->be_rootndn ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum_db_init: missing rootdn for database DN=\"%s\", YMMV\n",
+			be->be_suffix[ 0 ].bv_val );
+	}
+
+	vn = (vernum_t *)ch_calloc( 1, sizeof( vernum_t ) );
+
+	on->on_bi.bi_private = (void *)vn;
+
+	return 0;
+}
+
+typedef struct vernum_mod_t {
+	struct berval ndn;
+	struct vernum_mod_t *next;
+} vernum_mod_t;
+
+typedef struct {
+	BackendDB *bd;
+	vernum_mod_t *mods;
+} vernum_repair_cb_t;
+
+static int
+vernum_repair_cb( Operation *op, SlapReply *rs )
+{
+	int rc;
+	vernum_repair_cb_t *rcb = op->o_callback->sc_private;
+	vernum_mod_t *mod;
+	ber_len_t len;
+	BackendDB *save_bd = op->o_bd;
+
+	switch ( rs->sr_type ) {
+	case REP_SEARCH:
+		break;
+
+	case REP_SEARCHREF:
+	case REP_RESULT:
+		return rs->sr_err;
+
+	default:
+		assert( 0 );
+	}
+
+	assert( rs->sr_entry != NULL );
+
+	len = sizeof( vernum_mod_t ) + rs->sr_entry->e_nname.bv_len + 1;
+	mod = op->o_tmpalloc( len, op->o_tmpmemctx );
+	mod->ndn.bv_len = rs->sr_entry->e_nname.bv_len;
+	mod->ndn.bv_val = (char *)&mod[1];
+	lutil_strncopy( mod->ndn.bv_val, rs->sr_entry->e_nname.bv_val, rs->sr_entry->e_nname.bv_len );
+
+	mod->next = rcb->mods;
+	rcb->mods = mod;
+
+	Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair_cb: scheduling entry DN=\"%s\" for repair\n",
+		op->o_log_prefix, rs->sr_entry->e_name.bv_val );
+
+	return 0;
+}
+
+static int
+vernum_repair( BackendDB *be )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+	void *ctx = ldap_pvt_thread_pool_context();
+	Connection conn = { 0 };
+	OperationBuffer opbuf;
+	Operation *op;
+	BackendDB db;
+	slap_callback sc = { 0 };
+	vernum_repair_cb_t rcb = { 0 };
+	SlapReply rs = { REP_RESULT };
+	vernum_mod_t *rmod;
+	int nrepaired = 0;
+
+	connection_fake_init2( &conn, &opbuf, ctx, 0 );
+	op = &opbuf.ob_op;
+
+	op->o_tag = LDAP_REQ_SEARCH;
+	memset( &op->oq_search, 0, sizeof( op->oq_search ) );
+
+	assert( !BER_BVISNULL( &be->be_nsuffix[ 0 ] ) );
+
+	op->o_bd = select_backend( &be->be_nsuffix[ 0 ], 0 );
+	assert( op->o_bd != NULL );
+	assert( op->o_bd->be_nsuffix != NULL );
+
+	op->o_req_dn = op->o_bd->be_suffix[ 0 ];
+	op->o_req_ndn = op->o_bd->be_nsuffix[ 0 ];
+
+	op->o_dn = op->o_bd->be_rootdn;
+	op->o_ndn = op->o_bd->be_rootndn;
+
+	op->ors_scope = LDAP_SCOPE_SUBTREE;
+	op->ors_tlimit = SLAP_NO_LIMIT;
+	op->ors_slimit = SLAP_NO_LIMIT;
+	op->ors_attrs = slap_anlist_no_attrs;
+
+	op->ors_filterstr.bv_len = STRLENOF( "(&(=*)(!(=*)))" )
+		+ vn->vn_attr->ad_cname.bv_len
+		+ vn->vn_vernum->ad_cname.bv_len;
+	op->ors_filterstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len + 1, op->o_tmpmemctx );
+	snprintf( op->ors_filterstr.bv_val, op->ors_filterstr.bv_len + 1,
+		"(&(%s=*)(!(%s=*)))",
+		vn->vn_attr->ad_cname.bv_val,
+		vn->vn_vernum->ad_cname.bv_val );
+
+	op->ors_filter = str2filter_x( op, op->ors_filterstr.bv_val );
+	if ( op->ors_filter == NULL ) {
+		rs.sr_err = LDAP_OTHER;
+		goto done_search;
+	}
+	
+	op->o_callback = &sc;
+	sc.sc_response = vernum_repair_cb;
+	sc.sc_private = &rcb;
+	rcb.bd = &db;
+	db = *be;
+	db.bd_info = (BackendInfo *)on;
+
+	(void)op->o_bd->bd_info->bi_op_search( op, &rs );
+
+	op->o_tag = LDAP_REQ_MODIFY;
+	sc.sc_response = slap_null_cb;
+	sc.sc_private = NULL;
+	memset( &op->oq_modify, 0, sizeof( req_modify_s ) );
+
+	for ( rmod = rcb.mods; rmod != NULL; ) {
+		vernum_mod_t *rnext;
+		Modifications mod;
+		struct berval vals[2] = { BER_BVNULL };
+		SlapReply rs2 = { REP_RESULT };
+
+		mod.sml_flags = SLAP_MOD_INTERNAL;
+		mod.sml_op = LDAP_MOD_REPLACE;
+		mod.sml_desc = vn->vn_vernum;
+		mod.sml_type = vn->vn_vernum->ad_cname;
+		mod.sml_values = vals;
+		mod.sml_values[0] = val_init;
+		mod.sml_nvalues = NULL;
+		mod.sml_numvals = 1;
+		mod.sml_next = NULL;
+
+		op->o_req_dn = rmod->ndn;
+		op->o_req_ndn = rmod->ndn;
+
+		op->orm_modlist = &mod;
+
+		op->o_bd->be_modify( op, &rs2 );
+
+		slap_mods_free( op->orm_modlist->sml_next, 1 );
+		if ( rs2.sr_err == LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "%s: vernum_repair: entry DN=\"%s\" repaired\n",
+				op->o_log_prefix, rmod->ndn.bv_val );
+			nrepaired++;
+
+		} else {
+			Debug( LDAP_DEBUG_ANY, "%s: vernum_repair: entry DN=\"%s\" repair failed (%d)\n",
+				op->o_log_prefix, rmod->ndn.bv_val, rs2.sr_err );
+		}
+
+		rnext = rmod->next;
+		op->o_tmpfree( rmod, op->o_tmpmemctx );
+		rmod = rnext;
+	}
+
+done_search:;
+	op->o_tmpfree( op->ors_filterstr.bv_val, op->o_tmpmemctx );
+	filter_free_x( op, op->ors_filter, 1 );
+
+	Log( LDAP_DEBUG_STATS, LDAP_LEVEL_INFO,
+		"vernum: repaired=%d\n", nrepaired );
+
+	return 0;
+}
+
+static int
+vernum_db_open(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+
+	if ( SLAP_SINGLE_SHADOW( be ) ) {
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_ERR,
+			"vernum incompatible with shadow database \"%s\".\n",
+			be->be_suffix[ 0 ].bv_val );
+		return 1;
+	}
+
+	/* default: unicodePwd & msDS-KeyVersionNumber */
+	if ( vn->vn_attr == NULL ) {
+		const char *text = NULL;
+		int rc;
+
+		rc = slap_str2ad( "unicodePwd", &vn->vn_attr, &text );
+		if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_ANY, "vernum: unable to find attribute 'unicodePwd' (%d: %s)\n",
+				rc, text );
+			return 1;
+		}
+
+		vn->vn_vernum = ad_msDS_KeyVersionNumber;
+	}
+
+	return vernum_repair( be );
+}
+
+static int
+vernum_db_destroy(
+	BackendDB	*be,
+	ConfigReply	*cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	vernum_t *vn = (vernum_t *)on->on_bi.bi_private;
+
+	if ( vn ) {
+		ch_free( vn );
+		on->on_bi.bi_private = NULL;
+	}
+
+	return 0;
+}
+
+static struct {
+	char	*desc;
+	AttributeDescription **adp;
+} as[] = {
+	{ "( 1.2.840.113556.1.4.1782 "
+		"NAME 'msDS-KeyVersionNumber' "
+		"DESC 'in the original specification the syntax is 2.5.5.9' "
+		"SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' "
+		"EQUALITY integerMatch "
+		"SINGLE-VALUE "
+		"USAGE dSAOperation "
+		"NO-USER-MODIFICATION " 
+		")",
+		&ad_msDS_KeyVersionNumber },
+	{ NULL }
+};
+
+int
+vernum_initialize(void)
+{
+	int code, i;
+
+	for ( i = 0; as[ i ].desc != NULL; i++ ) {
+		code = register_at( as[ i ].desc, as[ i ].adp, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"vernum_initialize: register_at #%d failed\n",
+				i );
+			return code;
+		}
+
+		/* Allow Manager to set these as needed */
+		if ( is_at_no_user_mod( (*as[ i ].adp)->ad_type ) ) {
+			(*as[ i ].adp)->ad_type->sat_flags |=
+				SLAP_AT_MANAGEABLE;
+		}
+	}
+
+	vernum.on_bi.bi_type = "vernum";
+
+	vernum.on_bi.bi_op_add = vernum_op_add;
+	vernum.on_bi.bi_op_modify = vernum_op_modify;
+
+	vernum.on_bi.bi_db_init = vernum_db_init;
+	vernum.on_bi.bi_db_open = vernum_db_open;
+	vernum.on_bi.bi_db_destroy = vernum_db_destroy;
+
+	return overlay_register( &vernum );
+}
+
+#if SLAPD_OVER_VERNUM == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return vernum_initialize();
+}
+#endif /* SLAPD_OVER_VERNUM == SLAPD_MOD_DYNAMIC */
+
+#endif /* SLAPD_OVER_VERNUM */
diff --git a/contrib/slapd-modules/smbk5pwd/Makefile b/contrib/slapd-modules/smbk5pwd/Makefile
new file mode 100644
index 0000000..a1c2c8e
--- /dev/null
+++ b/contrib/slapd-modules/smbk5pwd/Makefile
@@ -0,0 +1,77 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+SSL_INC = 
+SSL_LIB = -lcrypto
+
+HEIMDAL_INC = -I/usr/heimdal/include
+HEIMDAL_LIB = -L/usr/heimdal/lib -lkrb5 -lkadm5srv
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+# Omit DO_KRB5, DO_SAMBA or DO_SHADOW if you don't want to support it.
+DEFS = -DDO_KRB5 -DDO_SAMBA -DDO_SHADOW
+INCS = $(LDAP_INC) $(HEIMDAL_INC) $(SSL_INC)
+LIBS = $(LDAP_LIB) $(HEIMDAL_LIB) $(SSL_LIB)
+
+PROGRAMS = smbk5pwd.la
+MANPAGES = slapo-smbk5pwd.5
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+smbk5pwd.la:	smbk5pwd.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/smbk5pwd/README b/contrib/slapd-modules/smbk5pwd/README
new file mode 100644
index 0000000..2f02195
--- /dev/null
+++ b/contrib/slapd-modules/smbk5pwd/README
@@ -0,0 +1,94 @@
+This directory contains a slapd overlay, smbk5pwd, that extends the
+PasswordModify Extended Operation to update Kerberos keys and Samba
+password hashes for an LDAP user.
+
+The Kerberos support is written for Heimdal using its hdb-ldap backend.
+If a PasswordModify is performed on an entry that has the krb5KDCEntry
+objectclass, then the krb5Key and krb5KeyVersionNumber will be updated
+using the new password in the PasswordModify request. Additionally, a
+new "{K5KEY}" password hash mechanism is provided. For krb5KDCEntries that
+have this hash specifier in their userPassword attribute, Simple Binds
+will be checked against the Kerberos keys of the Entry. No data is
+needed after the "{K5KEY}" hash specifier in the userPassword, it is
+looked up from the Entry directly.
+
+The Samba support is written using the Samba 3.0 LDAP schema. If a
+PasswordModify is performed on an entry that has the sambaSamAccount
+objectclass, then the sambaNTPassword and sambaPwdLastSet attributes
+will be updated accordingly.
+
+To use the overlay, add:
+
+	include <path to>/krb5-kdc.schema
+	include <path to>/samba.schema
+
+	moduleload <path to>smbk5pwd.so
+	...
+
+	database mdb
+	...
+	overlay smbk5pwd
+
+to your slapd configuration file. (You should obtain the necessary schema
+files from the Heimdal and/or Samba distributions. At this time, there
+are several known errors in these schema files that you will have to
+correct before they will load in slapd.  As of Samba 3.0 the schema looks
+fine as shipped.)
+
+All modules compiled in (i.e. krb5 and samba) are enabled; the statement
+
+	smbk5pwd-enable		<module>
+
+can be used to enable only the desired one(s); legal values for <module>
+are "krb5", "samba" and "shadow", if they are respectively enabled by defining
+DO_KRB5, DO_SAMBA and DO_SHADOW.
+
+The samba module also supports the
+
+	smbk5pwd-must-change	<seconds>
+
+which sets the "sambaPwdMustChange" attribute accordingly to force passwd
+expiry.  A value of 0 disables this feature.
+
+The overlay now supports table-driven configuration, and thus can be run-time
+loaded and configured via back-config.  The layout of the entry is
+
+	# {0}smbk5pwd, {1}bdb, config
+	dn: olcOverlay={0}smbk5pwd,olcDatabase={1}bdb,cn=config
+	objectClass: olcOverlayConfig
+	objectClass: olcSmbK5PwdConfig
+	olcOverlay: {0}smbk5pwd
+	olcSmbK5PwdEnable: krb5
+	olcSmbK5PwdEnable: samba
+	olcSmbK5PwdMustChange: 2592000
+
+which enables both krb5 and samba modules with a password expiry time
+of 30 days.
+
+The provided Makefile builds both Kerberos and Samba support by default.
+You must edit the Makefile to insure that the correct include and library
+paths are used. You can change the DEFS macro if you only want one or the
+other of Kerberos or Samba support.
+
+This overlay is only set up to be built as a dynamically loaded module.
+On most platforms, in order for the module to be usable, all of the 
+library dependencies must also be available as shared libraries.
+
+If you need to build the overlay statically, you will have to move it into the
+slapd/overlays directory and edit the Makefile and overlays.c to reference
+it. You will also have to define SLAPD_OVER_SMBK5PWD to SLAPD_MOD_STATIC,
+and add the relevant libraries to the main slapd link command.
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+Copyright 2004-2022 The OpenLDAP Foundation.
+Portions Copyright 2004-2005 Howard Chu, Symas Corp. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5 b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
new file mode 100644
index 0000000..c9a0162
--- /dev/null
+++ b/contrib/slapd-modules/smbk5pwd/slapo-smbk5pwd.5
@@ -0,0 +1,177 @@
+.TH SLAPO-SMBK5PWD 5 "RELEASEDATE" "OpenLDAP LDVERSION"
+.\" Copyright 2015-2022 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.\" $OpenLDAP$
+.SH NAME
+slapo-smbk5pwd \- Samba & Kerberos password sync overlay to slapd
+.SH SYNOPSIS
+ETCDIR/slapd.conf
+.RS
+.LP
+include
+.B "<path to>/krb5-kdc.schema"
+.LP
+include
+.B "<path to>/samba.schema"
+.LP
+moduleload
+.B smbk5pwd.so
+.LP
+ ...
+.LP
+database mdb
+.LP
+ ...
+.LP
+overlay
+.B smbk5pwd
+.RE
+
+.SH DESCRIPTION
+.LP
+The
+.B smbk5pwd
+overlay to
+.BR slapd (8)
+overloads the Password Modify Extended Operation (RFC 3062) to update
+Kerberos keys and Samba password hashes for an LDAP user, as well as
+updating password change related attributes for Kerberos, Samba and/or
+UNIX user accounts.
+.LP
+The Samba support is written using the Samba 3.0 LDAP schema;
+Kerberos support is written for Heimdal using its hdb-ldap backend.
+.LP
+Additionally, a new
+.B {K5KEY}
+password hash mechanism is provided.
+For
+.B krb5KDCEntry
+objects that have this scheme specifier in their
+.I userPassword
+attribute, Simple Binds will be checked against the Kerberos keys of the entry.
+No data is needed after the
+.B {K5KEY}
+scheme specifier in the
+.IR userPassword ,
+it is looked up from the entry directly.
+
+.SH CONFIGURATION
+The
+.B smbk5pwd
+overlay supports the following
+.B slapd.conf
+configuration options, which should appear after the
+.B overlay
+directive:
+.TP
+.BI smbk5pwd-enable " <module>"
+can be used to enable only the desired modules.
+Legal values for
+.I <module>
+are
+.LP
+.RS
+.TP
+.B krb5
+If the user has the
+.B krb5KDCEntry
+objectclass, update the
+.B krb5Key
+and
+.B krb5KeyVersionNumber
+attributes using the new password in the Password Modify operation,
+provided the Kerberos account is not expired.
+Exiration is determined by evaluating the
+.B krb5ValidEnd
+attribute.
+.TP
+.B samba
+If the user is a
+.B sambaSamAccount
+object, synchronize the
+.B sambaNTPassword
+to the password entered in the Password Modify operation, and update
+.B sambaPwdLastSet
+accordingly.
+.TP
+.B shadow
+Update the attribute
+.BR shadowLastChange ,
+if the entry has the objectclass
+.BR shadowAccount .
+.LP
+By default all modules compiled in are enabled.
+Setting the config statement restricts the enabled modules to the ones
+explicitly mentioned.
+.RE
+.TP
+.BI smbk5pwd-can-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdCanChange
+to point
+.I <seconds>
+into the future, essentially denying any Samba password change until then.
+A value of
+.B 0
+disables this feature.
+.TP
+.BI smbk5pwd-must-change " <seconds>"
+If the
+.B samba
+module is enabled and the user is a
+.BR sambaSamAccount ,
+update the attribute
+.B sambaPwdMustChange
+to point
+.I <seconds>
+into the future, essentially setting the Samba password expiration time.
+A value of
+.B 0
+disables this feature.
+.LP
+Alternatively, the overlay supports table-driven configuration,
+and thus can be run-time loaded and configured via back-config.
+
+.SH EXAMPLE
+The layout of a slapd.d based, table-driven configuration entry looks like:
+.LP
+.EX
+        # {0}smbk5pwd, {1}mdb, config
+        dn: olcOverlay={0}smbk5pwd,olcDatabase={1}mdb,cn=config
+        objectClass: olcOverlayConfig
+        objectClass: olcSmbK5PwdConfig
+        olcOverlay: {0}smbk5pwd
+        olcSmbK5PwdEnable: krb5
+        olcSmbK5PwdEnable: samba
+        olcSmbK5PwdMustChange: 2592000
+.EE
+.LP
+which enables both
+.B krb5
+and
+.B samba
+modules with a Samba password expiration time of 30 days (=
+.B 2592000
+seconds).
+
+.SH SEE ALSO
+.BR slapd.conf (5),
+.BR ldappasswd (1),
+.BR ldap (3),
+.LP
+"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
+.LP
+
+.SH ACKNOWLEDGEMENTS
+This manual page has been written by Peter Marschall based on the
+module's README file written by Howard Chu.
+.LP
+.B OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.
+
diff --git a/contrib/slapd-modules/smbk5pwd/smbk5pwd.c b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
new file mode 100644
index 0000000..642140d
--- /dev/null
+++ b/contrib/slapd-modules/smbk5pwd/smbk5pwd.c
@@ -0,0 +1,1084 @@
+/* smbk5pwd.c - Overlay for managing Samba and Heimdal passwords */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2004-2022 The OpenLDAP Foundation.
+ * Portions Copyright 2004-2005 by Howard Chu, Symas Corp.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * Support for table-driven configuration added by Pierangelo Masarati.
+ * Support for sambaPwdMustChange and sambaPwdCanChange added by Marco D'Ettorre.
+ * Support for shadowLastChange added by SATOH Fumiyasu @ OSS Technology, Inc.
+ */
+
+#include <portable.h>
+
+#ifndef SLAPD_OVER_SMBK5PWD
+#define SLAPD_OVER_SMBK5PWD SLAPD_MOD_DYNAMIC
+#endif
+
+#ifdef SLAPD_OVER_SMBK5PWD
+
+#include <slap.h>
+#include <ac/errno.h>
+#include <ac/string.h>
+
+#include "slap-config.h"
+
+#ifdef DO_KRB5
+#include <lber.h>
+#include <lber_pvt.h>
+#include <lutil.h>
+
+/* make ASN1_MALLOC_ENCODE use our allocator */
+#define malloc	ch_malloc
+
+#include <krb5.h>
+#include <kadm5/admin.h>
+#include <hdb.h>
+
+#ifndef HDB_INTERFACE_VERSION
+#define	HDB_MASTER_KEY_SET	master_key_set
+#else
+#define	HDB_MASTER_KEY_SET	hdb_master_key_set
+#endif
+
+static krb5_context context;
+static void *kadm_context;
+static kadm5_config_params conf;
+static HDB *db;
+
+static AttributeDescription *ad_krb5Key;
+static AttributeDescription *ad_krb5KeyVersionNumber;
+static AttributeDescription *ad_krb5PrincipalName;
+static AttributeDescription *ad_krb5ValidEnd;
+static ObjectClass *oc_krb5KDCEntry;
+#endif
+
+#ifdef DO_SAMBA
+#ifdef HAVE_GNUTLS
+#include <nettle/md4.h>
+#elif HAVE_OPENSSL
+#include <openssl/md4.h>
+#else
+#error Unsupported crypto backend.
+#endif
+#include "ldap_utf8.h"
+
+static AttributeDescription *ad_sambaNTPassword;
+static AttributeDescription *ad_sambaPwdLastSet;
+static AttributeDescription *ad_sambaPwdMustChange;
+static AttributeDescription *ad_sambaPwdCanChange;
+static ObjectClass *oc_sambaSamAccount;
+#endif
+
+#ifdef DO_SHADOW
+static AttributeDescription *ad_shadowLastChange;
+static ObjectClass *oc_shadowAccount;
+#endif
+
+/* Per-instance configuration information */
+typedef struct smbk5pwd_t {
+	unsigned	mode;
+#define	SMBK5PWD_F_KRB5		(0x1U)
+#define	SMBK5PWD_F_SAMBA	(0x2U)
+#define	SMBK5PWD_F_SHADOW	(0x4U)
+
+#define SMBK5PWD_DO_KRB5(pi)	((pi)->mode & SMBK5PWD_F_KRB5)
+#define SMBK5PWD_DO_SAMBA(pi)	((pi)->mode & SMBK5PWD_F_SAMBA)
+#define SMBK5PWD_DO_SHADOW(pi)	((pi)->mode & SMBK5PWD_F_SHADOW)
+
+#ifdef DO_KRB5
+	/* nothing yet */
+#endif
+
+#ifdef DO_SAMBA
+	/* How many seconds before forcing a password change? */
+	time_t	smb_must_change;
+	/* How many seconds after allowing a password change? */
+	time_t  smb_can_change;
+#endif
+
+#ifdef DO_SHADOW
+	/* nothing yet */
+#endif
+} smbk5pwd_t;
+
+static const unsigned SMBK5PWD_F_ALL	=
+	0
+#ifdef DO_KRB5
+	| SMBK5PWD_F_KRB5
+#endif
+#ifdef DO_SAMBA
+	| SMBK5PWD_F_SAMBA
+#endif
+#ifdef DO_SHADOW
+	| SMBK5PWD_F_SHADOW
+#endif
+;
+
+static int smbk5pwd_modules_init( smbk5pwd_t *pi );
+
+#ifdef DO_SAMBA
+static const char hex[] = "0123456789abcdef";
+
+#define MAX_PWLEN 256
+#define	HASHLEN	16
+
+static void hexify(
+	const char in[HASHLEN],
+	struct berval *out
+)
+{
+	int i;
+	char *a;
+	unsigned char *b;
+
+	out->bv_val = ch_malloc(HASHLEN*2 + 1);
+	out->bv_len = HASHLEN*2;
+
+	a = out->bv_val;
+	b = (unsigned char *)in;
+	for (i=0; i<HASHLEN; i++) {
+		*a++ = hex[*b >> 4];
+		*a++ = hex[*b++ & 0x0f];
+	}
+	*a++ = '\0';
+}
+
+static void nthash(
+	struct berval *passwd,
+	struct berval *hash
+)
+{
+	/* Windows currently only allows 14 character passwords, but
+	 * may support up to 256 in the future. We assume this means
+	 * 256 UCS2 characters, not 256 bytes...
+	 */
+	char hbuf[HASHLEN];
+#ifdef HAVE_OPENSSL
+	MD4_CTX ctx;
+#elif defined(HAVE_GNUTLS)
+	struct md4_ctx ctx;
+#endif
+
+	if (passwd->bv_len > MAX_PWLEN*2)
+		passwd->bv_len = MAX_PWLEN*2;
+
+#ifdef HAVE_OPENSSL
+	MD4_Init( &ctx );
+	MD4_Update( &ctx, passwd->bv_val, passwd->bv_len );
+	MD4_Final( (unsigned char *)hbuf, &ctx );
+#elif defined(HAVE_GNUTLS)
+	md4_init( &ctx );
+	md4_update( &ctx, passwd->bv_len, (unsigned char *)passwd->bv_val );
+	md4_digest( &ctx, sizeof(hbuf), (unsigned char *)hbuf );
+#endif
+
+	hexify( hbuf, hash );
+}
+#endif /* DO_SAMBA */
+
+#ifdef DO_KRB5
+
+static int smbk5pwd_op_cleanup(
+	Operation *op,
+	SlapReply *rs )
+{
+	slap_callback *cb;
+
+	/* clear out the current key */
+	ldap_pvt_thread_pool_setkey( op->o_threadctx, smbk5pwd_op_cleanup,
+		NULL, 0, NULL, NULL );
+
+	/* free the callback */
+	cb = op->o_callback;
+	op->o_callback = cb->sc_next;
+	op->o_tmpfree( cb, op->o_tmpmemctx );
+	return 0;
+}
+
+static int smbk5pwd_op_bind(
+	Operation *op,
+	SlapReply *rs )
+{
+	/* If this is a simple Bind, stash the Op pointer so our chk
+	 * function can find it. Set a cleanup callback to clear it
+	 * out when the Bind completes.
+	 */
+	if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE ) {
+		slap_callback *cb;
+		ldap_pvt_thread_pool_setkey( op->o_threadctx,
+			smbk5pwd_op_cleanup, op, 0, NULL, NULL );
+		cb = op->o_tmpcalloc( 1, sizeof(slap_callback), op->o_tmpmemctx );
+		cb->sc_cleanup = smbk5pwd_op_cleanup;
+		cb->sc_next = op->o_callback;
+		op->o_callback = cb;
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static LUTIL_PASSWD_CHK_FUNC k5key_chk;
+static LUTIL_PASSWD_HASH_FUNC k5key_hash;
+static const struct berval k5key_scheme = BER_BVC("{K5KEY}");
+
+/* This password scheme stores no data in the userPassword attribute
+ * other than the scheme name. It assumes the invoking entry is a
+ * krb5KDCentry and compares the passed-in credentials against the
+ * krb5Key attribute. The krb5Key may be multi-valued, but they are
+ * simply multiple keytypes generated from the same input string, so
+ * only the first value needs to be compared here.
+ *
+ * Since the lutil_passwd API doesn't pass the Entry object in, we
+ * have to fetch it ourselves in order to get access to the other
+ * attributes. We accomplish this with the help of the overlay's Bind
+ * function, which stores the current Operation pointer in thread-specific
+ * storage so we can retrieve it here. The Operation provides all
+ * the necessary context for us to get Entry from the database.
+ */
+static int k5key_chk(
+	const struct berval *sc,
+	const struct berval *passwd,
+	const struct berval *cred,
+	const char **text )
+{
+	void *ctx, *op_tmp;
+	Operation *op;
+	int rc;
+	Entry *e;
+	Attribute *a;
+	krb5_error_code ret;
+	krb5_keyblock key;
+	krb5_salt salt;
+	hdb_entry ent;
+
+	/* Find our thread context, find our Operation */
+	ctx = ldap_pvt_thread_pool_context();
+
+	if ( ldap_pvt_thread_pool_getkey( ctx, smbk5pwd_op_cleanup, &op_tmp, NULL )
+		 || !op_tmp )
+		return LUTIL_PASSWD_ERR;
+	op = op_tmp;
+
+	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+	if ( rc != LDAP_SUCCESS ) return LUTIL_PASSWD_ERR;
+
+	rc = LUTIL_PASSWD_ERR;
+	do {
+		size_t l;
+		Key ekey = {0};
+
+		a = attr_find( e->e_attrs, ad_krb5PrincipalName );
+		if (!a ) break;
+
+		memset( &ent, 0, sizeof(ent) );
+		ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
+		if ( ret ) break;
+
+		a = attr_find( e->e_attrs, ad_krb5ValidEnd );
+		if (a) {
+			struct lutil_tm tm;
+			struct lutil_timet tt;
+			if ( lutil_parsetime( a->a_vals[0].bv_val, &tm ) == 0 &&
+				lutil_tm2time( &tm, &tt ) == 0 && tt.tt_sec < op->o_time ) {
+				/* Account is expired */
+				rc = LUTIL_PASSWD_ERR;
+				break;
+			}
+		}
+
+		krb5_get_pw_salt( context, ent.principal, &salt );
+		krb5_free_principal( context, ent.principal );
+
+		a = attr_find( e->e_attrs, ad_krb5Key );
+		if ( !a ) break;
+
+		ent.keys.len = 1;
+		ent.keys.val = &ekey;
+		decode_Key((unsigned char *) a->a_vals[0].bv_val,
+			(size_t) a->a_vals[0].bv_len, &ent.keys.val[0], &l);
+		if ( db->HDB_MASTER_KEY_SET )
+			hdb_unseal_keys( context, db, &ent );
+
+		krb5_string_to_key_salt( context, ekey.key.keytype, cred->bv_val,
+			salt, &key );
+
+		krb5_free_salt( context, salt );
+
+		if ( memcmp( ekey.key.keyvalue.data, key.keyvalue.data,
+			key.keyvalue.length ) == 0 ) rc = LUTIL_PASSWD_OK;
+
+		krb5_free_keyblock_contents( context, &key );
+		krb5_free_keyblock_contents( context, &ekey.key );
+
+	} while(0);
+	be_entry_release_r( op, e );
+	return rc;
+}
+
+static int k5key_hash(
+	const struct berval *scheme,
+	const struct berval *passwd,
+	struct berval *hash,
+	const char **text )
+{
+	ber_dupbv( hash, (struct berval *)&k5key_scheme );
+	return LUTIL_PASSWD_OK;
+}
+#endif /* DO_KRB5 */
+
+static int smbk5pwd_exop_passwd(
+	Operation *op,
+	SlapReply *rs )
+{
+	int rc;
+	req_pwdexop_s *qpw = &op->oq_pwdexop;
+	Entry *e;
+	Modifications *ml;
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	smbk5pwd_t *pi = on->on_bi.bi_private;
+	char term;
+
+	/* Not the operation we expected, pass it on... */
+	if ( ber_bvcmp( &slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	op->o_bd->bd_info = (BackendInfo *)on->on_info;
+	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0, &e );
+	if ( rc != LDAP_SUCCESS ) return rc;
+
+	term = qpw->rs_new.bv_val[qpw->rs_new.bv_len];
+	qpw->rs_new.bv_val[qpw->rs_new.bv_len] = '\0';
+
+#ifdef DO_KRB5
+	/* Kerberos stuff */
+	do {
+		krb5_error_code ret;
+		hdb_entry ent;
+		struct berval *keys;
+		size_t nkeys;
+		int kvno, i;
+		Attribute *a;
+
+		if ( !SMBK5PWD_DO_KRB5( pi ) ) break;
+
+		if ( !is_entry_objectclass(e, oc_krb5KDCEntry, 0 ) ) break;
+
+		a = attr_find( e->e_attrs, ad_krb5PrincipalName );
+		if ( !a ) break;
+
+		memset( &ent, 0, sizeof(ent) );
+		ret = krb5_parse_name(context, a->a_vals[0].bv_val, &ent.principal);
+		if ( ret ) break;
+
+		a = attr_find( e->e_attrs, ad_krb5KeyVersionNumber );
+		kvno = 0;
+		if ( a ) {
+			if ( lutil_atoi( &kvno, a->a_vals[0].bv_val ) != 0 ) {
+				Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
+					"dn=\"%s\" unable to parse krb5KeyVersionNumber=\"%s\"\n",
+					op->o_log_prefix, e->e_name.bv_val, a->a_vals[0].bv_val );
+			}
+
+		} else {
+			/* shouldn't happen, this is a required attr */
+			Debug( LDAP_DEBUG_ANY, "%s smbk5pwd EXOP: "
+				"dn=\"%s\" missing krb5KeyVersionNumber\n",
+				op->o_log_prefix, e->e_name.bv_val );
+		}
+
+		ret = hdb_generate_key_set_password(context, ent.principal,
+			qpw->rs_new.bv_val, &ent.keys.val, &nkeys);
+		ent.keys.len = nkeys;
+		hdb_seal_keys(context, db, &ent);
+		krb5_free_principal( context, ent.principal );
+
+		keys = ch_malloc( (ent.keys.len + 1) * sizeof(struct berval));
+
+		for (i = 0; i < ent.keys.len; i++) {
+			unsigned char *buf;
+			size_t len;
+
+			ASN1_MALLOC_ENCODE(Key, buf, len, &ent.keys.val[i], &len, ret);
+			if (ret != 0)
+				break;
+			
+			keys[i].bv_val = (char *)buf;
+			keys[i].bv_len = len;
+		}
+		BER_BVZERO( &keys[i] );
+
+		hdb_free_keys(context, ent.keys.len, ent.keys.val);
+
+		if ( i != ent.keys.len ) {
+			ber_bvarray_free( keys );
+			break;
+		}
+
+		ml = ch_malloc(sizeof(Modifications));
+		if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
+
+		ml->sml_desc = ad_krb5Key;
+		ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+		ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+		ml->sml_numvals = i;
+		ml->sml_values = keys;
+		ml->sml_nvalues = NULL;
+		
+		ml = ch_malloc(sizeof(Modifications));
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
+		
+		ml->sml_desc = ad_krb5KeyVersionNumber;
+		ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+		ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+		ml->sml_numvals = 1;
+		ml->sml_values = ch_malloc( 2 * sizeof(struct berval));
+		ml->sml_values[0].bv_val = ch_malloc( 64 );
+		ml->sml_values[0].bv_len = sprintf(ml->sml_values[0].bv_val,
+			"%d", kvno+1 );
+		BER_BVZERO( &ml->sml_values[1] );
+		ml->sml_nvalues = NULL;
+	} while ( 0 );
+#endif /* DO_KRB5 */
+
+#ifdef DO_SAMBA
+	/* Samba stuff */
+	if ( SMBK5PWD_DO_SAMBA( pi ) && is_entry_objectclass(e, oc_sambaSamAccount, 0 ) ) {
+		struct berval *keys;
+		ber_len_t j,l;
+		wchar_t *wcs, wc;
+		char *c;
+		struct berval pwd;
+		
+		/* Expand incoming UTF8 string to UCS4 */
+		l = ldap_utf8_chars(qpw->rs_new.bv_val);
+		wcs = ch_malloc((l+1) * sizeof(wchar_t));
+
+		ldap_x_utf8s_to_wcs( wcs, qpw->rs_new.bv_val, l );
+		
+		/* Truncate UCS4 to UCS2 */
+		c = (char *)wcs;
+		for (j=0; j<l; j++) {
+			wc = wcs[j];
+			*c++ = wc & 0xff;
+			*c++ = (wc >> 8) & 0xff;
+		}
+		*c++ = 0;
+		pwd.bv_val = (char *)wcs;
+		pwd.bv_len = l * 2;
+
+		ml = ch_malloc(sizeof(Modifications));
+		if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
+
+		keys = ch_malloc( 2 * sizeof(struct berval) );
+		BER_BVZERO( &keys[1] );
+		nthash( &pwd, keys );
+		
+		ml->sml_desc = ad_sambaNTPassword;
+		ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+		ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+		ml->sml_numvals = 1;
+		ml->sml_values = keys;
+		ml->sml_nvalues = NULL;
+
+		ch_free(wcs);
+
+		ml = ch_malloc(sizeof(Modifications));
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
+
+		keys = ch_malloc( 2 * sizeof(struct berval) );
+		keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
+		keys[0].bv_len = snprintf(keys[0].bv_val,
+			LDAP_PVT_INTTYPE_CHARS(long),
+			"%ld", slap_get_time());
+		BER_BVZERO( &keys[1] );
+		
+		ml->sml_desc = ad_sambaPwdLastSet;
+		ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+		ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+		ml->sml_numvals = 1;
+		ml->sml_values = keys;
+		ml->sml_nvalues = NULL;
+
+		if (pi->smb_must_change)
+		{
+			ml = ch_malloc(sizeof(Modifications));
+			ml->sml_next = qpw->rs_mods;
+			qpw->rs_mods = ml;
+
+			keys = ch_malloc( 2 * sizeof(struct berval) );
+			keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
+			keys[0].bv_len = snprintf(keys[0].bv_val,
+					LDAP_PVT_INTTYPE_CHARS(long),
+					"%ld", slap_get_time() + pi->smb_must_change);
+			BER_BVZERO( &keys[1] );
+
+			ml->sml_desc = ad_sambaPwdMustChange;
+			ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+			ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+			ml->sml_numvals = 1;
+			ml->sml_values = keys;
+			ml->sml_nvalues = NULL;
+		}
+
+		if (pi->smb_can_change)
+		{
+			ml = ch_malloc(sizeof(Modifications));
+			ml->sml_next = qpw->rs_mods;
+			qpw->rs_mods = ml;
+
+			keys = ch_malloc( 2 * sizeof(struct berval) );
+			keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
+			keys[0].bv_len = snprintf(keys[0].bv_val,
+					LDAP_PVT_INTTYPE_CHARS(long),
+					"%ld", slap_get_time() + pi->smb_can_change);
+			BER_BVZERO( &keys[1] );
+
+			ml->sml_desc = ad_sambaPwdCanChange;
+			ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+			ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+			ml->sml_numvals = 1;
+			ml->sml_values = keys;
+			ml->sml_nvalues = NULL;
+		}
+	}
+#endif /* DO_SAMBA */
+
+#ifdef DO_SHADOW
+	/* shadow stuff */
+	if ( SMBK5PWD_DO_SHADOW( pi ) && is_entry_objectclass(e, oc_shadowAccount, 0 ) ) {
+		struct berval *keys;
+
+		ml = ch_malloc(sizeof(Modifications));
+		if (!qpw->rs_modtail) qpw->rs_modtail = &ml->sml_next;
+		ml->sml_next = qpw->rs_mods;
+		qpw->rs_mods = ml;
+
+		keys = ch_malloc( sizeof(struct berval) * 2);
+		BER_BVZERO( &keys[1] );
+		keys[0].bv_val = ch_malloc( LDAP_PVT_INTTYPE_CHARS(long) );
+		keys[0].bv_len = snprintf(keys[0].bv_val,
+			LDAP_PVT_INTTYPE_CHARS(long),
+			"%ld", (long)(slap_get_time() / (60 * 60 * 24)));
+
+		ml->sml_desc = ad_shadowLastChange;
+		ml->sml_op = LDAP_MOD_REPLACE;
+#ifdef SLAP_MOD_INTERNAL
+		ml->sml_flags = SLAP_MOD_INTERNAL;
+#endif
+		ml->sml_numvals = 1;
+		ml->sml_values = keys;
+		ml->sml_nvalues = NULL;
+	}
+#endif /* DO_SHADOW */
+
+	be_entry_release_r( op, e );
+	qpw->rs_new.bv_val[qpw->rs_new.bv_len] = term;
+
+	return SLAP_CB_CONTINUE;
+}
+
+static slap_overinst smbk5pwd;
+
+/* back-config stuff */
+enum {
+	PC_SMB_MUST_CHANGE = 1,
+	PC_SMB_CAN_CHANGE,
+	PC_SMB_ENABLE
+};
+
+static ConfigDriver smbk5pwd_cf_func;
+
+/*
+ * NOTE: uses OID arcs OLcfgCtAt:1 and OLcfgCtOc:1
+ */
+
+static ConfigTable smbk5pwd_cfats[] = {
+	{ "smbk5pwd-enable", "arg",
+		2, 0, 0, ARG_MAGIC|PC_SMB_ENABLE, smbk5pwd_cf_func,
+		"( OLcfgCtAt:1.1 NAME 'olcSmbK5PwdEnable' "
+		"DESC 'Modules to be enabled' "
+		"EQUALITY caseIgnoreMatch "
+		"SYNTAX OMsDirectoryString )", NULL, NULL },
+	{ "smbk5pwd-must-change", "time",
+		2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_MUST_CHANGE, smbk5pwd_cf_func,
+		"( OLcfgCtAt:1.2 NAME 'olcSmbK5PwdMustChange' "
+		"DESC 'Credentials validity interval' "
+		"EQUALITY integerMatch "
+		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+	{ "smbk5pwd-can-change", "time",
+		2, 2, 0, ARG_MAGIC|ARG_INT|PC_SMB_CAN_CHANGE, smbk5pwd_cf_func,
+		"( OLcfgCtAt:1.3 NAME 'olcSmbK5PwdCanChange' "
+		"DESC 'Credentials minimum validity interval' "
+		"EQUALITY integerMatch "
+		"SYNTAX OMsInteger SINGLE-VALUE )", NULL, NULL },
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs smbk5pwd_cfocs[] = {
+	{ "( OLcfgCtOc:1.1 "
+		"NAME 'olcSmbK5PwdConfig' "
+		"DESC 'smbk5pwd overlay configuration' "
+		"SUP olcOverlayConfig "
+		"MAY ( "
+			"olcSmbK5PwdEnable "
+			"$ olcSmbK5PwdMustChange "
+			"$ olcSmbK5PwdCanChange "
+		") )", Cft_Overlay, smbk5pwd_cfats },
+
+	{ NULL, 0, NULL }
+};
+
+/*
+ * add here other functionalities; handle their initialization
+ * as appropriate in smbk5pwd_modules_init().
+ */
+static slap_verbmasks smbk5pwd_modules[] = {
+	{ BER_BVC( "krb5" ),		SMBK5PWD_F_KRB5	},
+	{ BER_BVC( "samba" ),		SMBK5PWD_F_SAMBA },
+	{ BER_BVC( "shadow" ),		SMBK5PWD_F_SHADOW },
+	{ BER_BVNULL,			-1 }
+};
+
+static int
+smbk5pwd_cf_func( ConfigArgs *c )
+{
+	slap_overinst	*on = (slap_overinst *)c->bi;
+
+	int		rc = 0;
+	smbk5pwd_t	*pi = on->on_bi.bi_private;
+
+	if ( c->op == SLAP_CONFIG_EMIT ) {
+		switch( c->type ) {
+		case PC_SMB_MUST_CHANGE:
+#ifdef DO_SAMBA
+			c->value_int = pi->smb_must_change;
+#else /* ! DO_SAMBA */
+			c->value_int = 0;
+#endif /* ! DO_SAMBA */
+			break;
+
+		case PC_SMB_CAN_CHANGE:
+#ifdef DO_SAMBA
+			c->value_int = pi->smb_can_change;
+#else /* ! DO_SAMBA */
+			c->value_int = 0;
+#endif /* ! DO_SAMBA */
+			break;
+
+		case PC_SMB_ENABLE:
+			c->rvalue_vals = NULL;
+			if ( pi->mode ) {
+				mask_to_verbs( smbk5pwd_modules, pi->mode, &c->rvalue_vals );
+				if ( c->rvalue_vals == NULL ) {
+					rc = 1;
+				}
+			}
+			break;
+
+		default:
+			assert( 0 );
+			rc = 1;
+		}
+		return rc;
+
+	} else if ( c->op == LDAP_MOD_DELETE ) {
+		switch( c->type ) {
+		case PC_SMB_MUST_CHANGE:
+			break;
+
+                case PC_SMB_CAN_CHANGE:
+                        break;
+
+		case PC_SMB_ENABLE:
+			if ( !c->line ) {
+				pi->mode = 0;
+
+			} else {
+				int i;
+
+				i = verb_to_mask( c->line, smbk5pwd_modules );
+				pi->mode &= ~smbk5pwd_modules[i].mask;
+			}
+			break;
+
+		default:
+			assert( 0 );
+			rc = 1;
+		}
+		return rc;
+	}
+
+	switch( c->type ) {
+	case PC_SMB_MUST_CHANGE:
+#ifdef DO_SAMBA
+		if ( c->value_int < 0 ) {
+			Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+				"<%s> invalid negative value \"%d\".",
+				c->log, c->argv[ 0 ], c->value_int );
+			return 1;
+		}
+		pi->smb_must_change = c->value_int;
+#else /* ! DO_SAMBA */
+		Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+			"<%s> only meaningful "
+			"when compiled with -DDO_SAMBA.\n",
+			c->log, c->argv[ 0 ] );
+		return 1;
+#endif /* ! DO_SAMBA */
+		break;
+
+        case PC_SMB_CAN_CHANGE:
+#ifdef DO_SAMBA
+                if ( c->value_int < 0 ) {
+                        Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+                                "<%s> invalid negative value \"%d\".",
+                                c->log, c->argv[ 0 ], c->value_int );
+                        return 1;
+                }
+                pi->smb_can_change = c->value_int;
+#else /* ! DO_SAMBA */
+                Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+                        "<%s> only meaningful "
+                        "when compiled with -DDO_SAMBA.\n",
+                        c->log, c->argv[ 0 ] );
+                return 1;
+#endif /* ! DO_SAMBA */
+                break;
+
+	case PC_SMB_ENABLE: {
+		slap_mask_t	mode = pi->mode, m = 0;
+
+		rc = verbs_to_mask( c->argc, c->argv, smbk5pwd_modules, &m );
+		if ( rc > 0 ) {
+			Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+				"<%s> unknown module \"%s\".\n",
+				c->log, c->argv[ 0 ], c->argv[ rc ] );
+			return 1;
+		}
+
+		/* we can hijack the smbk5pwd_t structure because
+		 * from within the configuration, this is the only
+		 * active thread. */
+		pi->mode |= m;
+
+#ifndef DO_KRB5
+		if ( SMBK5PWD_DO_KRB5( pi ) ) {
+			Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+				"<%s> module \"%s\" only allowed when compiled with -DDO_KRB5.\n",
+				c->log, c->argv[ 0 ], c->argv[ rc ] );
+			pi->mode = mode;
+			return 1;
+		}
+#endif /* ! DO_KRB5 */
+
+#ifndef DO_SAMBA
+		if ( SMBK5PWD_DO_SAMBA( pi ) ) {
+			Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+				"<%s> module \"%s\" only allowed when compiled with -DDO_SAMBA.\n",
+				c->log, c->argv[ 0 ], c->argv[ rc ] );
+			pi->mode = mode;
+			return 1;
+		}
+#endif /* ! DO_SAMBA */
+
+#ifndef DO_SHADOW
+		if ( SMBK5PWD_DO_SHADOW( pi ) ) {
+			Debug( LDAP_DEBUG_ANY, "%s: smbk5pwd: "
+				"<%s> module \"%s\" only allowed when compiled with -DDO_SHADOW.\n",
+				c->log, c->argv[ 0 ], c->argv[ rc ] );
+			pi->mode = mode;
+			return 1;
+		}
+#endif /* ! DO_SHADOW */
+
+		/* Re-initialize the module, because
+		 * the configuration might have changed */
+		rc = smbk5pwd_modules_init( pi );
+		if ( rc ) {
+			pi->mode = mode;
+			return 1;
+		}
+
+		} break;
+
+	default:
+		assert( 0 );
+		return 1;
+	}
+	return rc;
+}
+
+static int
+smbk5pwd_modules_init( smbk5pwd_t *pi )
+{
+	static struct {
+		const char		*name;
+		AttributeDescription	**adp;
+	}
+#ifdef DO_KRB5
+	krb5_ad[] = {
+		{ "krb5Key",			&ad_krb5Key },
+		{ "krb5KeyVersionNumber",	&ad_krb5KeyVersionNumber },
+		{ "krb5PrincipalName",		&ad_krb5PrincipalName },
+		{ "krb5ValidEnd",		&ad_krb5ValidEnd },
+		{ NULL }
+	},
+#endif /* DO_KRB5 */
+#ifdef DO_SAMBA
+	samba_ad[] = {
+		{ "sambaNTPassword",		&ad_sambaNTPassword },
+		{ "sambaPwdLastSet",		&ad_sambaPwdLastSet },
+		{ "sambaPwdMustChange",		&ad_sambaPwdMustChange },
+		{ "sambaPwdCanChange",		&ad_sambaPwdCanChange },
+		{ NULL }
+	},
+#endif /* DO_SAMBA */
+#ifdef DO_SHADOW
+	shadow_ad[] = {
+		{ "shadowLastChange",		&ad_shadowLastChange },
+		{ NULL }
+	},
+#endif /* DO_SHADOW */
+	dummy_ad;
+
+	/* this is to silence the unused var warning */
+	(void) dummy_ad;
+
+#ifdef DO_KRB5
+	if ( SMBK5PWD_DO_KRB5( pi ) && oc_krb5KDCEntry == NULL ) {
+		krb5_error_code	ret;
+		extern HDB 	*_kadm5_s_get_db(void *);
+
+		int		i, rc;
+
+		/* Make sure all of our necessary schema items are loaded */
+		oc_krb5KDCEntry = oc_find( "krb5KDCEntry" );
+		if ( !oc_krb5KDCEntry ) {
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to find \"krb5KDCEntry\" objectClass.\n" );
+			return -1;
+		}
+
+		for ( i = 0; krb5_ad[ i ].name != NULL; i++ ) {
+			const char	*text;
+
+			*(krb5_ad[ i ].adp) = NULL;
+
+			rc = slap_str2ad( krb5_ad[ i ].name, krb5_ad[ i ].adp, &text );
+			if ( rc != LDAP_SUCCESS ) {
+				Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+					"unable to find \"%s\" attributeType: %s (%d).\n",
+					krb5_ad[ i ].name, text, rc );
+				oc_krb5KDCEntry = NULL;
+				return rc;
+			}
+		}
+
+		/* Initialize Kerberos context */
+		ret = krb5_init_context(&context);
+		if (ret) {
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to initialize krb5 context (%d).\n",
+				ret );
+			oc_krb5KDCEntry = NULL;
+			return -1;
+		}
+
+		ret = kadm5_s_init_with_password_ctx( context,
+			KADM5_ADMIN_SERVICE,
+			NULL,
+			KADM5_ADMIN_SERVICE,
+			&conf, 0, 0, &kadm_context );
+		if (ret) {
+			char *err_str, *err_msg = "<unknown error>";
+			err_str = krb5_get_error_string( context );
+			if (!err_str)
+				err_msg = (char *)krb5_get_err_text( context, ret );
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to initialize krb5 admin context: %s (%d).\n",
+				err_str ? err_str : err_msg, ret );
+			if (err_str)
+				krb5_free_error_string( context, err_str );
+			krb5_free_context( context );
+			oc_krb5KDCEntry = NULL;
+			return -1;
+		}
+
+		db = _kadm5_s_get_db( kadm_context );
+	}
+#endif /* DO_KRB5 */
+
+#ifdef DO_SAMBA
+	if ( SMBK5PWD_DO_SAMBA( pi ) && oc_sambaSamAccount == NULL ) {
+		int		i, rc;
+
+		oc_sambaSamAccount = oc_find( "sambaSamAccount" );
+		if ( !oc_sambaSamAccount ) {
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to find \"sambaSamAccount\" objectClass.\n" );
+			return -1;
+		}
+
+		for ( i = 0; samba_ad[ i ].name != NULL; i++ ) {
+			const char	*text;
+
+			*(samba_ad[ i ].adp) = NULL;
+
+			rc = slap_str2ad( samba_ad[ i ].name, samba_ad[ i ].adp, &text );
+			if ( rc != LDAP_SUCCESS ) {
+				Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+					"unable to find \"%s\" attributeType: %s (%d).\n",
+					samba_ad[ i ].name, text, rc );
+				oc_sambaSamAccount = NULL;
+				return rc;
+			}
+		}
+	}
+#endif /* DO_SAMBA */
+
+#ifdef DO_SHADOW
+	if ( SMBK5PWD_DO_SHADOW( pi ) && oc_shadowAccount == NULL ) {
+		int		i, rc;
+
+		oc_shadowAccount = oc_find( "shadowAccount" );
+		if ( !oc_shadowAccount ) {
+			Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+				"unable to find \"shadowAccount\" objectClass.\n" );
+			return -1;
+		}
+
+		for ( i = 0; shadow_ad[ i ].name != NULL; i++ ) {
+			const char	*text;
+
+			*(shadow_ad[ i ].adp) = NULL;
+
+			rc = slap_str2ad( shadow_ad[ i ].name, shadow_ad[ i ].adp, &text );
+			if ( rc != LDAP_SUCCESS ) {
+				Debug( LDAP_DEBUG_ANY, "smbk5pwd: "
+					"unable to find \"%s\" attributeType: %s (%d).\n",
+					shadow_ad[ i ].name, text, rc );
+				oc_shadowAccount = NULL;
+				return rc;
+			}
+		}
+	}
+#endif /* DO_SHADOW */
+
+	return 0;
+}
+
+static int
+smbk5pwd_db_init(BackendDB *be, ConfigReply *cr)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	smbk5pwd_t	*pi;
+
+	pi = ch_calloc( 1, sizeof( smbk5pwd_t ) );
+	if ( pi == NULL ) {
+		return 1;
+	}
+	on->on_bi.bi_private = (void *)pi;
+
+	return 0;
+}
+
+static int
+smbk5pwd_db_open(BackendDB *be, ConfigReply *cr)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	smbk5pwd_t	*pi = (smbk5pwd_t *)on->on_bi.bi_private;
+
+	int	rc;
+
+	if ( pi->mode == 0 ) {
+		pi->mode = SMBK5PWD_F_ALL;
+	}
+
+	rc = smbk5pwd_modules_init( pi );
+	if ( rc ) {
+		return rc;
+	}
+
+	return 0;
+}
+
+static int
+smbk5pwd_db_destroy(BackendDB *be, ConfigReply *cr)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	smbk5pwd_t	*pi = (smbk5pwd_t *)on->on_bi.bi_private;
+
+	if ( pi ) {
+		ch_free( pi );
+	}
+
+	return 0;
+}
+
+int
+smbk5pwd_initialize(void)
+{
+	int		rc;
+
+	smbk5pwd.on_bi.bi_type = "smbk5pwd";
+
+	smbk5pwd.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	smbk5pwd.on_bi.bi_db_init = smbk5pwd_db_init;
+	smbk5pwd.on_bi.bi_db_open = smbk5pwd_db_open;
+	smbk5pwd.on_bi.bi_db_destroy = smbk5pwd_db_destroy;
+
+	smbk5pwd.on_bi.bi_extended = smbk5pwd_exop_passwd;
+    
+#ifdef DO_KRB5
+	smbk5pwd.on_bi.bi_op_bind = smbk5pwd_op_bind;
+
+	lutil_passwd_add( (struct berval *)&k5key_scheme, k5key_chk, k5key_hash );
+#endif
+
+	smbk5pwd.on_bi.bi_cf_ocs = smbk5pwd_cfocs;
+
+	rc = config_register_schema( smbk5pwd_cfats, smbk5pwd_cfocs );
+	if ( rc ) {
+		return rc;
+	}
+
+	return overlay_register( &smbk5pwd );
+}
+
+#if SLAPD_OVER_SMBK5PWD == SLAPD_MOD_DYNAMIC
+int init_module(int argc, char *argv[]) {
+	return smbk5pwd_initialize();
+}
+#endif
+
+#endif /* defined(SLAPD_OVER_SMBK5PWD) */
diff --git a/contrib/slapd-modules/trace/Makefile b/contrib/slapd-modules/trace/Makefile
new file mode 100644
index 0000000..1bf8a55
--- /dev/null
+++ b/contrib/slapd-modules/trace/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_TRACE=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = trace.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+trace.la: trace.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/trace/trace.c b/contrib/slapd-modules/trace/trace.c
new file mode 100644
index 0000000..1e61025
--- /dev/null
+++ b/contrib/slapd-modules/trace/trace.c
@@ -0,0 +1,256 @@
+/* trace.c - traces overlay invocation */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2006-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_TRACE
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "lutil.h"
+
+static int
+trace_op2str( Operation *op, char **op_strp )
+{
+	switch ( op->o_tag ) {
+	case LDAP_REQ_BIND:
+		*op_strp = "BIND";
+		break;
+
+	case LDAP_REQ_UNBIND:
+		*op_strp = "UNBIND";
+		break;
+
+	case LDAP_REQ_SEARCH:
+		*op_strp = "SEARCH";
+		break;
+
+	case LDAP_REQ_MODIFY:
+		*op_strp = "MODIFY";
+		break;
+
+	case LDAP_REQ_ADD:
+		*op_strp = "ADD";
+		break;
+
+	case LDAP_REQ_DELETE:
+		*op_strp = "DELETE";
+		break;
+
+	case LDAP_REQ_MODRDN:
+		*op_strp = "MODRDN";
+		break;
+
+	case LDAP_REQ_COMPARE:
+		*op_strp = "COMPARE";
+		break;
+
+	case LDAP_REQ_ABANDON:
+		*op_strp = "ABANDON";
+		break;
+
+	case LDAP_REQ_EXTENDED:
+		*op_strp = "EXTENDED";
+		break;
+
+	default:
+		assert( 0 );
+	}
+
+	return 0;
+}
+
+static int
+trace_op_func( Operation *op, SlapReply *rs )
+{
+	char	*op_str = NULL;
+
+	(void)trace_op2str( op, &op_str );
+
+	switch ( op->o_tag ) {
+	case LDAP_REQ_EXTENDED:
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+			"%s trace op=EXTENDED dn=\"%s\" reqoid=%s\n",
+			op->o_log_prefix, 
+			BER_BVISNULL( &op->o_req_ndn ) ? "(null)" : op->o_req_ndn.bv_val,
+			BER_BVISNULL( &op->ore_reqoid ) ? "" : op->ore_reqoid.bv_val );
+		break;
+
+	default:
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+			"%s trace op=%s dn=\"%s\"\n",
+			op->o_log_prefix, op_str,
+			BER_BVISNULL( &op->o_req_ndn ) ? "(null)" : op->o_req_ndn.bv_val );
+		break;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+trace_response( Operation *op, SlapReply *rs )
+{
+	char	*op_str = NULL;
+
+	(void)trace_op2str( op, &op_str );
+
+	switch ( op->o_tag ) {
+	case LDAP_REQ_EXTENDED:
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+			"%s trace op=EXTENDED RESPONSE dn=\"%s\" reqoid=%s rspoid=%s err=%d\n",
+			op->o_log_prefix,
+			BER_BVISNULL( &op->o_req_ndn ) ? "(null)" : op->o_req_ndn.bv_val,
+			BER_BVISNULL( &op->ore_reqoid ) ? "" : op->ore_reqoid.bv_val,
+			rs->sr_rspoid == NULL ? "" : rs->sr_rspoid,
+			rs->sr_err );
+		break;
+
+	case LDAP_REQ_SEARCH:
+		switch ( rs->sr_type ) {
+		case REP_SEARCH:
+			Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+				"%s trace op=SEARCH ENTRY dn=\"%s\"\n",
+				op->o_log_prefix,
+				rs->sr_entry->e_name.bv_val );
+			goto done;
+
+		case REP_SEARCHREF:
+			Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+				"%s trace op=SEARCH REFERENCE ref=\"%s\"\n",
+				op->o_log_prefix,
+				rs->sr_ref[ 0 ].bv_val );
+			goto done;
+
+		case REP_RESULT:
+			break;
+
+		default:
+			assert( 0 );
+		}
+		/* fallthru */
+
+	default:
+		Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+			"%s trace op=%s RESPONSE dn=\"%s\" err=%d\n",
+			op->o_log_prefix,
+			op_str,
+			BER_BVISNULL( &op->o_req_ndn ) ? "(null)" : op->o_req_ndn.bv_val,
+			rs->sr_err );
+		break;
+	}
+
+done:;
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+trace_db_init( BackendDB *be, ConfigReply *cr )
+{
+	Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+		"trace DB_INIT\n" );
+
+	return 0;
+}
+
+static int
+trace_db_config(
+	BackendDB	*be,
+	const char	*fname,
+	int		lineno,
+	int		argc,
+	char		**argv )
+{
+	Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+		"trace DB_CONFIG argc=%d argv[0]=\"%s\"\n",
+		argc, argv[ 0 ] );
+
+	return 0;
+}
+
+static int
+trace_db_open( BackendDB *be, ConfigReply *cr )
+{
+	Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+		"trace DB_OPEN\n" );
+
+	return 0;
+}
+
+static int
+trace_db_close( BackendDB *be, ConfigReply *cr )
+{
+	Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+		"trace DB_CLOSE\n" );
+
+	return 0;
+}
+
+static int
+trace_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	Log( LDAP_DEBUG_ANY, LDAP_LEVEL_INFO,
+		"trace DB_DESTROY\n" );
+
+	return 0;
+}
+
+static slap_overinst 		trace;
+
+int
+trace_initialize()
+{
+	trace.on_bi.bi_type = "trace";
+
+	trace.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	trace.on_bi.bi_db_init = trace_db_init;
+	trace.on_bi.bi_db_open = trace_db_open;
+	trace.on_bi.bi_db_config = trace_db_config;
+	trace.on_bi.bi_db_close = trace_db_close;
+	trace.on_bi.bi_db_destroy = trace_db_destroy;
+
+	trace.on_bi.bi_op_add = trace_op_func;
+	trace.on_bi.bi_op_bind = trace_op_func;
+	trace.on_bi.bi_op_unbind = trace_op_func;
+	trace.on_bi.bi_op_compare = trace_op_func;
+	trace.on_bi.bi_op_delete = trace_op_func;
+	trace.on_bi.bi_op_modify = trace_op_func;
+	trace.on_bi.bi_op_modrdn = trace_op_func;
+	trace.on_bi.bi_op_search = trace_op_func;
+	trace.on_bi.bi_op_abandon = trace_op_func;
+	trace.on_bi.bi_extended = trace_op_func;
+
+	trace.on_response = trace_response;
+
+	return overlay_register( &trace );
+}
+
+#if SLAPD_OVER_TRACE == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return trace_initialize();
+}
+#endif /* SLAPD_OVER_TRACE == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_TRACE) */
diff --git a/contrib/slapd-modules/usn/Makefile b/contrib/slapd-modules/usn/Makefile
new file mode 100644
index 0000000..d7af04b
--- /dev/null
+++ b/contrib/slapd-modules/usn/Makefile
@@ -0,0 +1,46 @@
+# $OpenLDAP$
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = usn.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+usn.la: usn.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/usn/README b/contrib/slapd-modules/usn/README
new file mode 100644
index 0000000..3bfb096
--- /dev/null
+++ b/contrib/slapd-modules/usn/README
@@ -0,0 +1,44 @@
+This directory contains a slapd overlay, usn, that extends slapd
+to maintain the usnCreated and usnChanged operational attributes
+normally used by Microsoft ActiveDirectory.
+
+To use the overlay, add:
+
+	moduleload <path to>usn.so
+	...
+
+	database mdb
+	...
+	overlay usn
+
+to your slapd configuration file. The schema definitions for the
+two USN attributes are hardcoded in this overlay.
+
+Use Makefile to compile this plugin or use a command line similar to:
+
+	gcc -c -I ../../include/ -I ../../servers/slapd -DSLAPD_OVER_USN=SLAPD_MOD_DYNAMIC usn.c
+	gcc -shared -o usn.so usn.o
+
+This overlay is only set up to be built as a dynamically loaded module.
+On most platforms, in order for the module to be usable, all of the 
+library dependencies must also be available as shared libraries.
+
+If you need to build the overlay statically, you will have to move it into the
+slapd/overlays directory and edit the Makefile and overlays.c to reference
+it. You will also have to define SLAPD_OVER_USN to SLAPD_MOD_STATIC,
+and add the relevant libraries to the main slapd link command.
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2007-2022 The OpenLDAP Foundation.
+Portions Copyright 2007 Howard Chu, Symas Corp. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-modules/usn/usn.c b/contrib/slapd-modules/usn/usn.c
new file mode 100644
index 0000000..abd6d13
--- /dev/null
+++ b/contrib/slapd-modules/usn/usn.c
@@ -0,0 +1,330 @@
+/* usn.c - Maintain Microsoft-style Update Sequence Numbers */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2007-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Howard Chu for inclusion in
+ * OpenLDAP Software.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_USN
+
+#include <stdio.h>
+
+#include <ac/string.h>
+#include <ac/socket.h>
+
+#include "slap.h"
+#include "slap-config.h"
+
+/* This overlay intercepts write operations and adds a Microsoft-style
+ * USN to the target entry.
+ */
+
+typedef struct usn_info {
+	int ui_current;
+	ldap_pvt_thread_mutex_t ui_mutex;
+} usn_info_t;
+
+static AttributeDescription *ad_usnCreated, *ad_usnChanged;
+
+static struct {
+	char *desc;
+	AttributeDescription **adp;
+} as[] = {
+	{ "( 1.2.840.113556.1.2.19 "
+	    "NAME 'uSNCreated' "
+	    "SYNTAX '1.2.840.113556.1.4.906' "
+		"SINGLE-VALUE "
+		"NO-USER-MODIFICATION )",
+		&ad_usnCreated },
+	{ "( 1.2.840.113556.1.2.120 "
+		"NAME 'uSNChanged' "
+		"SYNTAX '1.2.840.113556.1.4.906' "
+		"SINGLE-VALUE "
+		"NO-USER-MODIFICATION )",
+		&ad_usnChanged },
+	{ NULL }
+};
+
+static int
+usn_func( Operation *op, SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *) op->o_bd->bd_info;
+	usn_info_t		*ui = on->on_bi.bi_private;
+	int my_usn;
+	char intbuf[64];
+	struct berval bv[2];
+
+	ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
+	ui->ui_current++;
+	my_usn = ui->ui_current;
+	ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
+
+	BER_BVZERO(&bv[1]);
+	bv[0].bv_val = intbuf;
+	bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
+	switch(op->o_tag) {
+	case LDAP_REQ_ADD:
+		attr_merge( op->ora_e, ad_usnCreated, bv, NULL );
+		attr_merge( op->ora_e, ad_usnChanged, bv, NULL );
+		break;
+	case LDAP_REQ_DELETE:
+		/* Probably need to update root usnLastObjRem */
+		break;
+	default: {
+		/* Modify, ModDN */
+		Modifications *ml, *mod = ch_calloc( sizeof( Modifications ), 1 );
+		for ( ml = op->orm_modlist; ml && ml->sml_next; ml = ml->sml_next );
+		ml->sml_next = mod;
+		mod->sml_desc = ad_usnChanged;
+		mod->sml_numvals = 1;
+		value_add_one( &mod->sml_values, &bv[0] );
+		mod->sml_nvalues = NULL;
+		mod->sml_op = LDAP_MOD_REPLACE;
+		mod->sml_flags = 0;
+		mod->sml_next = NULL;
+		break;
+		}
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+usn_operational(
+	Operation *op,
+	SlapReply *rs )
+{
+	slap_overinst		*on = (slap_overinst *)op->o_bd->bd_info;
+	usn_info_t		*ui = (usn_info_t *)on->on_bi.bi_private;
+
+	if ( rs->sr_entry &&
+		dn_match( &rs->sr_entry->e_nname, op->o_bd->be_nsuffix )) {
+
+		if ( SLAP_OPATTRS( rs->sr_attr_flags ) ||
+			ad_inlist( ad_usnChanged, rs->sr_attrs )) {
+			Attribute *a, **ap = NULL;
+			char intbuf[64];
+			struct berval bv;
+			int my_usn;
+
+			for ( a=rs->sr_entry->e_attrs; a; a=a->a_next ) {
+				if ( a->a_desc == ad_usnChanged )
+					break;
+			}
+
+			if ( !a ) {
+				for ( ap = &rs->sr_operational_attrs; *ap;
+					ap=&(*ap)->a_next );
+
+					a = attr_alloc( ad_usnChanged );
+					*ap = a;
+				}
+
+			if ( !ap ) {
+				if ( rs_entry2modifiable( op,rs, on )) {
+					a = attr_find( rs->sr_entry->e_attrs,
+						ad_usnChanged );
+				}
+				ber_bvarray_free( a->a_vals );
+				a->a_vals = NULL;
+				a->a_numvals = 0;
+			}
+			ldap_pvt_thread_mutex_lock( &ui->ui_mutex );
+			my_usn = ui->ui_current;
+			ldap_pvt_thread_mutex_unlock( &ui->ui_mutex );
+			bv.bv_len = snprintf( intbuf, sizeof(intbuf), "%d", my_usn );
+			bv.bv_val = intbuf;
+			attr_valadd( a, &bv, NULL, 1 );
+		}
+	}
+	return SLAP_CB_CONTINUE;
+}
+
+/* Read the old USN from the underlying DB. This code is
+ * stolen from the syncprov overlay.
+ */
+static int
+usn_db_open(
+	BackendDB *be,
+	ConfigReply *cr)
+{
+	slap_overinst   *on = (slap_overinst *) be->bd_info;
+	usn_info_t *ui = (usn_info_t *)on->on_bi.bi_private;
+
+	Connection conn = { 0 };
+	OperationBuffer opbuf;
+	Operation *op;
+	Entry *e = NULL;
+	Attribute *a;
+	int rc;
+	void *thrctx = NULL;
+
+	thrctx = ldap_pvt_thread_pool_context();
+	connection_fake_init( &conn, &opbuf, thrctx );
+	op = &opbuf.ob_op;
+	op->o_bd = be;
+	op->o_dn = be->be_rootdn;
+	op->o_ndn = be->be_rootndn;
+
+	rc = overlay_entry_get_ov( op, be->be_nsuffix, NULL,
+		slap_schema.si_ad_contextCSN, 0, &e, on );
+
+	if ( e ) {
+		a = attr_find( e->e_attrs, ad_usnChanged );
+		if ( a ) {
+			ui->ui_current = atoi( a->a_vals[0].bv_val );
+		}
+		overlay_entry_release_ov( op, e, 0, on );
+	}
+	return 0;
+}
+
+static int
+usn_db_init(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	usn_info_t	*ui;
+
+	if ( SLAP_ISGLOBALOVERLAY( be ) ) {
+		Debug( LDAP_DEBUG_ANY,
+			"usn must be instantiated within a database.\n" );
+		return 1;
+	}
+
+	ui = ch_calloc(1, sizeof(usn_info_t));
+	ldap_pvt_thread_mutex_init( &ui->ui_mutex );
+	on->on_bi.bi_private = ui;
+	return 0;
+}
+
+static int
+usn_db_close(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	usn_info_t	*ui = on->on_bi.bi_private;
+	Connection conn = {0};
+	OperationBuffer opbuf;
+	Operation *op;
+	SlapReply rs = {REP_RESULT};
+	void *thrctx;
+
+	Modifications mod;
+	slap_callback cb = {0};
+	char intbuf[64];
+	struct berval bv[2];
+
+	thrctx = ldap_pvt_thread_pool_context();
+	connection_fake_init( &conn, &opbuf, thrctx );
+	op = &opbuf.ob_op;
+	op->o_bd = be;
+	BER_BVZERO( &bv[1] );
+	bv[0].bv_len = snprintf( intbuf, sizeof(intbuf), "%d", ui->ui_current );
+	bv[0].bv_val = intbuf;
+	mod.sml_numvals = 1;
+	mod.sml_values = bv;
+	mod.sml_nvalues = NULL;
+	mod.sml_desc = ad_usnChanged;
+	mod.sml_op = LDAP_MOD_REPLACE;
+	mod.sml_flags = 0;
+	mod.sml_next = NULL;
+
+	cb.sc_response = slap_null_cb;
+	op->o_tag = LDAP_REQ_MODIFY;
+	op->o_callback = &cb;
+	op->orm_modlist = &mod;
+	op->orm_no_opattrs = 1;
+	op->o_dn = be->be_rootdn;
+	op->o_ndn = be->be_rootndn;
+	op->o_req_dn = op->o_bd->be_suffix[0];
+	op->o_req_ndn = op->o_bd->be_nsuffix[0];
+	op->o_bd->bd_info = on->on_info->oi_orig;
+	op->o_managedsait = SLAP_CONTROL_NONCRITICAL;
+	op->o_no_schema_check = 1;
+	op->o_bd->be_modify( op, &rs );
+	if ( mod.sml_next != NULL ) {
+		slap_mods_free( mod.sml_next, 1 );
+	}
+	return 0;
+}
+
+static int
+usn_db_destroy(
+	BackendDB *be,
+	ConfigReply *cr
+)
+{
+	slap_overinst	*on = (slap_overinst *)be->bd_info;
+	usn_info_t	*ui = on->on_bi.bi_private;
+
+	ldap_pvt_thread_mutex_destroy( &ui->ui_mutex );
+	ch_free( ui );
+	on->on_bi.bi_private = NULL;
+	return 0;
+}
+
+/* This overlay is set up for dynamic loading via moduleload. For static
+ * configuration, you'll need to arrange for the slap_overinst to be
+ * initialized and registered by some other function inside slapd.
+ */
+
+static slap_overinst usn;
+
+int
+usn_init( void )
+{
+	int i, code;
+
+	memset( &usn, 0, sizeof( slap_overinst ) );
+	usn.on_bi.bi_type = "usn";
+	usn.on_bi.bi_flags = SLAPO_BFLAG_SINGLE;
+	usn.on_bi.bi_db_init = usn_db_init;
+	usn.on_bi.bi_db_destroy = usn_db_destroy;
+	usn.on_bi.bi_db_open = usn_db_open;
+	usn.on_bi.bi_db_close = usn_db_close;
+
+	usn.on_bi.bi_op_modify = usn_func;
+	usn.on_bi.bi_op_modrdn = usn_func;
+	usn.on_bi.bi_op_add = usn_func;
+	usn.on_bi.bi_op_delete = usn_func;
+	usn.on_bi.bi_operational = usn_operational;
+
+	for ( i = 0; as[i].desc; i++ ) {
+		code = register_at( as[i].desc, as[i].adp, 0 );
+		if ( code ) {
+			Debug( LDAP_DEBUG_ANY,
+				"usn_init: register_at #%d failed\n", i );
+			return code;
+		}
+	}
+	return overlay_register( &usn );
+}
+
+#if SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return usn_init();
+}
+#endif /* SLAPD_OVER_USN == SLAPD_MOD_DYNAMIC */
+
+#endif /* defined(SLAPD_OVER_USN) */
diff --git a/contrib/slapd-modules/variant/Makefile b/contrib/slapd-modules/variant/Makefile
new file mode 100644
index 0000000..07effed
--- /dev/null
+++ b/contrib/slapd-modules/variant/Makefile
@@ -0,0 +1,77 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2017 Ondřej Kuzník, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+SRCDIR = ./
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+INSTALL = /usr/bin/install
+CC = gcc
+OPT = -g -O2
+DEFS = -DSLAPD_OVER_VARIANT=SLAPD_MOD_DYNAMIC
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = variant.la
+MANPAGES = slapo-variant.5
+CLEAN = *.o *.lo *.la .libs
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+mandir = $(exec_prefix)/share/man
+man5dir = $(mandir)/man5
+
+all: $(PROGRAMS)
+
+d :=
+sp :=
+dir := tests
+include $(dir)/Rules.mk
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+variant.la: variant.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+		-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf $(CLEAN)
+
+install: install-lib install-man FORCE
+
+install-lib: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
+install-man: $(MANPAGES)
+	mkdir -p  $(DESTDIR)$(man5dir)
+	$(INSTALL) -m 644 $(MANPAGES) $(DESTDIR)$(man5dir)
+
+FORCE:
+
diff --git a/contrib/slapd-modules/variant/slapo-variant.5 b/contrib/slapd-modules/variant/slapo-variant.5
new file mode 100644
index 0000000..a480744
--- /dev/null
+++ b/contrib/slapd-modules/variant/slapo-variant.5
@@ -0,0 +1,472 @@
+.TH SLAPO-VARIANT 5 "RELEASEDATE" "OpenLDAP"
+.\" Copyright 2016-2017 Symas Corp. All Rights Reserved.
+.\" Copying restrictions apply.  See LICENSE.
+.SH NAME
+slapo\-variant \- share values between entries
+.SH SYNOPSIS
+olcOverlay=variant
+.SH DESCRIPTION
+The
+.B variant
+overlay to
+.BR slapd (8)
+allows attributes/values to be shared between several entries. In some ways
+this is similar to
+.BR slapo-collect (5)
+with the exception that the source and target attributes can be different.
+.LP
+The overlay operates on configured
+.B variant
+entries which can have several
+.B attributes
+each configured to borrow values from an attribute in the
+.B alternate
+entry.
+.LP
+Two types of
+.B variant
+entries can be configured,
+.B regular
+and
+.BR regex ,
+where the latter are configured with a regular expression and patterns to
+locate each alternate entry, with access to the variant DN and first nine
+submatches captured by the regular expression.
+.LP
+For most purposes (see
+.BR LIMITATIONS ,
+especially for
+.B regex
+variants), the resulting entry is completely transparent to the operations
+performed on it, e.g. a modify operation on the
+.B variant
+attribute gets transformed
+into an operation on the
+.B alternate
+entry+attribute. As such, the usual ACL rules apply, appropriate
+access to both the
+.B variant
+and
+.B alternate
+entry is checked.
+.LP
+As a special case,
+.B Add
+and
+.B Delete
+operations will not affect the
+.B alternate
+entries. Should an attempt be made to add a configured
+.B variant
+entry with the
+.B variant
+attributes already populated, the operation will be rejected with a
+.B Constraint
+.BR Violation .
+
+.SH CONFIGURATION LAYOUT
+
+The overlay has to be instantiated under a database adding an entry of
+.B olcOverlay=variant
+with objectClass of
+.BR olcVariantConfig .
+
+The overlay configuration subtree consists of the following levels:
+.RS
+.TP
+.B objectClass=olcVariantConfig
+Main overlay configuration. Created directly under the database
+configuration entry.
+.TP
+.B objectClass=olcVariantVariant
+Specifies a
+.B regular variant
+entry and must be a child of an entry with
+.BR objectClass=olcVariantConfig .
+There may be as many such entries as necessary provided they all specify a
+different DN in the
+.BR olcVariantEntry
+attribute.
+.TP
+.B objectClass=olcVariantAttribute
+Specifies a
+.B regular variant
+attribute together with information where the
+.B alternate
+attribute is stored. Must be a child of an entry with
+.BR objectClass=olcVariantVariant .
+There may be as many such entries as necessary provided they all specify a
+different attribute in
+.BR olcVariantVariantAttribute .
+.TP
+.B objectClass=olcVariantRegex
+Specifies a
+.B regex variant
+entry and must be a child of an entry with
+.BR objectClass=olcVariantConfig .
+There may be as many such entries as necessary provided they all specify a
+different DN in the
+.BR olcVariantEntryRegex
+attribute.
+.TP
+.B objectClass=olcVariantAttributePattern
+Specifies a
+.B regex variant
+attribute together with information where the
+.B alternate
+attribute is stored. Must be a child of an entry with
+.BR objectClass=olcVariantRegex .
+There may be as many such entries as necessary provided they all specify a
+different attribute in
+.BR olcVariantVariantAttribute .
+.RE
+
+In the case of
+.BR slapd.conf (5),
+the variant definition is delimited by the keyword
+.B variantDN
+followed by an arbitrary number of
+.B variantSpec
+providing the attribute definitions following it. Each new
+.B variantDN
+line starts configuring a new variant.
+
+.SH OVERLAY CONFIGURATION ENTRY
+
+The top entry
+.RB ( olcVariantConfig )
+has the following options available:
+
+.RS
+.TP
+.B olcVariantPassReplication: TRUE | FALSE
+If set to
+.BR TRUE ,
+.B search
+operations with the
+.B SyncReplication
+control will be passed unchanged so that replication can be unaffected.
+Defaults to
+.B FALSE
+while unset. The
+.BR slapd.conf (5)
+equivalent is
+.BR passReplication .
+.RE
+
+.SH VARIANT CONFIGURATION ENTRY
+
+The
+.B regular variant entry
+configuration
+.RB ( olcVariantVariant )
+has the following options available:
+
+.RS
+.TP
+.B olcVariantEntry: <dn>
+Mandatory attribute, indicates that the named entry is to be treated as a
+.B variant
+entry. The
+.BR slapd.conf (5)
+equivalent is
+.BR variantDN .
+.TP
+.B name: <reference>
+Name of the entry for reference, usually the attribute present in the
+configuration entry's RDN. There is no
+.BR slapd.conf (5)
+equivalent as this has no effect on the overlay operation.
+.RE
+
+Similarly, the
+.B regex variant entry
+configuration
+.RB ( olcVariantRegex )
+has these options available:
+
+.RS
+.TP
+.B olcVariantRegex: <regex>
+Mandatory attribute, indicates that the entries whose normalised DN matches is
+to be treated as a
+.B regex variant
+entry. The (POSIX.2) regex can use submatches to capture parts of the DN for
+later use in locating the
+.B alternative
+.BR entry .
+The
+.BR slapd.conf (5)
+equivalent is
+.BR variantRegex .
+.TP
+.B name: <reference>
+Name of the entry for reference, usually the attribute present in the
+configuration entry's RDN. There is no
+.BR slapd.conf (5)
+equivalent as this has no effect on the overlay operation.
+.RE
+
+.SH CONFIGURATION PRECEDENCE
+
+While several
+.B regex variants
+can match the same entry, only one can apply at a time. The list of the
+.B regular variants
+is checked first. Should none match, the list of
+.B regex variants
+is checked in the order they have been configured using only the first one that
+matches.
+
+.SH VARIANT ATTRIBUTE CONFIGURATION ENTRY
+
+The
+.B regular variant
+attribute configuration
+.RB ( olcVariantAttribute )
+and
+.B regex variant
+attribute configuration
+.RB ( olcVariantAttributePattern )
+have the following options available:
+
+.RS
+.TP
+.B name: <reference>
+Name of the attribute configuration for reference and/or documentation, if
+present, usually found in the configuration entry's RDN. There is no
+.BR slapd.conf (5)
+equivalent as this has no effect on the overlay operation.
+.TP
+.B olcVariantVariantAttribute: <attr>
+Mandatory attribute, indicates that the named attribute is not present in
+the
+.B variant
+entry but is to be retrieved from the
+.B alternate
+entry.
+.TP
+.B olcVariantAlternativeAttribute: <attr>
+Mandatory attribute, indicates that the values of the named attribute is to
+be retrieved from the
+.B alternate
+entry for use as the values of the
+.B variant
+attribute. The syntaxes of the corresponding
+.B variant
+and
+.B alternate
+attributes have to match or the configuration will be rejected.
+.TP
+.B olcVariantAlternativeEntry: <dn>
+Attribute mandatory for
+.B regular
+.BR variants ,
+indicates the
+.B alternate
+entry to use when retrieving the attribute from.
+.TP
+.B olcVariantAlternativeEntryPattern: <pattern>
+Attribute mandatory for
+.B regex
+.BR variants ,
+indicates the
+.B alternate
+entry to use when retrieving the attribute from. Substitution patterns
+.RB ( $n )
+can be used to insert parts of the variant entry's DN.
+.B $0
+will place the entire variant DN,
+.B $1
+to
+.B $9
+can be used to place respective capture patterns from the
+.B variant
+entry.
+.TP
+.B variantSpec <attr> <attr2> <dn>
+.BR slapd.conf (5)
+only. The equivalent to options above, where
+.B <attr>
+represents the
+.BR olcVariantVariantAttribute ,
+.B <attr2>
+represents the
+.B olcVariantAlternativeAttribute
+and
+.B <dn>
+has the same meaning as the content of
+.BR olcVariantAlternativeEntry .
+Has to follow a
+.B variantDN
+line in the overlay's configuration.
+.TP
+.B variantRegexSpec <attr> <attr2> <pattern>
+.BR slapd.conf (5)
+only. The equivalent to options above, where
+.B <attr>
+represents the
+.BR olcVariantVariantAttribute ,
+.B <attr2>
+represents the
+.B olcVariantAlternativeAttribute
+and
+.B <pattern>
+has the same meaning as the content of
+.BR olcVariantAlternativeEntryPattern .
+Has to follow a
+.B variantRegex
+line in the overlay's configuration.
+.RE
+
+.SH EXAMPLE
+
+The following is an example of a configured overlay, substitute
+.B $DATABASE
+for the DN of the database it is attached to and
+.B {x}
+with the desired position of the overlay in the overlay stack.
+
+.nf
+dn: olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantConfig
+olcOverlay: variant
+# Let replication requests pass through unmodified
+olcVariantPassReplication: TRUE
+
+# when an operation considers dc=example,dc=com
+dn: name=example,olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantVariant
+olcVariantEntry: dc=example,dc=com
+
+# share the Headquarters' address as the company address
+dn: olcVariantVariantAttribute=postaladdress,name={0}example,olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantVariantAttribute
+olcVariantVariantAttribute: postaladdress
+olcVariantAlternativeAttribute: postaladdress
+olcVariantAlternativeEntry: ou=Headquarters,dc=example,dc=com
+
+# populate telephonenumber from CEO's home phone
+dn: name=Take phone from CEO entry,name={0}example,olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantVariantAttribute
+olcVariantVariantAttribute: telephonenumber
+olcVariantAlternativeAttribute: homephone
+olcVariantAlternativeEntry: cn=John Doe,ou=People,dc=example,dc=com
+
+# Match all entries with example in the DN
+#
+# It will not match dc=example,dc=com as that's already configured as a regular
+# variant
+dn: name=example 2,olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantRegex
+olcVariantEntryRegex: .*example[^,]*,(.*)
+
+dn: olcVariantVariantAttribute=location,name={1}example 2,olcOverlay={x}variant,$DATABASE
+objectClass: olcVariantAttributePattern
+olcVariantVariantAttribute: location
+olcVariantAlternativeAttribute: location
+olcVariantAlternativeEntryPattern: ou=object with location,$1
+.fi
+
+The
+.BR slapd.conf (5)
+equivalent of the above follows (note that the converted
+.B cn=config
+will differ in the first variant attribute configuration entry):
+
+.nf
+overlay variant
+passReplication TRUE
+
+variantDN dc=example,dc=com
+variantSpec telephonenumber homephone "cn=John Doe,ou=People,dc=example,dc=com"
+variantSpec postaladdress postaladdress ou=Headquarters,dc=example,dc=com
+
+variantRegex .*example[^,]*,(.*)
+variantRegexSpec location location "ou=object with location,$1"
+.fi
+
+.SH REPLICATION
+
+There are two ways that a database with
+.BR slapo-variant (5)
+might be replicated, either replicating the data as stored in the database,
+or as seen by the clients interacting with the server.
+
+The former can be achieved by setting the overlay option
+.B olcVariantPassReplication
+on the provider and configuring
+.BR slapo-syncprov (5)
+to appear before (with a lower index than)
+.BR slapo-variant (5).
+This is the preferred way and the only to work with
+.B regex variants
+or support multi-provider replication,
+but care must be taken to configure
+.BR slapo-variant (5)
+correctly on each replica.
+
+The latter is mostly possible by keeping the option
+.B olcVariantPassReplication
+set to
+.B FALSE
+on the provider and configuring
+.BR slapo-syncprov (5)
+to appear after (with a higher index than)
+.BR slapo-variant (5).
+However, it will only really work for replication set-ups that do not
+utilise
+.B regex
+.BR variants ,
+delta-replication nor the refresh and persist mode and is therefore
+discouraged.
+
+.SH LIMITATIONS
+For
+.B regex
+.BR variants ,
+the
+.B Search
+operation will only apply if the search scope is set to
+.BR base .
+
+The
+.B ModRDN
+operation is not currently handled and will always modify only the entry in
+question, not the configured
+.B alternate
+entry.
+
+The
+.B Modify
+operation is not atomic with respect to the alternate entries. Currently,
+the overlay processes the operations on the entry, sends the result message
+and, if successful, starts modifying the
+.B alternate
+entries accordingly.
+There is currently no support to indicate whether modifications to the
+.B alternate
+entries have been successful or whether they have finished.
+
+The only control explicitly handled is the
+.B SyncReplication
+control if enabled through the
+.B olcVariantPassReplication
+setting, adding any controls to an operation that is handled by the overlay
+might lead to unexpected behaviour and is therefore discouraged.
+
+.SH FILES
+.TP
+ETCDIR/slapd.conf
+default slapd configuration file
+.TP
+ETCDIR/slapd.d
+default slapd configuration directory
+.SH SEE ALSO
+.BR slapd-config (5),
+.BR slapd.conf (5),
+.BR slapd.overlays (5),
+.BR regex (7),
+.BR slapd (8)
+.SH ACKNOWLEDGEMENTS
+This module was developed in 2016-2017 by Ondřej Kuzník for Symas Corp.
diff --git a/contrib/slapd-modules/variant/tests/Rules.mk b/contrib/slapd-modules/variant/tests/Rules.mk
new file mode 100644
index 0000000..c25c1d2
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/Rules.mk
@@ -0,0 +1,23 @@
+sp := $(sp).x
+dirstack_$(sp) := $(d)
+d := $(dir)
+
+.PHONY: test
+
+CLEAN += clients servers tests/progs tests/schema tests/testdata tests/testrun
+
+test: all clients servers tests/progs
+
+test:
+	cd tests; \
+		SRCDIR=$(abspath $(LDAP_SRC)) \
+		LDAP_BUILD=$(abspath $(LDAP_BUILD)) \
+		TOPDIR=$(abspath $(SRCDIR)) \
+		LIBTOOL=$(abspath $(LIBTOOL)) \
+			$(abspath $(SRCDIR))/tests/run all
+
+servers clients tests/progs:
+	ln -s $(abspath $(LDAP_BUILD))/$@ $@
+
+d := $(dirstack_$(sp))
+sp := $(basename $(sp))
diff --git a/contrib/slapd-modules/variant/tests/data/additional-config.ldif b/contrib/slapd-modules/variant/tests/data/additional-config.ldif
new file mode 100644
index 0000000..6a286fe
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/additional-config.ldif
@@ -0,0 +1,23 @@
+dn: name={4}test002,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+
+dn: name=attribute 1,name={4}test002,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantVariantAttribute: cn
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: dc=example,dc=com
+
+dn: name=attribute 2,name={4}test002,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantVariantAttribute: pager
+olcVariantAlternativeAttribute: telephonenumber
+olcVariantAlternativeEntry: dc=example,dc=com
+
+dn: name={0}attribute 1,name={4}test002,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcVariantVariantAttribute
+olcVariantVariantAttribute: description
diff --git a/contrib/slapd-modules/variant/tests/data/config.ldif b/contrib/slapd-modules/variant/tests/data/config.ldif
new file mode 100644
index 0000000..6e323b9
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/config.ldif
@@ -0,0 +1,89 @@
+dn: olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectclass: olcVariantConfig
+
+dn: olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcVariantPassReplication
+olcVariantPassReplication: TRUE
+
+dn: name={0}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: ou=People,dc=example,dc=com
+
+# a basic variant
+dn: olcVariantVariantAttribute=description,name={0}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: dc=example,dc=com
+
+# a nonexistent alternate
+dn: olcVariantVariantAttribute=seealso,name={0}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: seealso
+olcVariantAlternativeEntry: ou=Societies,dc=example,dc=com
+
+dn: name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: ou=Groups,dc=example,dc=com
+
+# recursive retrieval is not done
+dn: olcVariantVariantAttribute=description,name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: ou=People,dc=example,dc=com
+
+# a variant taking data from a different attribute (after the changes below)
+dn: olcVariantVariantAttribute=st,name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: st
+olcVariantAlternativeEntry: cn=Manager,dc=example,dc=com
+
+# configuration changes
+dn: olcVariantVariantAttribute={1}st,name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcVariantAlternativeAttribute
+olcVariantAlternativeAttribute: ou
+-
+replace: olcVariantAlternativeEntry
+olcVariantAlternativeEntry: ou=Alumni Association,ou=People,dc=example,dc=com
+-
+
+# a regex variant
+dn: name={2}regex,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantRegex
+olcVariantEntryRegex: (.*),(ou=.*technology.*)(,)dc=example,dc=com
+
+dn: olcVariantVariantAttribute=ou,name={2}regex,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttributePattern
+olcVariantAlternativeAttribute: ou
+olcVariantAlternativeEntryPattern: $2$3dc=example$3dc=com
+
+# Duplicate description into title
+dn: olcVariantVariantAttribute=title,name={2}regex,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttributePattern
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntryPattern: $0
+
+# everything
+dn: name={3}regex,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantRegex
+olcVariantEntryRegex: .*
+
+dn: olcVariantVariantAttribute=l,name={3}regex,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttributePattern
+olcVariantAlternativeAttribute: l
+olcVariantAlternativeEntryPattern: dc=example,dc=com
+
diff --git a/contrib/slapd-modules/variant/tests/data/hidden.ldif b/contrib/slapd-modules/variant/tests/data/hidden.ldif
new file mode 100644
index 0000000..d219746
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/hidden.ldif
@@ -0,0 +1,4 @@
+dn: ou=Groups,dc=example,dc=com
+changetype: modify
+add: description
+description: This is hidden by the overlay config
diff --git a/contrib/slapd-modules/variant/tests/data/test001-01-same-dn.ldif b/contrib/slapd-modules/variant/tests/data/test001-01-same-dn.ldif
new file mode 100644
index 0000000..880e035
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test001-01-same-dn.ldif
@@ -0,0 +1,4 @@
+dn: name=variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: ou=Groups,dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test001-01a-same-dn.ldif b/contrib/slapd-modules/variant/tests/data/test001-01a-same-dn.ldif
new file mode 100644
index 0000000..0fb8b2b
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test001-01a-same-dn.ldif
@@ -0,0 +1,4 @@
+dn: name={0}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcVariantEntry
+olcVariantEntry: ou=Groups,dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test001-02-same-attribute.ldif b/contrib/slapd-modules/variant/tests/data/test001-02-same-attribute.ldif
new file mode 100644
index 0000000..8447018
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test001-02-same-attribute.ldif
@@ -0,0 +1,6 @@
+dn: olcVariantAlternativeAttribute=description,name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantVariantAttribute: description
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: ou=People,dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test001-03-different-types.ldif b/contrib/slapd-modules/variant/tests/data/test001-03-different-types.ldif
new file mode 100644
index 0000000..dfbde5b
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test001-03-different-types.ldif
@@ -0,0 +1,4 @@
+dn: olcVariantVariantAttribute={1}st,name={1}variant,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: modify
+replace: olcVariantAlternativeAttribute
+olcVariantAlternativeAttribute: userPassword
diff --git a/contrib/slapd-modules/variant/tests/data/test002-01-entry.ldif b/contrib/slapd-modules/variant/tests/data/test002-01-entry.ldif
new file mode 100644
index 0000000..21b5b14
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test002-01-entry.ldif
@@ -0,0 +1,16 @@
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: add
+objectclass: testPerson
+cn: Gern Jensen
+sn: Jensen
+uid: gjensen
+postaladdress: ITD $ 535 W. William St $ Anytown, MI 48103
+seealso: cn=All Staff,ou=Groups,dc=example,dc=com
+drink: Coffee
+homepostaladdress: 844 Brown St. Apt. 4 $ Anytown, MI 48104
+description: Very odd
+facsimiletelephonenumber: +1 313 555 7557
+telephonenumber: +1 313 555 8343
+mail: gjensen@mailgw.example.com
+homephone: +1 313 555 8844
+testTime: 20050304001801.234Z
diff --git a/contrib/slapd-modules/variant/tests/data/test002-02-regex.ldif b/contrib/slapd-modules/variant/tests/data/test002-02-regex.ldif
new file mode 100644
index 0000000..8f0f439
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test002-02-regex.ldif
@@ -0,0 +1,7 @@
+dn: cn=Rosco P. Coltrane, ou=Information Technology Division, ou=People, dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Rosco P. Coltrane
+sn: Coltrane
+uid: rosco
+title: Chief Investigator, ITD
diff --git a/contrib/slapd-modules/variant/tests/data/test003-out.ldif b/contrib/slapd-modules/variant/tests/data/test003-out.ldif
new file mode 100644
index 0000000..1c3ca5d
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test003-out.ldif
@@ -0,0 +1,124 @@
+# Test 1, list two unrelated entries
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+
+
+# Test 2, list some of the variant entries, checking that attributes have been populated
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+st: Alumni Association
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+description: The Example, Inc. at Anytown
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+
+# Return $BASEDN, location is rewritten to end
+dn: dc=example,dc=com
+objectClass: top
+objectClass: organization
+objectClass: domainRelatedObject
+objectClass: dcObject
+dc: example
+st: Michigan
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+postalAddress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephoneNumber: +1 313 555 1817
+associatedDomain: example.com
+l: Anytown, Michigan
+
+
+# Make sure only the first regex applies
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+title: Hiker, biker
+ou: Information Technology Division
+
+
+# Exercise the last regex
+dn: cn=ITD Staff,ou=Groups,dc=example,dc=com
+owner: cn=Manager,dc=example,dc=com
+description: All ITD Staff
+cn: ITD Staff
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Manager,dc=example,dc=com
+uniqueMember: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=
+ example,dc=com
+uniqueMember: cn=James A Jones 2,ou=Information Technology Division,ou=People,
+ dc=example,dc=com
+uniqueMember: cn=John Doe,ou=Information Technology Division,ou=People,dc=exam
+ ple,dc=com
+l: Anytown, Michigan
+
+
+# Test 3, check filters pick up the new data
+dn: ou=Groups,dc=example,dc=com
+st: Alumni Association
+
diff --git a/contrib/slapd-modules/variant/tests/data/test005-changes.ldif b/contrib/slapd-modules/variant/tests/data/test005-changes.ldif
new file mode 100644
index 0000000..767f48a
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test005-changes.ldif
@@ -0,0 +1,35 @@
+dn: ou=People,dc=example,dc=com
+changetype: modify
+add: description
+description: Everyone's heard of them
+-
+increment: uidNumber
+uidNumber: 1
+-
+
+dn: ou=Groups,dc=example,dc=com
+changetype: modify
+add: st
+st: Alabama
+-
+
+# check regex
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+changetype: modify
+replace: description
+description: A mouthful
+-
+add: ou
+ou: The IT Crowd
+-
+
+# have the two mods merge
+dn: dc=example,dc=com
+changetype: modify
+add: l
+l: Locally
+-
+replace: st
+st: Antarctica
+-
diff --git a/contrib/slapd-modules/variant/tests/data/test005-modify-missing.ldif b/contrib/slapd-modules/variant/tests/data/test005-modify-missing.ldif
new file mode 100644
index 0000000..ce9c007
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test005-modify-missing.ldif
@@ -0,0 +1,4 @@
+dn: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+changetype: modify
+replace: description
+description: Ghost
diff --git a/contrib/slapd-modules/variant/tests/data/test005-out.ldif b/contrib/slapd-modules/variant/tests/data/test005-out.ldif
new file mode 100644
index 0000000..67e441b
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test005-out.ldif
@@ -0,0 +1,206 @@
+# Test1: list entries that should have been changed by ldapmodify
+dn: dc=example,dc=com
+objectclass: top
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+dc: example
+l: Anytown, Michigan
+l: Locally
+o: Example, Inc.
+o: EX
+o: Ex.
+description: The Example, Inc. at Anytown
+description: Everyone's heard of them
+postaladdress: Example, Inc. $ 535 W. William St. $ Anytown, MI 48109 $ US
+telephonenumber: +1 313 555 1817
+associateddomain: example.com
+st: Antarctica
+
+dn: ou=People,dc=example,dc=com
+objectclass: organizationalUnit
+objectclass: extensibleObject
+ou: People
+uidNumber: 1
+gidNumber: 0
+description: The Example, Inc. at Anytown
+description: Everyone's heard of them
+
+dn: ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Alumni Association
+ou: Alabama
+
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+st: alumni association
+st: alabama
+
+dn: ou=Information Technology Division,ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Information Technology Division
+ou: The IT Crowd
+description:: aMODwoPDgsKCw4PCgsOCwotFVlZQw4PCg8OCwoPDg8KCw4LCv0zDg8KDw4LCgsOD
+ woLDgsKKT8ODwoPDgsKDw4PCgsOCwqs6w4PCg8OCwoLDg8KCw4LCjUQkw4PCg8OCwoLDg8KCw4LCi
+ 01QUcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4
+ LCgsODwoLDgsKLRCQoZitEJMODwoPDgsKCw4PCgsOCwrfDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoP
+ Dg8KCw4LCgcODwoPDgsKDw4PCgsOCwqHDg8KDw4LCgsODwoLDgsKLRCQkZitEJMODwoPDgsKCw4PC
+ gsOCwrfDg8KDw4LCg8ODwoLDgsKQw4PCg8OCwoPDg8KCw4LCisODwoPDgsKCw4PCgsOCwotFUVZqU
+ MODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKAw4PCg8OCwoLDg8KCw4LCik85dCTDg8KDw4
+ LCgsODwoLDgsKFQ8ODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4L
+ Cvzl0JMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPD
+ gsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKLRCTDg8KDw4LCgsODwoLDgsKDw4PCg8OCwoLDg8KCw
+ 4LCuMODwoPDgsKDw4PCgsOCwoR0Q8ODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LChMODwo
+ PDgsKDw4PCgsOCwoFOdTrDg8KDw4LCg8ODwoLDgsKHw4PCg8OCwoPDg8KCw4LChMODwoPDgsKDw4P
+ CgsOCwoFOw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwrtHw4PCg8OCwoLDg8KCw4LChcOD
+ woPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsK4dMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODw
+ oLDgsKtR8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwo
+ PDgsKDw4PCgsOCwr9SfGrDg8KDw4LCgsODwoLDgsKLQGgxw4PCg8OCwoPDg8KCw4LCoWhQw4PCg8O
+ CwoPDg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKT8ODwoPDgsKCw4PCgsOC
+ wotEJDDDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHTDg8KDw4LCgsODwoLDgsKDw4PCg
+ 8OCwoPDg8KCw4LCuHXDg8KDw4LCgsODwoLDgsKLRCRqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4
+ PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpPDg8K
+ Dw4LCg8ODwoLDgsKQXV9eW8ODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoPD
+ g8KCw4LCgsODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODw
+ oPDgsKDw4PCgsOCwozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgs
+ OCwoxWV8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKxw4PCg8OCwoLDg8KCw4LCi3wkw4P
+ Cg8OCwoLDg8KCw4LCjcODwoPDgsKCw4PCgsOCwofDg8KDw4LCg8ODwoLDgsKof8ODwoPDgsKDw4PC
+ gsOCwr/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCg8ODwoPDgsKDw4PCgsOCwrh5w4PCg
+ 8OCwoLDg8KCw4LChzQzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PCgsOCworDg8KDw4LCgsODwo
+ LDgsKIw4PCg8OCwoLDg8KCw4LCuDFBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNdDF
+ Bw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPD
+ gsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw
+ 4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgs
+ KCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKAdcODwoPDgsKDw4PCgsOCwqhtw4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCsMODwoPDgsKC
+ w4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCt
+ sODwoPDgsKDw4PCgsOCwq7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4
+ PCgsOCwoPDg8KDw4LCg8ODwoLDgsKoZsODwoPDgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4w4P
+ Cg8OCwoLDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwpUzw4PCg8OCwoPDg8KCw4LCicODwoPDgsKCw4PC
+ gsOCworDg8KDw4LCgsODwoLDgsKISDJBw4PCg8OCwoPDg8KCw4LCvyTDg8KDw4LCgsODwoLDgsKNN
+ DJBw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwo
+ PDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8O
+ DwoPDgsKDw4PCgsOCwojDg8KDw4LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCnEzDg8KDw4LCgsOD
+ woLDgsKLSEBmw4PCg8OCwoLDg8KCw4LCg3lwdSTDg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw
+ 4LCv8ODwoPDgsKCw4PCgsOCwobDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwp/Dg8KDw4LCgsODwoLDgsKBw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwoj
+ Dg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCwpPDg8KDw4LCgsOD
+ woLDgsKBw4PCg8OCwoPDg8KCw4LCv1rDg8KDw4LCgsODwoLDgsKAw4PCg8OCwoLDg8KCw4LChMODw
+ oPDgsKCw4PCgsOCwodqw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwoBqaMODwoPDgsKCw4
+ PCgsOCwpBQw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDIMODwoPDgsKCw4PCgsOCwopPw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKOacODwoPDgsKCw4PCgsOCwrhf
+ XsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCw
+ oLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKGw4PCg8OCwoLDg8KCw4LCgM
+ ODwoPDgsKCw4PCgsOCwoRJw4PCg8OCwoLDg8KCw4LCgcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsO
+ DwoLDgsKIw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQ9w4PCg8OCwoLDg8KCw4LCgcOD
+ woPDgsKDw4PCgsOCwr9aw4PCg8OCwoLDg8KCw4LCgMODwoPDgsKCw4PCgsOCwoQxw4PCg8OCwoLDg
+ 8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwoM9w4PCg8OCwoPDg8KCw4LCm0
+ 7Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsK
+ Cw4PCgsOCwrhfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODw
+ oPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgs
+ OCwo7Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoLDg8KCw4LCkMODwoPDgsKDw4PCgsOCwojDg8KDw4L
+ CgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsK+
+ S8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKww4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKDw
+ 4PCgsOCwoTDg8KDw4LCgsODwoLDgsKKT1DDg8KDw4LCg8ODwoLDgsKoRsODwoPDgsKCw4PCgsOCwo
+ vDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwrZ0Y8ODwoPDgsK
+ Cw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK/dF/Dg8KDw4LCgsODwoLDgsKhdHpPw4PCg8OCwoLDg8KC
+ w4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PCg8OCwoPDg8KCw4LCqC1Jw4PCg8OCwoLDg8KCw4LChcODw
+ oPDgsKDw4PCgsOCwoB1RMODwoPDgsKCw4PCgsOCwqFwek/Dg8KDw4LCgsODwoLDgsKLw4PCg8OCwo
+ PDg8KCw4LCj1DDg8KDw4LCg8ODwoLDgsKoScODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsK
+ AdTPDg8KDw4LCgsODwoLDgsKhbHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo5Qw4PC
+ g8OCwoPDg8KCw4LCqEnDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHXDg8KDw4LCgsODw
+ oLDgsKhaHpPw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo9Qw4PCg8OCwoPDg8KCw4LCqM
+ ODwoPDgsKDw4PCgsOCwrpIw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoB1M8ODwoPDgsK
+ Dw4PCgsOCwoBfXsODwoPDgsKDw4PCgsOCwoLDg8KDw4LCgsODwoLDgsK4X17Dg8KDw4LCg8ODwoLD
+ gsKCw4PCg8OCwoLDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgjPDg8KDw4LCg8ODwoLDgsKAX17Dg
+ 8KDw4LCg8ODwoLDgsKCw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo7Dg8KDw4LCg8ODwo
+ LDgsKoJ8ODwoPDgsKDw4PCgsOCwq3Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODwoP
+ DgsKCw4PCgsOCwoPDg8KDw4LCg8ODwoLDgsK4aHU5w4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PC
+ gsOCwovDg8KDw4LCg8ODwoLDgsKOw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpDDg8KDw
+ 4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgs
+ KIw4PCg8OCwoPDg8KCw4LCv8ODwoPDgsKCw4PCgsOCwpLDg8KDw4LCg8ODwoLDgsKEw4PCg8OCwoL
+ Dg8KCw4LChcODwoPDgsKDw4PCgsOCwoB0IcODwoPDgsKCw4PCgsOCwovDg8KDw4LCgsODwoLDgsKA
+ w4PCg8OCwoPDg8KCw4LCtMODwoPDgsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKAdGbDg8KDw4LCg
+ sODwoLDgsKLQGY9dGY9dTPDg8KDw4LCg8ODwoLDgsKAX17Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwo
+ LDg8KCw4LCuF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwrhfXsODwoPDgsKDw4PCgsO
+ CwoIzw4PCg8OCwoPDg8KCw4LCgF9ew4PCg8OCwoPDg8KCw4LCgsODwoPDgsKCw4PCgsOCwovDg8KD
+ w4LCg8ODwoLDgsK/Ri9BUC9BRi9BWi9BZC9BWzBBZC9BZTBBZC9BZC9BbzBBZC9BeTBBw4PCg8OCw
+ oLDg8KCw4LCgzBBMUFhMUFrMUE=
+description:: UF7Dg8KDw4LCg8ODwoLDgsKCw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOC
+ wozDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg
+ 8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCqFDDg8KDw4LCg8ODwoLDgsKpRsODwoPDgsKDw4PCgsOCwo
+ zDg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKDw4PCgsOCwozDg8KDw4LCg8O
+ DwoLDgsKMw4PCg8OCwoPDg8KCw4LCjMODwoPDgsKCw4PCgsOCwotEJCDDg8KDw4LCgsODwoLDgsKD
+ w4PCg8OCwoPDg8KCw4LCrMODwoPDgsKCw4PCgsOCwotUJCRTw4PCg8OCwoLDg8KCw4LCi1wkJFbDg
+ 8KDw4LCgsODwoLDgsKJTCRXVVBSU8ODwoPDgsKDw4PCgsOCwqjDg8KDw4LCg8ODwoLDgsKdT8ODwo
+ PDgsKCw4PCgsOCwoN8JDB1w4PCg8OCwoPDg8KCw4LCh8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8O
+ DwoLDgsKBTsODwoPDgsKDw4PCgsOCwqktw4PCg8OCwoLDg8KCw4LCg3wkMHTDg8KDw4LCgsODwoLD
+ gsKDfCQww4PCg8OCwoLDg8KCw4LChTPDg8KDw4LCg8ODwoLDgsK2OTXDg8KDw4LCg8ODwoLDgsKAw
+ 4PCg8OCwoPDg8KCw4LCgU7Dg8KDw4LCgsODwoLDgsKEIMODwoPDgsKCw4PCgsOCwqFIw4PCg8OCwo
+ PDg8KCw4LChU7Dg8KDw4LCgsODwoLDgsKJNcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCg8ODwoLDgsK
+ BTsODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsKIw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKD
+ w4PCgsOCwr9TXMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw
+ 4LChMODwoPDgsKCw4PCgsOCwpHDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLIEjDg8
+ KDw4LCg8ODwoLDgsKFTlDDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ngw4PCg8OCwoL
+ Dg8KCw4LCi8ODwoPDgsKDw4PCgsOCwpjDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCm3Rx
+ w4PCg8OCwoLDg8KCw4LCizvDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi8ODwoPDgsKDw
+ 4PCgsOCwr9XaMODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGdGLDg8KDw4LCgsODwo
+ LDgsKLf2zDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCi1D
+ Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8OD
+ woLDgsKow4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwq10SmgoT03Dg8KDw4LCgsODwoLDg
+ sKLw4PCg8OCwoPDg8KCw4LCjcODwoPDgsKDw4PCgsOCwqggTMODwoPDgsKCw4PCgsOCwoXDg8KDw4
+ LCg8ODwoLDgsKAdDrDg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLTSBQUcODwoPDgsK
+ Dw4PCgsOCwr/Dg8KDw4LCg8ODwoLDgsKMw4PCg8OCwoLDg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKL
+ RCQoZitEJCDDg8KDw4LCgsODwoLDgsK3w4PCg8OCwoPDg8KCw4LCiMODwoPDgsKDw4PCgsOCwoHDg
+ 8KDw4LCg8ODwoLDgsKhw4PCg8OCwoLDg8KCw4LCi0QkJGYrRCTDg8KDw4LCgsODwoLDgsK3w4PCg8
+ OCwoPDg8KCw4LCkMODwoPDgsKDw4PCgsOCworDg8KDw4LCgsODwoLDgsKLRSBRVmpQw4PCg8OCwoP
+ Dg8KCw4LCv8ODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsODwoLDgsKKTzl0JHXDg8KDw4LCgsODwoLD
+ gsKhOXQkw4PCg8OCwoLDg8KCw4LChW/Dg8KDw4LCg8ODwoLDgsK/w4PCg8OCwoPDg8KCw4LCv8ODw
+ oPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKhRMODwoPDgsKDw4PCgsOCwoVOw4PCg8OCwoLDg8
+ KCw4LCi8ODwoPDgsKDw4PCgsOCwojDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCv1Ncw4P
+ Cg8OCwoLDg8KCw4LCiUQkw4PCg8OCwoLDg8KCw4LChcODwoPDgsKDw4PCgsOCwoDDg8KDw4LCgsOD
+ woLDgsKEw4PCg8OCwoPDg8KCw4LCtjPDg8KDw4LCg8ODwoLDgsK2w4PCg8OCwoLDg8KCw4LCjUQkw
+ 4PCg8OCwoLDg8KCw4LCiyBEw4PCg8OCwoPDg8KCw4LChU5Qw4PCg8OCwoLDg8KCw4LCi8ODwoPDgs
+ KDw4PCgsOCwr9TYMODwoPDgsKCw4PCgsOCwovDg8KDw4LCg8ODwoLDgsK4w4PCg8OCwoLDg8KCw4L
+ ChcODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKEw4PCg8OCwoPDg8KCw4LCkMODwoPDgsKC
+ w4PCgsOCwovDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCj8ODwoPDgsKDw4PCgsOCwr9Ta
+ MODwoPDgsKCw4PCgsOCwolEJDvDg8KDw4LCg8ODwoLDgsKGw4PCg8OCwoLDg8KCw4LChMODwoPDgs
+ KCw4PCgsOCwr3Dg8KDw4LCgsODwoLDgsKNRCTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4L
+ Cj1DDg8KDw4LCg8ODwoLDgsK/U2zDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoPDg8KCw4LCqMODwoPD
+ gsKCw4PCgsOCwoXDg8KDw4LCg8ODwoLDgsKtw4PCg8OCwoLDg8KCw4LChMODwoPDgsKCw4PCgsOCw
+ p9oMMODwoPDgsKDw4PCgsOCwolMw4PCg8OCwoLDg8KCw4LCi8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4
+ LCg8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCq0vDg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4L
+ CgMODwoPDgsKCw4PCgsOCwoTDg8KDw4LCgsODwoLDgsKLw4PCg8OCwoLDg8KCw4LCi0QkOcODwoPD
+ gsKCw4PCgsOCwrDDg8KDw4LCg8ODwoLDgsKEdEU5w4PCg8OCwoLDg8KCw4LCtTR0PcODwoPDgsKCw
+ 4PCgsOCwovDg8KDw4LCg8ODwoLDgsKNw4PCg8OCwoPDg8KCw4LCqMODwoPDgsKDw4PCgsOCwo5Lw4
+ PCg8OCwoLDg8KCw4LCi0AgUMODwoPDgsKDw4PCgsOCwr/Dg8KDw4LCgsODwoLDgsKsw4PCg8OCwoL
+ Dg8KCw4LCik/Dg8KDw4LCgsODwoLDgsKFw4PCg8OCwoPDg8KCw4LCgHUow4PCg8OCwoLDg8KCw4LC
+ i8ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCgsODwoLDgsKJw4PCg8OCwoLDg8KCw4LCtTTDg8KDw4LCg
+ 8ODwoLDgsKow4PCg8OCwoPDg8KCw4LCl8ODwoPDgsKDw4PCgsOCwrtWw4PCg8OCwoLDg8KCw4LCi8
+ ODwoPDgsKDw4PCgsOCwo3Dg8KDw4LCg8ODwoLDgsKow4PCg8OCwoLDg8KCw4LCnw==
+
+
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+title: Hiker, biker
+ou: Information Technology Division
+ou: The IT Crowd
+
diff --git a/contrib/slapd-modules/variant/tests/data/test005-variant-missing.ldif b/contrib/slapd-modules/variant/tests/data/test005-variant-missing.ldif
new file mode 100644
index 0000000..54fd3a5
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test005-variant-missing.ldif
@@ -0,0 +1,4 @@
+dn: ou=People,dc=example,dc=com
+changetype: modify
+replace: seealso
+seealso: dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test006-config.ldif b/contrib/slapd-modules/variant/tests/data/test006-config.ldif
new file mode 100644
index 0000000..c668134
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test006-config.ldif
@@ -0,0 +1,61 @@
+dn: name={4}Mark,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=description,name={4}Mark,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: cn
+olcVariantAlternativeEntry: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+
+dn: name={5}Elliot,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=title,name={5}Elliot,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: cn
+olcVariantAlternativeEntry: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=description,name={5}Elliot,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com
+
+dn: name={6}Doe,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: sn=Doe,ou=Add & Delete,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=title,name={6}Doe,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: cn
+olcVariantAlternativeEntry: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=description,name={6}Doe,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com
+
+dn: name={7}Group,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantVariant
+olcVariantEntry: cn=Group,ou=Add & Delete,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=seeAlso,name={7}Group,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: member
+olcVariantAlternativeEntry: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
+
+dn: olcVariantVariantAttribute=description,name={7}Group,olcOverlay={0}variant,olcDatabase={1}@BACKEND@,cn=config
+changetype: add
+objectclass: olcVariantAttribute
+olcVariantAlternativeAttribute: description
+olcVariantAlternativeEntry: cn=Alumni Assoc Staff,ou=Groups,dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test006-out.ldif b/contrib/slapd-modules/variant/tests/data/test006-out.ldif
new file mode 100644
index 0000000..03910c0
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test006-out.ldif
@@ -0,0 +1,151 @@
+# reading Mark Elliot as anonymous
+
+# reading the same as various users
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark A Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+description: Mark A Elliot
+
+dn: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark Elliot
+sn: Elliot
+uid: melliot
+postalAddress: Alumni Association $ 111 Maple St $ Anytown, MI 48109
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+homePostalAddress: 199 Outer Drive $ Ypsilanti, MI 48198
+homePhone: +1 313 555 0388
+drink: Gasoline
+title: Director, UM Alumni Association
+mail: melliot@mail.alumni.example.com
+pager: +1 313 555 7671
+facsimileTelephoneNumber: +1 313 555 7762
+telephoneNumber: +1 313 555 4177
+description: Mark Elliot
+
+
+# Add & Delete subtree contents as seen by Babs
+dn: ou=Add & Delete,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Add & Delete
+
+dn: sn=Doe,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John
+uid: jd
+sn: Doe
+title: John Doe
+
+dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark
+uid: me
+sn: Elliot
+title: Mark A Elliot
+
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+objectClass: groupOfNames
+member: dc=example,dc=com
+cn: group
+description: All Alumni Assoc Staff
+seeAlso: cn=Manager,dc=example,dc=com
+seeAlso: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+
+
+# Add & Delete subtree contents as seen by Bjorn
+dn: ou=Add & Delete,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Add & Delete
+
+dn: sn=Doe,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John
+uid: jd
+sn: Doe
+title: Jonathon Doe
+
+dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark
+uid: me
+sn: Elliot
+title: Mark Elliot
+
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+objectClass: groupOfNames
+member: dc=example,dc=com
+cn: group
+description: All Alumni Assoc Staff
+seeAlso: cn=Manager,dc=example,dc=com
+seeAlso: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+
+
+# Final state of ou=Add & Delete,dc=example,dc=com as seen by the Manager
+dn: ou=Add & Delete,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Add & Delete
+
+dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com
+objectClass: inetOrgPerson
+sn: Jensen
+cn: Added by Bjorn
+description: added by jaj (should succeed)
+
+dn: sn=Doe,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: John
+uid: jd
+sn: Doe
+description: added by jaj (should succeed)
+title: John Doe
+title: Jonathon Doe
+
+dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+objectClass: OpenLDAPperson
+cn: Mark
+uid: me
+sn: Elliot
+description: added by jaj (should succeed)
+title: Mark Elliot
+title: Mark A Elliot
+
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+objectClass: groupOfNames
+member: dc=example,dc=com
+cn: group
+description: All Alumni Assoc Staff
+description: another one added by bjorn (should succeed)
+seeAlso: cn=Manager,dc=example,dc=com
+seeAlso: cn=Dorothy Stevens,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Ursula Hampster,ou=Alumni Association,ou=People,dc=example,dc=com
+seeAlso: cn=Bjorn Jensen,ou=Information Technology DivisioN,ou=People,dc=examp
+ le,dc=com
+seeAlso: cn=Barbara Jensen,ou=Information Technology DivisioN,ou=People,dc=exa
+ mple,dc=com
+
diff --git a/contrib/slapd-modules/variant/tests/data/test007-out.ldif b/contrib/slapd-modules/variant/tests/data/test007-out.ldif
new file mode 100644
index 0000000..cf1aac8
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test007-out.ldif
@@ -0,0 +1,6 @@
+# Testing searches against attribute supertypes...
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+st: Alumni Association
+
diff --git a/contrib/slapd-modules/variant/tests/data/test010-out.ldif b/contrib/slapd-modules/variant/tests/data/test010-out.ldif
new file mode 100644
index 0000000..28603e1
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test010-out.ldif
@@ -0,0 +1,52 @@
+# Test 1, trigger sizelimit without overlay interference
+dn: cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc
+ =com
+objectClass: OpenLDAPperson
+cn: Bjorn Jensen
+cn: Biiff Jensen
+sn: Jensen
+uid: bjorn
+seeAlso: cn=All Staff,ou=Groups,dc=example,dc=com
+userPassword:: Ympvcm4=
+homePostalAddress: 19923 Seven Mile Rd. $ South Lyon, MI 49999
+drink: Iced Tea
+description: Hiker, biker
+title: Director, Embedded Systems
+postalAddress: Info Tech Division $ 535 W. William St. $ Anytown, MI 48103
+mail: bjorn@mailgw.example.com
+homePhone: +1 313 555 5444
+pager: +1 313 555 4474
+facsimileTelephoneNumber: +1 313 555 2177
+telephoneNumber: +1 313 555 0355
+Size limit exceeded (4)
+
+# Test 2, check sizelimit is not triggered when it matches the number of entries returned
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+st: Alumni Association
+
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+description: The Example, Inc. at Anytown
+
+dn: cn=Manager,dc=example,dc=com
+objectClass: person
+cn: Manager
+cn: Directory Manager
+cn: Dir Man
+sn: Manager
+description: Manager of the directory
+userPassword:: c2VjcmV0
+
+# Test 3, check sizelimit will stop at the right time
+dn: ou=Groups,dc=example,dc=com
+objectClass: organizationalUnit
+ou: Groups
+st: Alumni Association
+Size limit exceeded (4)
+
diff --git a/contrib/slapd-modules/variant/tests/data/test011-out.ldif b/contrib/slapd-modules/variant/tests/data/test011-out.ldif
new file mode 100644
index 0000000..07604f8
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test011-out.ldif
@@ -0,0 +1,10 @@
+# ldapsearch does not return anything tangible in the output if it enounters a referral
+
+# Asking for the referral will return LDAP_REFERRAL
+Referral (10)
+Matched DN: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+Referral: ldap://hostB/cn=Gern%20Jensen,ou=Information%20Technology%20Division,ou=People,dc=example,dc=com??sub
+# Asking for anything under a referral will do the same
+Referral (10)
+Matched DN: cn=Gern Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com
+Referral: ldap://hostB/cn=child,cn=Gern%20Jensen,ou=Information%20Technology%20Division,ou=People,dc=example,dc=com??sub
diff --git a/contrib/slapd-modules/variant/tests/data/test012-data.ldif b/contrib/slapd-modules/variant/tests/data/test012-data.ldif
new file mode 100644
index 0000000..8b8d8b3
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test012-data.ldif
@@ -0,0 +1,13 @@
+dn: dc=demonstration,dc=com
+changetype: add
+objectclass: organization
+objectclass: domainRelatedObject
+objectclass: dcobject
+o: demo
+associateddomain: demonstration.com
+
+dn: ou=Societies,dc=demonstration,dc=com
+changetype: add
+objectclass: organizationalUnit
+ou: Societies
+seealso: dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/data/test012-out.ldif b/contrib/slapd-modules/variant/tests/data/test012-out.ldif
new file mode 100644
index 0000000..bd31fa0
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/test012-out.ldif
@@ -0,0 +1,9 @@
+dn: ou=People,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: extensibleObject
+ou: People
+uidNumber: 0
+gidNumber: 0
+seealso: dc=example,dc=com
+description: The Example, Inc. at Anytown
+
diff --git a/contrib/slapd-modules/variant/tests/data/variant.conf b/contrib/slapd-modules/variant/tests/data/variant.conf
new file mode 100644
index 0000000..dba6c46
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/data/variant.conf
@@ -0,0 +1,17 @@
+overlay variant
+passReplication TRUE
+
+variantDN ou=People,dc=example,dc=com
+variantSpec seealso seealso ou=Societies,dc=example,dc=com
+variantSpec description description dc=example,dc=com
+
+variantRegex "(.*),(ou=.*technology.*)(,)dc=example,dc=com"
+variantRegexSpec title description $0
+variantRegexSpec ou ou "$2$3dc=example$3dc=com"
+
+variantDN ou=Groups,dc=example,dc=com
+variantSpec st ou "ou=Alumni Association,ou=People,dc=example,dc=com"
+variantSpec description description ou=People,dc=example,dc=com
+
+variantRegex .*
+variantRegexSpec l l dc=example,dc=com
diff --git a/contrib/slapd-modules/variant/tests/run b/contrib/slapd-modules/variant/tests/run
new file mode 100755
index 0000000..6a38431
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/run
@@ -0,0 +1,229 @@
+#!/bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+USAGE="$0 [-b <backend>] [-c] [-k] [-l #] [-p] [-s {ro|rp}] [-u] [-w] <script>"
+
+TOPSRCDIR="${SRCDIR-$LDAP_SRC}"
+SRCDIR="${TOPSRCDIR}/tests"
+eval `grep EGREP_CMD= ${LDAP_BUILD}/tests/run`
+eval `$EGREP_CMD -e '^LN_S=' ${LDAP_BUILD}/tests/run`
+
+export SRCDIR TOPSRCDIR LN_S EGREP_CMD
+
+. "${SRCDIR}/scripts/defines.sh"
+
+BACKEND=
+CLEAN=no
+WAIT=0
+KILLSERVERS=yes
+PRESERVE=${PRESERVE-no}
+SYNCMODE=${SYNCMODE-rp}
+USERDATA=no
+LOOP=1
+COUNTER=1
+
+while test $# -gt 0 ; do
+	case "$1" in
+		-b | -backend)
+			BACKEND="$2"
+			shift; shift ;;
+
+		-c | -clean)
+			CLEAN=yes
+			shift ;;
+
+		-k | -kill)
+			KILLSERVERS=no
+			shift ;;
+		-l | -loop)
+			NUM="`echo $2 | sed 's/[0-9]//g'`"
+			if [ -z "$NUM" ]; then
+				LOOP=$2
+			else
+				echo "Loop variable not an int: $2"
+				echo "$USAGE"; exit 1
+			fi
+			shift ;
+			shift ;;
+
+		-p | -preserve)
+			PRESERVE=yes
+			shift ;;
+
+		-s | -syncmode)
+			case "$2" in
+				ro | rp)
+					SYNCMODE="$2"
+					;;
+				*)
+					echo "unknown sync mode $2"
+					echo "$USAGE"; exit 1
+					;;
+			esac
+			shift; shift ;;
+
+		-u | -userdata)
+			USERDATA=yes
+			shift ;;
+
+		-w | -wait)
+			WAIT=1
+			shift ;;
+
+		-)
+			shift
+			break ;;
+
+		-*)
+			echo "$USAGE"; exit 1
+			;;
+
+		*)
+			break ;;
+	esac
+done
+
+eval `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run`
+export `$EGREP_CMD -e '^AC' ${LDAP_BUILD}/tests/run | sed 's/=.*//'`
+
+if test -z "$BACKEND" ; then
+	for b in mdb ; do
+		if eval "test \"\$AC_$b\" != no" ; then
+			BACKEND=$b
+			break
+		fi
+	done
+	if test -z "$BACKEND" ; then
+		echo "No suitable default database backend configured" >&2
+		exit 1
+	fi
+fi
+
+BACKENDTYPE=`eval 'echo $AC_'$BACKEND`
+if test "x$BACKENDTYPE" = "x" ; then
+	BACKENDTYPE="unknown"
+fi
+
+# Backend features.  indexdb: indexing and unchecked limit.
+# maindb: main storage backend.  Currently index,limits,mode,paged results.
+INDEXDB=noindexdb MAINDB=nomaindb
+case $BACKEND in
+	mdb) INDEXDB=indexdb MAINDB=maindb ;;
+	ndb) INDEXDB=indexdb ;;
+esac
+
+export	BACKEND BACKENDTYPE INDEXDB MAINDB \
+	WAIT KILLSERVERS PRESERVE SYNCMODE USERDATA \
+	SRCDIR
+
+if test $# = 0 ; then
+	echo "$USAGE"; exit 1
+fi
+
+# need defines.sh for the definitions of the directories
+. $SRCDIR/scripts/defines.sh
+
+SCRIPTDIR="${TOPDIR}/tests/scripts"
+
+export SCRIPTDIR
+
+SCRIPTNAME="$1"
+shift
+
+if test -x "${SCRIPTDIR}/${SCRIPTNAME}" ; then
+	SCRIPT="${SCRIPTDIR}/${SCRIPTNAME}"
+elif test -x "`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/test*-${SCRIPTNAME}`"
+elif test -x "`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"; then
+	SCRIPT="`echo ${SCRIPTDIR}/${SCRIPTNAME}-*`"
+else
+	echo "run: ${SCRIPTNAME} not found (or not executable)"
+	exit 1;
+fi
+
+if test ! -r ${DATADIR}/test.ldif ; then
+	${LN_S} ${SRCDIR}/data ${DATADIR}
+fi
+if test ! -r ${SCHEMADIR}/core.schema ; then
+	${LN_S} ${TOPSRCDIR}/servers/slapd/schema ${SCHEMADIR}
+fi
+if test ! -r ./data; then
+	${LN_S} ${TOPDIR}/tests/data ./
+fi
+
+if test -d ${TESTDIR} ; then
+	if test $PRESERVE = no ; then
+		echo "Cleaning up test run directory leftover from previous run."
+		/bin/rm -rf ${TESTDIR}
+	elif test $PRESERVE = yes ; then
+		echo "Cleaning up only database directories leftover from previous run."
+		/bin/rm -rf ${TESTDIR}/db.*
+	fi
+fi
+if test $BACKEND = ndb ; then
+	mysql --user root <<EOF
+	drop database if exists db_1;
+	drop database if exists db_2;
+	drop database if exists db_3;
+	drop database if exists db_4;
+	drop database if exists db_5;
+	drop database if exists db_6;
+EOF
+fi
+mkdir -p ${TESTDIR}
+
+if test $USERDATA = yes ; then
+	if test ! -d userdata ; then
+		echo "User data directory (userdata) does not exist."
+		exit 1
+	fi
+	cp -R userdata/* ${TESTDIR}
+fi
+
+# disable LDAP initialization
+LDAPNOINIT=true; export LDAPNOINIT
+
+echo "Running ${SCRIPT} for ${BACKEND}..."
+while [ $COUNTER -le $LOOP ]; do
+	if [ $LOOP -gt 1 ]; then
+		echo "Running $COUNTER of $LOOP iterations"
+	fi
+	$SCRIPT $*
+	RC=$?
+
+	if test $CLEAN = yes ; then
+		echo "Cleaning up test run directory from this run."
+		/bin/rm -rf ${TESTDIR}
+		echo "Cleaning up symlinks."
+		/bin/rm -f ${DATADIR} ${SCHEMADIR}
+	fi
+
+	if [ $RC -ne 0 ]; then
+		if [ $LOOP -gt 1 ]; then
+			echo "Failed after $COUNTER of $LOOP iterations"
+		fi
+		exit $RC
+	else
+		COUNTER=`expr $COUNTER + 1`
+		if [ $COUNTER -le $LOOP ]; then
+			echo "Cleaning up test run directory from this run."
+			/bin/rm -rf ${TESTDIR}
+		fi
+	fi
+done
+exit $RC
diff --git a/contrib/slapd-modules/variant/tests/scripts/all b/contrib/slapd-modules/variant/tests/scripts/all
new file mode 100755
index 0000000..d6d6dc7
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/all
@@ -0,0 +1,102 @@
+#! /bin/sh
+# $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 1998-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+
+. $SRCDIR/scripts/defines.sh
+
+TB="" TN=""
+if test -t 1 ; then
+	TB=`$SHTOOL echo -e "%B" 2>/dev/null`
+	TN=`$SHTOOL echo -e "%b" 2>/dev/null`
+fi
+
+FAILCOUNT=0
+SKIPCOUNT=0
+SLEEPTIME=10
+
+echo ">>>>> Executing all LDAP tests for $BACKEND"
+
+if [ -n "$NOEXIT" ]; then
+	echo "Result	Test" > $TESTWD/results
+fi
+
+for CMD in ${SCRIPTDIR}/test*; do
+	case "$CMD" in
+		*~)		continue;;
+		*.bak)	continue;;
+		*.orig)	continue;;
+		*.sav)	continue;;
+		*)		test -f "$CMD" || continue;;
+	esac
+
+	# remove cruft from prior test
+	if test $PRESERVE = yes ; then
+		/bin/rm -rf $TESTDIR/db.*
+	else
+		/bin/rm -rf $TESTDIR
+	fi
+	if test $BACKEND = ndb ; then
+		mysql --user root <<EOF
+		drop database if exists db_1;
+		drop database if exists db_2;
+		drop database if exists db_3;
+		drop database if exists db_4;
+		drop database if exists db_5;
+		drop database if exists db_6;
+EOF
+	fi
+
+	BCMD=`basename $CMD`
+	if [ -x "$CMD" ]; then
+		echo ">>>>> Starting ${TB}$BCMD${TN} for $BACKEND..."
+		$CMD
+		RC=$?
+		if test $RC -eq 0 ; then
+			echo ">>>>> $BCMD completed ${TB}OK${TN} for $BACKEND."
+		else
+			echo ">>>>> $BCMD ${TB}failed${TN} for $BACKEND"
+			FAILCOUNT=`expr $FAILCOUNT + 1`
+
+			if [ -n "$NOEXIT" ]; then
+				echo "Continuing."
+			else
+				echo "(exit $RC)"
+				exit $RC
+			fi
+		fi
+	else
+		echo ">>>>> Skipping ${TB}$BCMD${TN} for $BACKEND."
+		SKIPCOUNT=`expr $SKIPCOUNT + 1`
+		RC="-"
+	fi
+
+	if [ -n "$NOEXIT" ]; then
+		echo "$RC	$BCMD" >> $TESTWD/results
+	fi
+
+#	echo ">>>>> waiting $SLEEPTIME seconds for things to exit"
+#	sleep $SLEEPTIME
+	echo ""
+done
+
+if [ -n "$NOEXIT" ]; then
+	if [ "$FAILCOUNT" -gt 0 ]; then
+		cat $TESTWD/results
+		echo "$FAILCOUNT tests for $BACKEND ${TB}failed${TN}. Please review the test log."
+	else
+		echo "All executed tests for $BACKEND ${TB}succeeded${TN}."
+	fi
+fi
+
+echo "$SKIPCOUNT tests for $BACKEND were ${TB}skipped${TN}."
diff --git a/contrib/slapd-modules/variant/tests/scripts/common.sh b/contrib/slapd-modules/variant/tests/scripts/common.sh
new file mode 100755
index 0000000..3b155ad
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/common.sh
@@ -0,0 +1,115 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016-2017 by Ondřej Kuzník for Symas Corp.
+
+OVERLAY_CONFIG=${OVERLAY_CONFIG-data/config.ldif}
+
+mkdir -p $TESTDIR $DBDIR1
+
+echo "Running slapadd to build slapd database..."
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $ADDCONF
+$SLAPADD -f $ADDCONF -l $LDIFORDERED
+RC=$?
+if test $RC != 0 ; then
+	echo "slapadd failed ($RC)!"
+	exit $RC
+fi
+
+mkdir $TESTDIR/confdir
+. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
+
+$SLAPPASSWD -g -n >$CONFIGPWF
+echo "database config" >>$CONF1
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF1
+
+echo "Starting slapd on TCP/IP port $PORT1 for configuration..."
+$SLAPD -f $CONF1 -F $TESTDIR/confdir -h $URI1 -d $LVL > $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Making a modification that will be hidden by the test config..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/hidden.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
+	-s base -b 'cn=module{0},cn=config' 1.1 >$TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: `pwd`/../variant.la
+EOMOD
+	;;
+32)
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: `pwd`/../variant.la
+EOMOD
+	;;
+*)
+	echo "Failed testing for module load entry"
+	exit $RC;
+	;;
+esac
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Loading test variant configuration..."
+. $CONFFILTER $BACKEND $MONITORDB < $OVERLAY_CONFIG | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
diff --git a/contrib/slapd-modules/variant/tests/scripts/test001-config b/contrib/slapd-modules/variant/tests/scripts/test001-config
new file mode 100755
index 0000000..7a5559f
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test001-config
@@ -0,0 +1,209 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Applying invalid changes to config (should fail)..."
+for CHANGE in data/test001-*.ldif; do
+	echo "... $CHANGE"
+	. $CONFFILTER $BACKEND $MONITORDB < $CHANGE | \
+	$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF \
+		>> $TESTOUT 2>&1
+	RC=$?
+	case $RC in
+	0)
+		echo "ldapmodify should have failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit 1
+		;;
+	80)
+		echo "ldapmodify failed ($RC)"
+		;;
+	*)
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+		;;
+	esac
+done
+
+# We run this search after the changes above and before restart so we can also
+# check the reconfiguration attempts actually had no side effects
+echo "Saving search output before server restart..."
+echo "# search output from dynamically configured server..." >> $SERVER3OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	>> $SERVER3OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Stopping slapd on TCP/IP port $PORT1..."
+kill -HUP $KILLPIDS
+KILLPIDS=""
+sleep $SLEEP0
+echo "Starting slapd on TCP/IP port $PORT1..."
+$SLAPD -F $TESTDIR/confdir -h $URI1 -d $LVL >> $LOG1 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI1 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Testing slapd.conf support..."
+mkdir $TESTDIR/conftest $DBDIR2
+. $CONFFILTER $BACKEND $MONITORDB < $CONFTWO \
+	| sed -e '/^argsfile.*/a\
+moduleload ../variant.la' \
+		  -e '/database.*monitor/i\
+include data/variant.conf' \
+	> $CONF2
+echo "database config" >>$CONF2
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF2
+
+$SLAPADD -f $CONF2 -l $LDIFORDERED
+$SLAPD -Tt -f $CONF2 -F $TESTDIR/conftest -d $LVL >> $LOG2 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "slaptest failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Starting slapd on TCP/IP port $PORT2..."
+$SLAPD -F $TESTDIR/conftest -h $URI2 -d $LVL >> $LOG2 2>&1 &
+PID=$!
+if test $WAIT != 0 ; then
+	echo PID $PID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $PID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$MONITOR" -H $URI2 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for slapd to start..."
+	sleep ${SLEEP1}
+done
+
+echo "Gathering overlay configuration from both servers..."
+echo "# overlay configuration from dynamically configured server..." >> $SERVER1OUT
+$LDAPSEARCH -D cn=config -H $URI1 -y $CONFIGPWF \
+	-b "olcOverlay={0}variant,olcDatabase={1}$BACKEND,cn=config" \
+	>> $SERVER1OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "# overlay configuration from server configured from slapd.conf..." >> $SERVER2OUT
+$LDAPSEARCH -D cn=config -H $URI2 -y $CONFIGPWF \
+	-b "olcOverlay={0}variant,olcDatabase={1}$BACKEND,cn=config" \
+	>> $SERVER2OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# We've already filtered out the ordering markers, now sort the entries
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s a < $SERVER2OUT > $SERVER2FLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s a < $SERVER1OUT > $SERVER1FLT
+echo "Comparing filter output..."
+$CMP $SERVER2FLT $SERVER1FLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+rm $SERVER1OUT $SERVER2OUT
+
+echo "Comparing search output on both servers..."
+echo "# search output from dynamically configured server..." >> $SERVER1OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	>> $SERVER1OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "# search output from server configured from slapd.conf..." >> $SERVER2OUT
+$LDAPSEARCH -b "$BASEDN" -H $URI2 \
+	>> $SERVER2OUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SERVER1OUT > $SERVER1FLT
+$LDIFFILTER -s e < $SERVER2OUT > $SERVER2FLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $SERVER3OUT > $SERVER3FLT
+echo "Comparing filter output..."
+$CMP $SERVER3FLT $SERVER1FLT > $CMPOUT && \
+$CMP $SERVER3FLT $SERVER2FLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test002-add-delete b/contrib/slapd-modules/variant/tests/scripts/test002-add-delete
new file mode 100755
index 0000000..bd316b2
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test002-add-delete
@@ -0,0 +1,113 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Adding entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-01-entry.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Configuring entry as variant..."
+. $CONFFILTER $BACKEND $MONITORDB < data/additional-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Removing entry..."
+$LDAPDELETE -D $MANAGERDN -H $URI1 -w $PASSWD \
+	"cn=Gern Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapdelete failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Adding entry again (should fail)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-01-entry.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+19)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Adding a regex entry (should fail)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test002-02-regex.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+19)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Adding entry with offending attributes removed..."
+grep -v '^description:' data/test002-01-entry.ldif | \
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test003-search b/contrib/slapd-modules/variant/tests/scripts/test003-search
new file mode 100755
index 0000000..2284ab7
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test003-search
@@ -0,0 +1,113 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Testing searches against regular entries..."
+echo "# Testing searches against regular entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	"(|(name=Elliot)(description=*hiker*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s one -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -s base -H $URI1 \
+	-b "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	'(ou=Information Technology Division)' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "cn=ITD Staff,ou=Groups,$BASEDN" -s base -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	"(st=Alumni Association)" st \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test004-compare b/contrib/slapd-modules/variant/tests/scripts/test004-compare
new file mode 100755
index 0000000..c87d347
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test004-compare
@@ -0,0 +1,63 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Comparing a regular entry..."
+$LDAPCOMPARE -H $URI1 \
+	"cn=Mark Elliot,ou=Alumni Association,ou=People,$BASEDN" \
+	"cn:Mark Elliot" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Comparing a variant entry..."
+$LDAPCOMPARE -H $URI1 \
+	"ou=People,$BASEDN" \
+	"description:The Example, Inc. at Anytown" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Comparing a regex entry..."
+$LDAPCOMPARE -H $URI1 \
+	"cn=Barbara Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	"ou:Information Technology Division" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test005-modify b/contrib/slapd-modules/variant/tests/scripts/test005-modify
new file mode 100755
index 0000000..4cbf289
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test005-modify
@@ -0,0 +1,120 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Modifying entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-changes.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# for now, overlay returns success just after the modifications to the main
+# entry succeed, ignoring the rest should they fail
+echo "Modifying a nonexistent variant of an existing entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-variant-missing.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Configuring nonexistent entry as variant..."
+. $CONFFILTER $BACKEND $MONITORDB < data/additional-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Modifying an existing variant of above missing entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test005-modify-missing.ldif >> $TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+32)
+	echo "ldapmodify failed ($RC)"
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Reading affected entries back..."
+echo "# Reading affected entries back..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	'(|(description=*heard*)(st=*)(ou=alabama)(ou=*IT*))' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >>$SEARCHOUT
+$LDAPSEARCH -H $URI1 -s base \
+	-b "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test005-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test006-acl b/contrib/slapd-modules/variant/tests/scripts/test006-acl
new file mode 100755
index 0000000..6b34fb8
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test006-acl
@@ -0,0 +1,323 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+case "$BACKEND" in ldif | null)
+	echo "$BACKEND backend does not support access controls, test skipped"
+	exit 0
+esac
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+CONF=$ACLCONF
+. ${SCRIPTDIR}/common.sh
+
+echo "Applying test-specific configuration..."
+. $CONFFILTER $BACKEND $MONITORDB < data/test006-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: organizationalUnit
+ou: Add & Delete
+
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectclass: groupOfNames
+member: dc=example,dc=com
+
+dn: sn=Doe,ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: John
+uid: jd
+
+dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectclass: OpenLDAPperson
+cn: Mark
+uid: me
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing search ACL processing..."
+
+echo "# Try to read an entry inside the Alumni Association container.
+# It should give us noSuchObject if we're not bound..." \
+>> $SEARCHOUT
+# FIXME: temporarily remove the "No such object" message to make
+# the test succeed even if SLAP_ACL_HONOR_DISCLOSE is not #define'd
+$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 "(objectclass=*)" \
+	2>&1 | grep -v "No such object" >> $SEARCHOUT
+
+echo >>$SEARCHOUT
+echo "# ... and should return appropriate attributes if we're bound as anyone
+# under Example." \
+>> $SEARCHOUT
+$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \
+	-D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+$LDAPSEARCH -b "$MELLIOTDN" -H $URI1 \
+	-D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+echo >>$SEARCHOUT
+echo "# Add & Delete subtree contents as seen by Babs" >> $SEARCHOUT
+$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \
+	-D "$BABSDN" -w bjensen "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+echo >>$SEARCHOUT
+echo "# Add & Delete subtree contents as seen by Bjorn" >> $SEARCHOUT
+$LDAPSEARCH -b "ou=Add & Delete,dc=example,dc=com" -H $URI1 \
+	-D "$BJORNSDN" -w bjorn "(objectclass=*)" >> $SEARCHOUT 2>&1
+
+echo "Testing modifications..."
+echo "... ACL on the alternative entry"
+$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: seealso
+seealso: $BJORNSDN
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: description
+description: added by bjensen (should fail)
+EOMODS
+RC=$?
+case $RC in
+50)
+	;;
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+$LDAPMODIFY -D "$MANAGERDN" -H $URI1 -w $PASSWD >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=group,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: seealso
+seealso: $BABSDN
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Alumni Assoc Staff, ou=Groups, dc=example, dc=com
+changetype: modify
+add: description
+description: added by bjorn (removed later)
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Group,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+delete: description
+description: added by bjorn (removed later)
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com
+changetype: add
+objectClass: inetOrgPerson
+sn: Jensen
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Group,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: description
+description: another one added by bjorn (should succeed)
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "... ACL on the variant entry"
+$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Group,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: description
+description: added by bjensen (should fail)
+EOMODS
+RC=$?
+case $RC in
+50)
+	;;
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+$LDAPMODIFY -D "$BJORNSDN" -H $URI1 -w bjorn >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: sn=Doe,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+add: description
+description: added by bjorn (will be removed)
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+$LDAPMODIFY -D "$BABSDN" -H $URI1 -w bjensen >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: cn=Added by Bjorn,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+replace: description
+description: added by bjensen (should fail)
+EOMODS
+RC=$?
+case $RC in
+50)
+	;;
+0)
+	echo "ldapmodify should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit -1
+	;;
+*)
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+$LDAPMODIFY -D "$JAJDN" -H $URI1 -w jaj >> \
+	$TESTOUT 2>&1 << EOMODS
+dn: sn=Elliot,ou=Add & Delete,dc=example,dc=com
+changetype: modify
+delete: description
+description: added by bjorn (will be removed)
+-
+add: description
+description: added by jaj (should succeed)
+EOMODS
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+sleep $SLEEP0
+
+echo >>$SEARCHOUT
+echo "Using ldapsearch to retrieve all the entries..."
+echo "# Using ldapsearch to retrieve all the entries..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "ou=Add & Delete,dc=example,dc=com" \
+	-D "$MANAGERDN" -H $URI1 -w $PASSWD \
+	'objectClass=*' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test006-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "comparison failed - operations did not complete correctly"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test007-subtypes b/contrib/slapd-modules/variant/tests/scripts/test007-subtypes
new file mode 100755
index 0000000..177fc33
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test007-subtypes
@@ -0,0 +1,67 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Comparing supertype of a variant attribute..."
+$LDAPCOMPARE -H $URI1 \
+	"ou=Groups,$BASEDN" \
+	"name:Alumni Association" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 6 && test $RC,$BACKEND != 5,null ; then
+	echo "ldapcompare failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Testing searches against attribute supertypes..."
+echo "# Testing searches against attribute supertypes..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	"(&(name=groups)(name=Alumni Association))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test007-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test008-variant-replication b/contrib/slapd-modules/variant/tests/scripts/test008-variant-replication
new file mode 100755
index 0000000..63e2d7e
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test008-variant-replication
@@ -0,0 +1,194 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$SYNCPROV" = syncprovno; then 
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi 
+
+. ${SCRIPTDIR}/common.sh
+
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: olcOverlay={0}variant,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcVariantPassReplication
+olcVariantPassReplication: FALSE
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+if test "$SYNCPROV" = syncprovmod; then
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: $LDAP_BUILD/servers/slapd/overlays/syncprov.la
+EOMOD
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+fi
+
+echo "Configuring syncprov on the provider..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: olcOverlay=syncprov,olcDatabase={1}$BACKEND,cn=config
+changetype: add
+objectclass: olcSyncProvConfig
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+mkdir $DBDIR4
+
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4
+$SLAPD -f $CONF4 -h $URI4 -d $LVL > $LOG4 2>&1 &
+CONSUMERPID=$!
+if test $WAIT != 0 ; then
+	echo CONSUMERPID $CONSUMERPID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $CONSUMERPID"
+
+sleep $SLEEP0
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$BASEDN" -H $URI4 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for consumer to start replication..."
+	sleep ${SLEEP1}
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Testing searches against regular entries..."
+echo "# Testing searches against regular entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(name=Elliot)(description=*hiker*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing replicated variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing replicated variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s one -H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# regex variants do not replicate correctly and this is documented
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# regex variants do not replicate correctly and this is documented
+echo >> $SEARCHOUT
+$LDAPSEARCH -s base -H $URI1 \
+	-b "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	'(ou=Information Technology Division)' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+# regex variants do not replicate correctly and this is documented
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "cn=ITD Staff,ou=Groups,$BASEDN" -s base -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on replicated variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on replicated variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(st=Alumni Association)" st \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test009-ignored-replication b/contrib/slapd-modules/variant/tests/scripts/test009-ignored-replication
new file mode 100755
index 0000000..aefbfa9
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test009-ignored-replication
@@ -0,0 +1,227 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+if test "$SYNCPROV" = syncprovno; then 
+	echo "Syncrepl provider overlay not available, test skipped"
+	exit 0
+fi 
+
+. ${SCRIPTDIR}/common.sh
+
+if test "$SYNCPROV" = syncprovmod; then
+	$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: $LDAP_BUILD/servers/slapd/overlays/syncprov.la
+EOMOD
+
+	RC=$?
+	if test $RC != 0 ; then
+		echo "ldapmodify failed ($RC)!"
+		test $KILLSERVERS != no && kill -HUP $KILLPIDS
+		exit $RC
+	fi
+fi
+
+echo "Configuring syncprov on the provider..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	> $TESTOUT 2>&1 <<EOMOD
+dn: olcOverlay={0}syncprov,olcDatabase={1}$BACKEND,cn=config
+changetype: add
+objectclass: olcSyncProvConfig
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+mkdir $DBDIR4 $TESTDIR/confdir-consumer
+
+echo "Starting consumer slapd on TCP/IP port $PORT4..."
+. $CONFFILTER $BACKEND $MONITORDB < $P1SRCONSUMERCONF > $CONF4
+
+echo "database config" >>$CONF4
+echo "rootpw `$SLAPPASSWD -T $CONFIGPWF`" >>$CONF4
+
+$SLAPD -f $CONF4 -F $TESTDIR/confdir-consumer -h $URI4 -d $LVL > $LOG4 2>&1 &
+CONSUMERPID=$!
+if test $WAIT != 0 ; then
+	echo CONSUMERPID $CONSUMERPID
+	read foo
+fi
+KILLPIDS="$KILLPIDS $CONSUMERPID"
+
+sleep $SLEEP0
+
+echo "Setting up variant overlay on consumer..."
+$LDAPSEARCH -D cn=config -H $URI4 -y $CONFIGPWF \
+	-s base -b 'cn=module{0},cn=config' 1.1 >$TESTOUT 2>&1
+RC=$?
+case $RC in
+0)
+	$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: `pwd`/../variant.la
+EOMOD
+	;;
+32)
+	$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=module,cn=config
+changetype: add
+objectClass: olcModuleList
+olcModuleLoad: `pwd`/../variant.la
+EOMOD
+	;;
+*)
+	echo "Failed testing for module load entry"
+	exit $RC;
+	;;
+esac
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+. $CONFFILTER $BACKEND $MONITORDB < $OVERLAY_CONFIG | \
+$LDAPMODIFY -v -D cn=config -H $URI4 -y $CONFIGPWF \
+	> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+for i in 0 1 2 3 4 5; do
+	$LDAPSEARCH -s base -b "$BASEDN" -H $URI4 \
+		'objectclass=*' > /dev/null 2>&1
+	RC=$?
+	if test $RC = 0 ; then
+		break
+	fi
+	echo "Waiting ${SLEEP1} seconds for consumer to start replication..."
+	sleep ${SLEEP1}
+done
+
+echo "Waiting ${SLEEP1} seconds for consumer to finish replicating..."
+sleep ${SLEEP1}
+
+echo "Testing searches against regular entries..."
+echo "# Testing searches against regular entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(|(name=Elliot)(description=*hiker*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches listing replicated variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches listing replicated variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s one -H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s base -H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -s base -H $URI4 \
+	-b "cn=Bjorn Jensen,ou=Information Technology Division,ou=People,$BASEDN" \
+	'(ou=Information Technology Division)' \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo >> $SEARCHOUT
+$LDAPSEARCH -b "cn=ITD Staff,ou=Groups,$BASEDN" -s base -H $URI4 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on replicated variants..."
+echo >> $SEARCHOUT
+echo "# Testing searches filtering on replicated variants..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI4 \
+	"(st=Alumni Association)" st \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test003-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test010-limits b/contrib/slapd-modules/variant/tests/scripts/test010-limits
new file mode 100755
index 0000000..5828922
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test010-limits
@@ -0,0 +1,99 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Testing searches against regular entries..."
+echo "# Testing searches against regular entries..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	-z 1 "(|(name=Elliot)(description=*hiker*))" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapsearch should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+4)
+	echo "sizelimit reached ($RC)"
+	;;
+*)
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+echo "Testing searches listing variants where limits just fit..."
+echo "# Testing searches listing variants where limits just fit..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -s one -H $URI1 \
+	-z 3 >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Testing searches filtering on variants going over the specified limit..."
+echo "# Testing searches filtering on variants going over the specified limit..." >> $SEARCHOUT
+$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+	-z 1 "(name=Alumni Association)" \
+	>> $SEARCHOUT 2>&1
+RC=$?
+case $RC in
+0)
+	echo "ldapsearch should have failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+	;;
+4)
+	echo "sizelimit reached ($RC)"
+	;;
+*)
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+	;;
+esac
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test010-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER -s e < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER -s e < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test011-referral b/contrib/slapd-modules/variant/tests/scripts/test011-referral
new file mode 100755
index 0000000..37d6d8c
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test011-referral
@@ -0,0 +1,169 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+TESTDN="cn=Gern Jensen,ou=Information Technology Division,ou=People,$BASEDN"
+
+echo "Adding referral..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: $TESTDN
+changetype: add
+objectclass: referral
+objectclass: extensibleObject
+ref: ldap://hostB HostB
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Configuring referral as variant..."
+. $CONFFILTER $BACKEND $MONITORDB < data/additional-config.ldif | \
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Retrieving a referral variant..."
+echo "# Retrieving a referral variant..." >> $SEARCHOUT
+$LDAPSEARCH -LLL -b "$BASEDN" -H $URI1 \
+	'(cn=Gern Jensen)' >> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch: unexpected result ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Retrieving a referral variant (returns a referral)..."
+echo "# Retrieving a referral variant (returns a referral)..." >> $SEARCHOUT
+$LDAPSEARCH -b "$TESTDN" -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 10 ; then
+	echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Modifying a referral variant (returns a referral)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: $TESTDN
+changetype: modify
+delete: description
+EOMOD
+RC=$?
+if test $RC != 10 ; then
+	echo "ldapmodify: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Comparing a referral variant (returns a referral)..."
+$LDAPCOMPARE -H $URI1 "$TESTDN" \
+	"description:The Example, Inc. at Anytown" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 10; then
+	echo "ldapcompare: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+echo "Reconfiguring variant underneath a referral..."
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: name={4}test002,olcOverlay={0}variant,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcVariantEntry
+olcVariantEntry: cn=child,$TESTDN
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Retrieving a variant under a referral (returns a referral)..."
+echo "# Retrieving a variant under a referral (returns a referral)..." >> $SEARCHOUT
+$LDAPSEARCH -b "cn=child,$TESTDN" -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 10 ; then
+	echo "ldapsearch: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Modifying a variant under a referral (returns a referral)..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	>> $TESTOUT 2>&1 <<EOMOD
+dn: cn=child,$TESTDN
+changetype: modify
+delete: description
+EOMOD
+RC=$?
+if test $RC != 10 ; then
+	echo "ldapmodify: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Comparing a variant under a referral (returns a referral)..."
+$LDAPCOMPARE -H $URI1 "cn=child,$TESTDN" \
+	"description:The Example, Inc. at Anytown" >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 10; then
+	echo "ldapcompare: unexpected result ($RC)! (referral expected)"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit 1
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test011-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/tests/scripts/test012-crossdb b/contrib/slapd-modules/variant/tests/scripts/test012-crossdb
new file mode 100755
index 0000000..8854a1b
--- /dev/null
+++ b/contrib/slapd-modules/variant/tests/scripts/test012-crossdb
@@ -0,0 +1,90 @@
+#! /bin/sh
+## $OpenLDAP$
+## This work is part of OpenLDAP Software <http://www.openldap.org/>.
+##
+## Copyright 2016-2022 The OpenLDAP Foundation.
+## All rights reserved.
+##
+## Redistribution and use in source and binary forms, with or without
+## modification, are permitted only as authorized by the OpenLDAP
+## Public License.
+##
+## A copy of this license is available in the file LICENSE in the
+## top-level directory of the distribution or, alternatively, at
+## <http://www.OpenLDAP.org/license.html>.
+##
+## ACKNOWLEDGEMENTS:
+## This module was written in 2016 by Ondřej Kuzník for Symas Corp.
+
+echo "running defines.sh"
+. $SRCDIR/scripts/defines.sh
+
+. ${SCRIPTDIR}/common.sh
+
+echo "Setting up another database and variant using an alternate there..."
+mkdir $DBDIR2
+$LDAPMODIFY -v -D cn=config -H $URI1 -y $CONFIGPWF \
+	<<EOMOD >> $TESTOUT 2>&1
+dn: olcDatabase=ldif,cn=config
+changetype: add
+objectclass: olcLdifConfig
+olcSuffix: dc=demonstration,dc=com
+olcDbDirectory: $DBDIR2
+olcRootDn: $MANAGERDN
+
+dn: olcVariantVariantAttribute={1}seealso,name={0}variant,olcOverlay={0}variant,olcDatabase={1}$BACKEND,cn=config
+changetype: modify
+replace: olcVariantAlternativeEntry
+olcVariantAlternativeEntry: ou=Societies,dc=demonstration,dc=com
+EOMOD
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Adding alternate entry..."
+$LDAPMODIFY -D $MANAGERDN -H $URI1 -w $PASSWD \
+	-f data/test012-data.ldif >> $TESTOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapmodify failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+echo "Checking the variant gets resolved correctly..."
+echo "# Testing a search against a variant using another DB..." >> $SEARCHOUT
+#$LDAPSEARCH -b "$BASEDN" -H $URI1 \
+#    "seealso=dc=example,dc=com" \
+$LDAPSEARCH -b "ou=People,$BASEDN" -s base -H $URI1 \
+	>> $SEARCHOUT 2>&1
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+test $KILLSERVERS != no && kill -HUP $KILLPIDS
+
+LDIF=data/test012-out.ldif
+
+echo "Filtering ldapsearch results..."
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+echo "Filtering expected entries..."
+$LDIFFILTER < $LDIF > $LDIFFLT
+echo "Comparing filter output..."
+$CMP $SEARCHFLT $LDIFFLT > $CMPOUT
+
+if test $? != 0 ; then
+	echo "Comparison failed"
+	exit 1
+fi
+
+echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
+exit 0
diff --git a/contrib/slapd-modules/variant/variant.c b/contrib/slapd-modules/variant/variant.c
new file mode 100644
index 0000000..edf4832
--- /dev/null
+++ b/contrib/slapd-modules/variant/variant.c
@@ -0,0 +1,1424 @@
+/* variant.c - variant overlay */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2016-2021 Symas Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was developed in 2016-2017 by Ondřej Kuzník for Symas Corp.
+ */
+
+#include "portable.h"
+
+#ifdef SLAPD_OVER_VARIANT
+
+#include "slap.h"
+#include "slap-config.h"
+#include "ldap_queue.h"
+
+typedef enum variant_type_t {
+	VARIANT_INFO_PLAIN = 1 << 0,
+	VARIANT_INFO_REGEX = 1 << 1,
+
+	VARIANT_INFO_ALL = ~0
+} variant_type_t;
+
+typedef struct variant_info_t {
+	int passReplication;
+	LDAP_STAILQ_HEAD(variant_list, variantEntry_info) variants, regex_variants;
+} variant_info_t;
+
+typedef struct variantEntry_info {
+	variant_info_t *ov;
+	struct berval dn;
+	variant_type_t type;
+	regex_t *regex;
+	LDAP_SLIST_HEAD(attribute_list, variantAttr_info) attributes;
+	LDAP_STAILQ_ENTRY(variantEntry_info) next;
+} variantEntry_info;
+
+typedef struct variantAttr_info {
+	variantEntry_info *variant;
+	struct berval dn;
+	AttributeDescription *attr, *alternative;
+	LDAP_SLIST_ENTRY(variantAttr_info) next;
+} variantAttr_info;
+
+static int
+variant_build_dn(
+		Operation *op,
+		variantAttr_info *vai,
+		int nmatch,
+		regmatch_t *pmatch,
+		struct berval *out )
+{
+	struct berval dn, *ndn = &op->o_req_ndn;
+	char *dest, *p, *prev, *end = vai->dn.bv_val + vai->dn.bv_len;
+	size_t len = vai->dn.bv_len;
+	int rc;
+
+	p = vai->dn.bv_val;
+	while ( (p = memchr( p, '$', end - p )) != NULL ) {
+		len -= 1;
+		p += 1;
+
+		if ( ( *p >= '0' ) && ( *p <= '9' ) ) {
+			int i = *p - '0';
+
+			len += ( pmatch[i].rm_eo - pmatch[i].rm_so );
+		} else if ( *p != '$' ) {
+			/* Should have been checked at configuration time */
+			assert(0);
+		}
+		len -= 1;
+		p += 1;
+	}
+
+	dest = dn.bv_val = ch_realloc( out->bv_val, len + 1 );
+	dn.bv_len = len;
+
+	prev = vai->dn.bv_val;
+	while ( (p = memchr( prev, '$', end - prev )) != NULL ) {
+		len = p - prev;
+		AC_MEMCPY( dest, prev, len );
+		dest += len;
+		p += 1;
+
+		if ( ( *p >= '0' ) && ( *p <= '9' ) ) {
+			int i = *p - '0';
+			len = pmatch[i].rm_eo - pmatch[i].rm_so;
+
+			AC_MEMCPY( dest, ndn->bv_val + pmatch[i].rm_so, len );
+			dest += len;
+		} else if ( *p == '$' ) {
+			*dest++ = *p;
+		}
+		prev = p + 1;
+	}
+	len = end - prev;
+	AC_MEMCPY( dest, prev, len );
+	dest += len;
+	*dest = '\0';
+
+	rc = dnNormalize( 0, NULL, NULL, &dn, out, NULL );
+	ch_free( dn.bv_val );
+
+	return rc;
+}
+
+static int
+variant_build_entry(
+		Operation *op,
+		variantEntry_info *vei,
+		struct berval *dn,
+		Entry **ep,
+		int nmatch,
+		regmatch_t *pmatch )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	BackendDB *be_orig = op->o_bd, *db;
+	struct berval ndn = BER_BVNULL;
+	variantAttr_info *vai;
+	Attribute *a;
+	BerVarray nvals;
+	Entry *e;
+	unsigned int i;
+	int rc;
+
+	assert( ep );
+	assert( !*ep );
+
+	rc = overlay_entry_get_ov( op, dn, NULL, NULL, 0, &e, on );
+	if ( rc == LDAP_SUCCESS && is_entry_referral( e ) ) {
+		overlay_entry_release_ov( op, e, 0, on );
+		rc = LDAP_REFERRAL;
+	}
+
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	*ep = entry_dup( e );
+	overlay_entry_release_ov( op, e, 0, on );
+
+	LDAP_SLIST_FOREACH( vai, &vei->attributes, next ) {
+		if ( vei->type == VARIANT_INFO_REGEX ) {
+			rc = variant_build_dn( op, vai, nmatch, pmatch, &ndn );
+			if ( rc != LDAP_SUCCESS ) {
+				goto done;
+			}
+		} else {
+			ndn = vai->dn;
+		}
+
+		(void)attr_delete( &(*ep)->e_attrs, vai->attr );
+		op->o_bd = be_orig;
+
+		/* only select backend if not served by ours, would retrace all
+		 * overlays again */
+		db = select_backend( &ndn, 0 );
+		if ( db && db != be_orig->bd_self ) {
+			op->o_bd = db;
+			rc = be_entry_get_rw( op, &ndn, NULL, vai->alternative, 0, &e );
+		} else {
+			rc = overlay_entry_get_ov(
+					op, &ndn, NULL, vai->alternative, 0, &e, on );
+		}
+
+		switch ( rc ) {
+			case LDAP_SUCCESS:
+				break;
+			case LDAP_INSUFFICIENT_ACCESS:
+			case LDAP_NO_SUCH_ATTRIBUTE:
+			case LDAP_NO_SUCH_OBJECT:
+				rc = LDAP_SUCCESS;
+				continue;
+				break;
+			default:
+				goto done;
+				break;
+		}
+
+		a = attr_find( e->e_attrs, vai->alternative );
+
+		/* back-ldif doesn't check the attribute exists in the entry before
+		 * returning it */
+		if ( a ) {
+			if ( a->a_nvals ) {
+				nvals = a->a_nvals;
+			} else {
+				nvals = a->a_vals;
+			}
+
+			for ( i = 0; i < a->a_numvals; i++ ) {
+				if ( backend_access( op, e, &ndn, vai->alternative, &nvals[i],
+							ACL_READ, NULL ) != LDAP_SUCCESS ) {
+					continue;
+				}
+
+				rc = attr_merge_one( *ep, vai->attr, &a->a_vals[i], &nvals[i] );
+				if ( rc != LDAP_SUCCESS ) {
+					break;
+				}
+			}
+		}
+
+		if ( db && db != be_orig->bd_self ) {
+			be_entry_release_rw( op, e, 0 );
+		} else {
+			overlay_entry_release_ov( op, e, 0, on );
+		}
+		if ( rc != LDAP_SUCCESS ) {
+			goto done;
+		}
+	}
+
+done:
+	op->o_bd = be_orig;
+	if ( rc != LDAP_SUCCESS && *ep ) {
+		entry_free( *ep );
+		*ep = NULL;
+	}
+	if ( vei->type == VARIANT_INFO_REGEX ) {
+		ch_free( ndn.bv_val );
+	}
+
+	return rc;
+}
+
+static int
+variant_find_config(
+		Operation *op,
+		variant_info_t *ov,
+		struct berval *ndn,
+		int which,
+		variantEntry_info **veip,
+		size_t nmatch,
+		regmatch_t *pmatch )
+{
+	variantEntry_info *vei;
+
+	assert( veip );
+
+	if ( which & VARIANT_INFO_PLAIN ) {
+		int diff;
+
+		LDAP_STAILQ_FOREACH( vei, &ov->variants, next ) {
+			dnMatch( &diff, 0, NULL, NULL, ndn, &vei->dn );
+			if ( diff ) continue;
+
+			*veip = vei;
+			return LDAP_SUCCESS;
+		}
+	}
+
+	if ( which & VARIANT_INFO_REGEX ) {
+		LDAP_STAILQ_FOREACH( vei, &ov->regex_variants, next ) {
+			if ( regexec( vei->regex, ndn->bv_val, nmatch, pmatch, 0 ) ) {
+				continue;
+			}
+
+			*veip = vei;
+			return LDAP_SUCCESS;
+		}
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+variant_op_add( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	int rc;
+
+	/* Replication always uses the rootdn */
+	if ( ov->passReplication && SLAPD_SYNC_IS_SYNCCONN(op->o_connid) &&
+			be_isroot( op ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "variant_op_add: "
+			"dn=%s\n", op->o_req_ndn.bv_val );
+
+	rc = variant_find_config(
+			op, ov, &op->o_req_ndn, VARIANT_INFO_ALL, &vei, 0, NULL );
+	if ( rc == LDAP_SUCCESS ) {
+		variantAttr_info *vai;
+
+		LDAP_SLIST_FOREACH( vai, &vei->attributes, next ) {
+			Attribute *a;
+			for ( a = op->ora_e->e_attrs; a; a = a->a_next ) {
+				if ( a->a_desc == vai->attr ) {
+					rc = LDAP_CONSTRAINT_VIOLATION;
+					send_ldap_error( op, rs, rc,
+							"variant: trying to add variant attributes" );
+					goto done;
+				}
+			}
+		}
+	}
+	rc = SLAP_CB_CONTINUE;
+
+done:
+	Debug( LDAP_DEBUG_TRACE, "variant_op_add: "
+			"finished with %d\n",
+			rc );
+	return rc;
+}
+
+static int
+variant_op_compare( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	regmatch_t pmatch[10];
+	int rc, nmatch = sizeof(pmatch) / sizeof(regmatch_t);
+
+	Debug( LDAP_DEBUG_TRACE, "variant_op_compare: "
+			"dn=%s\n", op->o_req_ndn.bv_val );
+
+	rc = variant_find_config(
+			op, ov, &op->o_req_ndn, VARIANT_INFO_ALL, &vei, nmatch, pmatch );
+	if ( rc == LDAP_SUCCESS ) {
+		Entry *e = NULL;
+
+		rc = variant_build_entry( op, vei, &op->o_req_ndn, &e, nmatch, pmatch );
+		/* in case of error, just let the backend deal with the mod and the
+		 * client should get a meaningful error back */
+		if ( rc != LDAP_SUCCESS ) {
+			rc = SLAP_CB_CONTINUE;
+		} else {
+			rc = slap_compare_entry( op, e, op->orc_ava );
+
+			entry_free( e );
+			e = NULL;
+		}
+	}
+
+	if ( rc != SLAP_CB_CONTINUE ) {
+		rs->sr_err = rc;
+		send_ldap_result( op, rs );
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "variant_op_compare: "
+			"finished with %d\n", rc );
+	return rc;
+}
+
+static int
+variant_cmp_op( const void *l, const void *r )
+{
+	const Operation *left = l, *right = r;
+	int diff;
+
+	dnMatch( &diff, 0, NULL, NULL, (struct berval *)&left->o_req_ndn,
+			(void *)&right->o_req_ndn );
+
+	return diff;
+}
+
+static int
+variant_run_mod( void *nop, void *arg )
+{
+	SlapReply nrs = { REP_RESULT };
+	slap_callback cb = { 0 };
+	Operation *op = nop;
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	int *rc = arg;
+
+	cb.sc_response = slap_null_cb;
+	op->o_callback = &cb;
+
+	Debug( LDAP_DEBUG_TRACE, "variant_run_mod: "
+			"running mod on dn=%s\n",
+			op->o_req_ndn.bv_val );
+	*rc = on->on_info->oi_orig->bi_op_modify( op, &nrs );
+	Debug( LDAP_DEBUG_TRACE, "variant_run_mod: "
+			"finished with %d\n", *rc );
+
+	return ( *rc != LDAP_SUCCESS );
+}
+
+/** Move the Modifications back to the original Op so that they can be disposed
+ * of by the original creator
+ */
+static int
+variant_reassign_mods( void *nop, void *arg )
+{
+	Operation *op = nop, *orig_op = arg;
+	Modifications *mod;
+
+	assert( op->orm_modlist );
+
+	for ( mod = op->orm_modlist; mod->sml_next; mod = mod->sml_next )
+		/* get the tail mod */;
+
+	mod->sml_next = orig_op->orm_modlist;
+	orig_op->orm_modlist = op->orm_modlist;
+
+	return LDAP_SUCCESS;
+}
+
+void
+variant_free_op( void *op )
+{
+	ch_free( ((Operation *)op)->o_req_ndn.bv_val );
+	ch_free( op );
+}
+
+static int
+variant_op_mod( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	variantAttr_info *vai;
+	Avlnode *ops = NULL;
+	Entry *e = NULL;
+	Modifications *mod, *nextmod;
+	regmatch_t pmatch[10];
+	int rc, nmatch = sizeof(pmatch) / sizeof(regmatch_t);
+
+	/* Replication always uses the rootdn */
+	if ( ov->passReplication && SLAPD_SYNC_IS_SYNCCONN(op->o_connid) &&
+			be_isroot( op ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "variant_op_mod: "
+			"dn=%s\n", op->o_req_ndn.bv_val );
+
+	rc = variant_find_config(
+			op, ov, &op->o_req_ndn, VARIANT_INFO_ALL, &vei, nmatch, pmatch );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE, "variant_op_mod: "
+				"not a variant\n" );
+		rc = SLAP_CB_CONTINUE;
+		goto done;
+	}
+
+	rc = variant_build_entry( op, vei, &op->o_req_ndn, &e, nmatch, pmatch );
+	/* in case of error, just let the backend deal with the mod and the client
+	 * should get a meaningful error back */
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE, "variant_op_mod: "
+				"failed to retrieve entry\n" );
+		rc = SLAP_CB_CONTINUE;
+		goto done;
+	}
+
+	rc = acl_check_modlist( op, e, op->orm_modlist );
+	entry_free( e );
+
+	if ( !rc ) {
+		rc = rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+		send_ldap_error( op, rs, rc, "" );
+		return rc;
+	}
+
+	for ( mod = op->orm_modlist; mod; mod = nextmod ) {
+		Operation needle = { .o_req_ndn = BER_BVNULL }, *nop;
+
+		nextmod = mod->sml_next;
+
+		LDAP_SLIST_FOREACH( vai, &vei->attributes, next ) {
+			if ( vai->attr == mod->sml_desc ) {
+				break;
+			}
+		}
+
+		if ( vai ) {
+			if ( vei->type == VARIANT_INFO_REGEX ) {
+				rc = variant_build_dn(
+						op, vai, nmatch, pmatch, &needle.o_req_ndn );
+				if ( rc != LDAP_SUCCESS ) {
+					continue;
+				}
+			} else {
+				needle.o_req_ndn = vai->dn;
+			}
+
+			nop = ldap_avl_find( ops, &needle, variant_cmp_op );
+			if ( nop == NULL ) {
+				nop = ch_calloc( 1, sizeof(Operation) );
+				*nop = *op;
+
+				ber_dupbv( &nop->o_req_ndn, &needle.o_req_ndn );
+				nop->o_req_dn = nop->o_req_ndn;
+				nop->orm_modlist = NULL;
+
+				rc = ldap_avl_insert( &ops, nop, variant_cmp_op, ldap_avl_dup_error );
+				assert( rc == 0 );
+			}
+			mod->sml_desc = vai->alternative;
+
+			op->orm_modlist = nextmod;
+			mod->sml_next = nop->orm_modlist;
+			nop->orm_modlist = mod;
+
+			if ( vei->type == VARIANT_INFO_REGEX ) {
+				ch_free( needle.o_req_ndn.bv_val );
+			}
+		}
+	}
+
+	if ( !ops ) {
+		Debug( LDAP_DEBUG_TRACE, "variant_op_mod: "
+				"no variant attributes in mod\n" );
+		return SLAP_CB_CONTINUE;
+	}
+
+	/*
+	 * First run original Operation
+	 * This will take care of making sure the entry exists as well.
+	 *
+	 * FIXME?
+	 * Since we cannot make the subsequent Ops atomic wrt. this one, we just
+	 * let it send the response as well. After all, the changes on the main DN
+	 * have finished by then
+	 */
+	rc = on->on_info->oi_orig->bi_op_modify( op, rs );
+	if ( rc == LDAP_SUCCESS ) {
+		/* FIXME: if a mod fails, should we attempt to apply the rest? */
+		ldap_avl_apply( ops, variant_run_mod, &rc, -1, AVL_INORDER );
+	}
+
+	ldap_avl_apply( ops, variant_reassign_mods, op, -1, AVL_INORDER );
+	ldap_avl_free( ops, variant_free_op );
+
+done:
+	Debug( LDAP_DEBUG_TRACE, "variant_op_mod: "
+			"finished with %d\n", rc );
+	return rc;
+}
+
+static int
+variant_search_response( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = op->o_callback->sc_private;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	int rc;
+
+	if ( rs->sr_type == REP_RESULT ) {
+		ch_free( op->o_callback );
+		op->o_callback = NULL;
+	}
+
+	if ( rs->sr_type != REP_SEARCH ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	rc = variant_find_config(
+			op, ov, &rs->sr_entry->e_nname, VARIANT_INFO_PLAIN, &vei, 0, NULL );
+	if ( rc == LDAP_SUCCESS ) {
+		rs->sr_nentries--;
+		return rc;
+	}
+
+	return SLAP_CB_CONTINUE;
+}
+
+static int
+variant_op_search( Operation *op, SlapReply *rs )
+{
+	slap_overinst *on = (slap_overinst *)op->o_bd->bd_info;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	slap_callback *cb;
+	Entry *e = NULL;
+	regmatch_t pmatch[10];
+	int variantInScope = 0, rc = SLAP_CB_CONTINUE,
+		nmatch = sizeof(pmatch) / sizeof(regmatch_t);
+
+	if ( ov->passReplication && ( op->o_sync > SLAP_CONTROL_IGNORED ) ) {
+		return SLAP_CB_CONTINUE;
+	}
+
+	Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+			"dn=%s, scope=%d\n",
+			op->o_req_ndn.bv_val, op->ors_scope );
+
+	LDAP_STAILQ_FOREACH( vei, &ov->variants, next ) {
+		if ( !dnIsSuffixScope( &vei->dn, &op->o_req_ndn, op->ors_scope ) )
+			continue;
+
+		variantInScope = 1;
+
+		rc = variant_build_entry( op, vei, &vei->dn, &e, 0, NULL );
+		if ( rc == LDAP_NO_SUCH_OBJECT || rc == LDAP_REFERRAL ) {
+			rc = SLAP_CB_CONTINUE;
+			continue;
+		} else if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+					"failed to retrieve entry: dn=%s\n",
+					vei->dn.bv_val );
+			goto done;
+		}
+
+		if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+			Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+					"entry matched: dn=%s\n",
+					vei->dn.bv_val );
+			rs->sr_entry = e;
+			rs->sr_attrs = op->ors_attrs;
+			rc = send_search_entry( op, rs );
+		}
+		entry_free( e );
+		e = NULL;
+	}
+
+	/* Three options:
+	 * - the entry has been handled above, in that case vei->type is VARIANT_INFO_PLAIN
+	 * - the entry matches a regex, use the first one and we're finished
+	 * - no configuration matches entry - do nothing
+	 */
+	if ( op->ors_scope == LDAP_SCOPE_BASE &&
+			variant_find_config( op, ov, &op->o_req_ndn, VARIANT_INFO_ALL, &vei,
+					nmatch, pmatch ) == LDAP_SUCCESS &&
+			vei->type == VARIANT_INFO_REGEX ) {
+		rc = variant_build_entry( op, vei, &op->o_req_ndn, &e, nmatch, pmatch );
+		if ( rc == LDAP_NO_SUCH_OBJECT || rc == LDAP_REFERRAL ) {
+			rc = SLAP_CB_CONTINUE;
+		} else if ( rc != LDAP_SUCCESS ) {
+			Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+					"failed to retrieve entry: dn=%s\n",
+					vei->dn.bv_val );
+			goto done;
+		} else {
+			if ( test_filter( op, e, op->ors_filter ) == LDAP_COMPARE_TRUE ) {
+				Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+						"entry matched: dn=%s\n",
+						vei->dn.bv_val );
+				rs->sr_entry = e;
+				rs->sr_attrs = op->ors_attrs;
+				rc = send_search_entry( op, rs );
+			}
+			entry_free( e );
+			e = NULL;
+			goto done;
+		}
+	}
+	rc = SLAP_CB_CONTINUE;
+
+	if ( variantInScope ) {
+		cb = ch_calloc( 1, sizeof(slap_callback) );
+		cb->sc_private = on;
+		cb->sc_response = variant_search_response;
+		cb->sc_next = op->o_callback;
+
+		op->o_callback = cb;
+	}
+
+done:
+	if ( rc != SLAP_CB_CONTINUE ) {
+		rs->sr_err = (rc == LDAP_SUCCESS) ? rc : LDAP_OTHER;
+		send_ldap_result( op, rs );
+	}
+	Debug( LDAP_DEBUG_TRACE, "variant_op_search: "
+			"finished with %d\n", rc );
+	return rc;
+}
+
+/* Configuration */
+
+static ConfigLDAPadd variant_ldadd;
+static ConfigLDAPadd variant_regex_ldadd;
+static ConfigLDAPadd variant_attr_ldadd;
+
+static ConfigDriver variant_set_dn;
+static ConfigDriver variant_set_regex;
+static ConfigDriver variant_set_alt_dn;
+static ConfigDriver variant_set_alt_pattern;
+static ConfigDriver variant_set_attribute;
+static ConfigDriver variant_add_alt_attr;
+static ConfigDriver variant_add_alt_attr_regex;
+
+static ConfigCfAdd variant_cfadd;
+
+enum
+{
+	VARIANT_ATTR = 1,
+	VARIANT_ATTR_ALT,
+
+	VARIANT_LAST,
+};
+
+static ConfigTable variant_cfg[] = {
+	{ "passReplication", "on|off", 2, 2, 0,
+		ARG_ON_OFF|ARG_OFFSET,
+		(void *)offsetof( variant_info_t, passReplication ),
+		"( OLcfgOvAt:FIXME.1 NAME 'olcVariantPassReplication' "
+			"DESC 'Whether to let searches with replication control "
+				"pass unmodified' "
+			"SYNTAX OMsBoolean "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "variantDN", "dn", 2, 2, 0,
+		ARG_DN|ARG_QUOTE|ARG_MAGIC,
+		variant_set_dn,
+		"( OLcfgOvAt:FIXME.2 NAME 'olcVariantEntry' "
+			"DESC 'DN of the variant entry' "
+			"EQUALITY distinguishedNameMatch "
+			"SYNTAX OMsDN "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "variantRegex", "regex", 2, 2, 0,
+		ARG_BERVAL|ARG_QUOTE|ARG_MAGIC,
+		variant_set_regex,
+		"( OLcfgOvAt:FIXME.6 NAME 'olcVariantEntryRegex' "
+			"DESC 'Pattern for the variant entry' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	/* These have no equivalent in slapd.conf */
+	{ "", NULL, 2, 2, 0,
+		ARG_STRING|ARG_MAGIC|VARIANT_ATTR,
+		variant_set_attribute,
+		"( OLcfgOvAt:FIXME.3 NAME 'olcVariantVariantAttribute' "
+			"DESC 'Attribute to fill in the entry' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "", NULL, 2, 2, 0,
+		ARG_STRING|ARG_MAGIC|VARIANT_ATTR_ALT,
+		variant_set_attribute,
+		"( OLcfgOvAt:FIXME.4 NAME 'olcVariantAlternativeAttribute' "
+			"DESC 'Attribute to take from the alternative entry' "
+			"EQUALITY caseIgnoreMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "", NULL, 2, 2, 0,
+		ARG_DN|ARG_QUOTE|ARG_MAGIC,
+		variant_set_alt_dn,
+		"( OLcfgOvAt:FIXME.5 NAME 'olcVariantAlternativeEntry' "
+			"DESC 'DN of the alternative entry' "
+			"EQUALITY distinguishedNameMatch "
+			"SYNTAX OMsDN "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	{ "", NULL, 2, 2, 0,
+		ARG_BERVAL|ARG_QUOTE|ARG_MAGIC,
+		variant_set_alt_pattern,
+		"( OLcfgOvAt:FIXME.7 NAME 'olcVariantAlternativeEntryPattern' "
+			"DESC 'Replacement pattern to locate the alternative entry' "
+			"EQUALITY caseExactMatch "
+			"SYNTAX OMsDirectoryString "
+			"SINGLE-VALUE )",
+			NULL, NULL
+	},
+	/* slapd.conf alternatives for the four above */
+	{ "variantSpec", "attr attr2 dn", 4, 4, 0,
+		ARG_QUOTE|ARG_MAGIC,
+		variant_add_alt_attr,
+		NULL, NULL, NULL
+	},
+	{ "variantRegexSpec", "attr attr2 pattern", 4, 4, 0,
+		ARG_QUOTE|ARG_MAGIC,
+		variant_add_alt_attr_regex,
+		NULL, NULL, NULL
+	},
+
+	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
+};
+
+static ConfigOCs variant_ocs[] = {
+	{ "( OLcfgOvOc:FIXME.1 "
+		"NAME 'olcVariantConfig' "
+		"DESC 'Variant overlay configuration' "
+		"SUP olcOverlayConfig "
+		"MAY ( olcVariantPassReplication ) )",
+		Cft_Overlay, variant_cfg, NULL, variant_cfadd },
+	{ "( OLcfgOvOc:FIXME.2 "
+		"NAME 'olcVariantVariant' "
+		"DESC 'Variant configuration' "
+		"MUST ( olcVariantEntry ) "
+		"MAY ( name ) "
+		"SUP top "
+		"STRUCTURAL )",
+		Cft_Misc, variant_cfg, variant_ldadd },
+	{ "( OLcfgOvOc:FIXME.3 "
+		"NAME 'olcVariantAttribute' "
+		"DESC 'Variant attribute description' "
+		"MUST ( olcVariantVariantAttribute $ "
+			"olcVariantAlternativeAttribute $ "
+			"olcVariantAlternativeEntry "
+		") "
+		"MAY name "
+		"SUP top "
+		"STRUCTURAL )",
+		Cft_Misc, variant_cfg, variant_attr_ldadd },
+	{ "( OLcfgOvOc:FIXME.4 "
+		"NAME 'olcVariantRegex' "
+		"DESC 'Variant configuration' "
+		"MUST ( olcVariantEntryRegex ) "
+		"MAY ( name ) "
+		"SUP top "
+		"STRUCTURAL )",
+		Cft_Misc, variant_cfg, variant_regex_ldadd },
+	{ "( OLcfgOvOc:FIXME.5 "
+		"NAME 'olcVariantAttributePattern' "
+		"DESC 'Variant attribute description' "
+		"MUST ( olcVariantVariantAttribute $ "
+			"olcVariantAlternativeAttribute $ "
+			"olcVariantAlternativeEntryPattern "
+		") "
+		"MAY name "
+		"SUP top "
+		"STRUCTURAL )",
+		Cft_Misc, variant_cfg, variant_attr_ldadd },
+
+	{ NULL, 0, NULL }
+};
+
+static int
+variant_set_dn( ConfigArgs *ca )
+{
+	variantEntry_info *vei2, *vei = ca->ca_private;
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+	int diff;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		value_add_one( &ca->rvalue_vals, &vei->dn );
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		ber_memfree( vei->dn.bv_val );
+		BER_BVZERO( &vei->dn );
+		return LDAP_SUCCESS;
+	}
+
+	if ( !vei ) {
+		vei = ch_calloc( 1, sizeof(variantEntry_info) );
+		vei->ov = ov;
+		vei->type = VARIANT_INFO_PLAIN;
+		LDAP_SLIST_INIT(&vei->attributes);
+		LDAP_STAILQ_ENTRY_INIT(vei, next);
+		LDAP_STAILQ_INSERT_TAIL(&ov->variants, vei, next);
+
+		ca->ca_private = vei;
+	}
+	vei->dn = ca->value_ndn;
+	ber_memfree( ca->value_dn.bv_val );
+
+	/* Each DN should only be listed once */
+	LDAP_STAILQ_FOREACH( vei2, &vei->ov->variants, next ) {
+		if ( vei == vei2 ) continue;
+
+		dnMatch( &diff, 0, NULL, NULL, &vei->dn, &vei2->dn );
+		if ( !diff ) {
+			ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+			return ca->reply.err;
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_set_regex( ConfigArgs *ca )
+{
+	variantEntry_info *vei2, *vei = ca->ca_private;
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_bv = vei->dn;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		ber_memfree( vei->dn.bv_val );
+		BER_BVZERO( &vei->dn );
+		regfree( vei->regex );
+		return LDAP_SUCCESS;
+	}
+
+	if ( !vei ) {
+		vei = ch_calloc( 1, sizeof(variantEntry_info) );
+		vei->ov = ov;
+		vei->type = VARIANT_INFO_REGEX;
+		LDAP_SLIST_INIT(&vei->attributes);
+		LDAP_STAILQ_ENTRY_INIT(vei, next);
+		LDAP_STAILQ_INSERT_TAIL(&ov->regex_variants, vei, next);
+
+		ca->ca_private = vei;
+	}
+	vei->dn = ca->value_bv;
+
+	/* Each regex should only be listed once */
+	LDAP_STAILQ_FOREACH( vei2, &vei->ov->regex_variants, next ) {
+		if ( vei == vei2 ) continue;
+
+		if ( !ber_bvcmp( &ca->value_bv, &vei2->dn ) ) {
+			ch_free( vei );
+			ca->ca_private = NULL;
+			ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+			return ca->reply.err;
+		}
+	}
+
+	vei->regex = ch_calloc( 1, sizeof(regex_t) );
+	if ( regcomp( vei->regex, vei->dn.bv_val, REG_EXTENDED ) ) {
+		ch_free( vei->regex );
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_set_alt_dn( ConfigArgs *ca )
+{
+	variantAttr_info *vai = ca->ca_private;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		value_add_one( &ca->rvalue_vals, &vai->dn );
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		ber_memfree( vai->dn.bv_val );
+		BER_BVZERO( &vai->dn );
+		return LDAP_SUCCESS;
+	}
+
+	vai->dn = ca->value_ndn;
+	ber_memfree( ca->value_dn.bv_val );
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_set_alt_pattern( ConfigArgs *ca )
+{
+	variantAttr_info *vai = ca->ca_private;
+	char *p = ca->value_bv.bv_val,
+		 *end = ca->value_bv.bv_val + ca->value_bv.bv_len;
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_bv = vai->dn;
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		ber_memfree( vai->dn.bv_val );
+		BER_BVZERO( &vai->dn );
+		return LDAP_SUCCESS;
+	}
+
+	while ( (p = memchr( p, '$', end - p )) != NULL ) {
+		p += 1;
+
+		if ( ( ( *p >= '0' ) && ( *p <= '9' ) ) || ( *p == '$' ) ) {
+			p += 1;
+		} else {
+			Debug( LDAP_DEBUG_ANY, "variant_set_alt_pattern: "
+					"invalid replacement pattern supplied '%s'\n",
+					ca->value_bv.bv_val );
+			ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+			return ca->reply.err;
+		}
+	}
+
+	vai->dn = ca->value_bv;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_set_attribute( ConfigArgs *ca )
+{
+	variantAttr_info *vai2, *vai = ca->ca_private;
+	char *s = ca->value_string;
+	const char *text;
+	AttributeDescription **ad;
+	int rc;
+
+	if ( ca->type == VARIANT_ATTR ) {
+		ad = &vai->attr;
+	} else {
+		ad = &vai->alternative;
+	}
+
+	if ( ca->op == SLAP_CONFIG_EMIT ) {
+		ca->value_string = ch_strdup( (*ad)->ad_cname.bv_val );
+		return LDAP_SUCCESS;
+	} else if ( ca->op == LDAP_MOD_DELETE ) {
+		*ad = NULL;
+		return LDAP_SUCCESS;
+	}
+
+	if ( *s == '{' ) {
+		s = strchr( s, '}' );
+		if ( !s ) {
+			ca->reply.err = LDAP_UNDEFINED_TYPE;
+			return ca->reply.err;
+		}
+		s += 1;
+	}
+
+	rc = slap_str2ad( s, ad, &text );
+	ber_memfree( ca->value_string );
+	if ( rc ) {
+		return rc;
+	}
+
+	/* Both attributes have to share the same syntax */
+	if ( vai->attr && vai->alternative &&
+			vai->attr->ad_type->sat_syntax !=
+					vai->alternative->ad_type->sat_syntax ) {
+		ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+		return ca->reply.err;
+	}
+
+	if ( ca->type == VARIANT_ATTR ) {
+		/* Each attribute should only be listed once */
+		LDAP_SLIST_FOREACH( vai2, &vai->variant->attributes, next ) {
+			if ( vai == vai2 ) continue;
+			if ( vai->attr == vai2->attr ) {
+				ca->reply.err = LDAP_CONSTRAINT_VIOLATION;
+				return ca->reply.err;
+			}
+		}
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_add_alt_attr( ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei =
+			LDAP_STAILQ_LAST( &ov->variants, variantEntry_info, next );
+	variantAttr_info *vai;
+	struct berval dn, ndn;
+	int rc;
+
+	vai = ch_calloc( 1, sizeof(variantAttr_info) );
+	vai->variant = vei;
+	LDAP_SLIST_ENTRY_INIT( vai, next );
+	ca->ca_private = vai;
+
+	ca->value_string = ch_strdup( ca->argv[1] );
+	ca->type = VARIANT_ATTR;
+	rc = variant_set_attribute( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	ca->value_string = ch_strdup( ca->argv[2] );
+	ca->type = VARIANT_ATTR_ALT;
+	rc = variant_set_attribute( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	dn.bv_val = ca->argv[3];
+	dn.bv_len = strlen( dn.bv_val );
+	rc = dnNormalize( 0, NULL, NULL, &dn, &ndn, NULL );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	ca->type = 0;
+	BER_BVZERO( &ca->value_dn );
+	ca->value_ndn = ndn;
+	rc = variant_set_alt_dn( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		ch_free( ndn.bv_val );
+		goto done;
+	}
+
+done:
+	if ( rc == LDAP_SUCCESS ) {
+		LDAP_SLIST_INSERT_HEAD( &vei->attributes, vai, next );
+	} else {
+		ca->reply.err = rc;
+	}
+
+	return rc;
+}
+
+static int
+variant_add_alt_attr_regex( ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei =
+			LDAP_STAILQ_LAST( &ov->regex_variants, variantEntry_info, next );
+	variantAttr_info *vai;
+	int rc;
+
+	vai = ch_calloc( 1, sizeof(variantAttr_info) );
+	vai->variant = vei;
+	LDAP_SLIST_ENTRY_INIT( vai, next );
+	ca->ca_private = vai;
+
+	ca->value_string = ch_strdup( ca->argv[1] );
+	ca->type = VARIANT_ATTR;
+	rc = variant_set_attribute( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	ca->value_string = ch_strdup( ca->argv[2] );
+	ca->type = VARIANT_ATTR_ALT;
+	rc = variant_set_attribute( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+	ca->type = 0;
+	ber_str2bv( ca->argv[3], 0, 1, &ca->value_bv );
+	rc = variant_set_alt_pattern( ca );
+	if ( rc != LDAP_SUCCESS ) {
+		goto done;
+	}
+
+done:
+	if ( rc == LDAP_SUCCESS ) {
+		LDAP_SLIST_INSERT_HEAD( &vei->attributes, vai, next );
+	} else {
+		ca->reply.err = rc;
+	}
+
+	return rc;
+}
+
+static int
+variant_ldadd_cleanup( ConfigArgs *ca )
+{
+	variantEntry_info *vei = ca->ca_private;
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+
+	if ( ca->reply.err != LDAP_SUCCESS ) {
+		assert( LDAP_SLIST_EMPTY(&vei->attributes) );
+		ch_free( vei );
+		return LDAP_SUCCESS;
+	}
+
+	if ( vei->type == VARIANT_INFO_PLAIN ) {
+		LDAP_STAILQ_INSERT_TAIL(&ov->variants, vei, next);
+	} else {
+		LDAP_STAILQ_INSERT_TAIL(&ov->regex_variants, vei, next);
+	}
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	slap_overinst *on;
+	variant_info_t *ov;
+	variantEntry_info *vei;
+
+	if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
+			cei->ce_bi->bi_cf_ocs != variant_ocs )
+		return LDAP_CONSTRAINT_VIOLATION;
+
+	on = (slap_overinst *)cei->ce_bi;
+	ov = on->on_bi.bi_private;
+
+	vei = ch_calloc( 1, sizeof(variantEntry_info) );
+	vei->ov = ov;
+	vei->type = VARIANT_INFO_PLAIN;
+	LDAP_SLIST_INIT(&vei->attributes);
+	LDAP_STAILQ_ENTRY_INIT(vei, next);
+
+	ca->bi = cei->ce_bi;
+	ca->ca_private = vei;
+	config_push_cleanup( ca, variant_ldadd_cleanup );
+	/* config_push_cleanup is only run in the case of online config but we use it to
+	 * save the new config when done with the entry */
+	ca->lineno = 0;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_regex_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	slap_overinst *on;
+	variant_info_t *ov;
+	variantEntry_info *vei;
+
+	if ( cei->ce_type != Cft_Overlay || !cei->ce_bi ||
+			cei->ce_bi->bi_cf_ocs != variant_ocs )
+		return LDAP_CONSTRAINT_VIOLATION;
+
+	on = (slap_overinst *)cei->ce_bi;
+	ov = on->on_bi.bi_private;
+
+	vei = ch_calloc( 1, sizeof(variantEntry_info) );
+	vei->ov = ov;
+	vei->type = VARIANT_INFO_REGEX;
+	LDAP_SLIST_INIT(&vei->attributes);
+	LDAP_STAILQ_ENTRY_INIT(vei, next);
+
+	ca->bi = cei->ce_bi;
+	ca->ca_private = vei;
+	config_push_cleanup( ca, variant_ldadd_cleanup );
+	/* config_push_cleanup is only run in the case of online config but we use it to
+	 * save the new config when done with the entry */
+	ca->lineno = 0;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_attr_ldadd_cleanup( ConfigArgs *ca )
+{
+	variantAttr_info *vai = ca->ca_private;
+	variantEntry_info *vei = vai->variant;
+
+	if ( ca->reply.err != LDAP_SUCCESS ) {
+		ch_free( vai );
+		return LDAP_SUCCESS;
+	}
+
+	LDAP_SLIST_INSERT_HEAD(&vei->attributes, vai, next);
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_attr_ldadd( CfEntryInfo *cei, Entry *e, ConfigArgs *ca )
+{
+	variantEntry_info *vei;
+	variantAttr_info *vai;
+	CfEntryInfo *parent = cei->ce_parent;
+
+	if ( cei->ce_type != Cft_Misc || !parent || !parent->ce_bi ||
+			parent->ce_bi->bi_cf_ocs != variant_ocs )
+		return LDAP_CONSTRAINT_VIOLATION;
+
+	vei = (variantEntry_info *)cei->ce_private;
+
+	vai = ch_calloc( 1, sizeof(variantAttr_info) );
+	vai->variant = vei;
+	LDAP_SLIST_ENTRY_INIT(vai, next);
+
+	ca->ca_private = vai;
+	config_push_cleanup( ca, variant_attr_ldadd_cleanup );
+	/* config_push_cleanup is only run in the case of online config but we use it to
+	 * save the new config when done with the entry */
+	ca->lineno = 0;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_cfadd( Operation *op, SlapReply *rs, Entry *p, ConfigArgs *ca )
+{
+	slap_overinst *on = (slap_overinst *)ca->bi;
+	variant_info_t *ov = on->on_bi.bi_private;
+	variantEntry_info *vei;
+	variantAttr_info *vai;
+	Entry *e;
+	struct berval rdn;
+	int i = 0;
+
+	LDAP_STAILQ_FOREACH( vei, &ov->variants, next ) {
+		int j = 0;
+		rdn.bv_len = snprintf(
+				ca->cr_msg, sizeof(ca->cr_msg), "name={%d}variant", i++ );
+		rdn.bv_val = ca->cr_msg;
+
+		ca->ca_private = vei;
+		e = config_build_entry(
+				op, rs, p->e_private, ca, &rdn, &variant_ocs[1], NULL );
+		assert( e );
+
+		LDAP_SLIST_FOREACH( vai, &vei->attributes, next ) {
+			rdn.bv_len = snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+					"olcVariantVariantAttribute={%d}%s", j++,
+					vai->attr->ad_cname.bv_val );
+			rdn.bv_val = ca->cr_msg;
+
+			ca->ca_private = vai;
+			config_build_entry(
+					op, rs, e->e_private, ca, &rdn, &variant_ocs[2], NULL );
+		}
+	}
+
+	LDAP_STAILQ_FOREACH( vei, &ov->regex_variants, next ) {
+		int j = 0;
+		rdn.bv_len = snprintf(
+				ca->cr_msg, sizeof(ca->cr_msg), "name={%d}regex", i++ );
+		rdn.bv_val = ca->cr_msg;
+
+		ca->ca_private = vei;
+		e = config_build_entry(
+				op, rs, p->e_private, ca, &rdn, &variant_ocs[3], NULL );
+		assert( e );
+
+		LDAP_SLIST_FOREACH( vai, &vei->attributes, next ) {
+			rdn.bv_len = snprintf( ca->cr_msg, sizeof(ca->cr_msg),
+					"olcVariantVariantAttribute={%d}%s", j++,
+					vai->attr->ad_cname.bv_val );
+			rdn.bv_val = ca->cr_msg;
+
+			ca->ca_private = vai;
+			config_build_entry(
+					op, rs, e->e_private, ca, &rdn, &variant_ocs[4], NULL );
+		}
+	}
+	return LDAP_SUCCESS;
+}
+
+static slap_overinst variant;
+
+static int
+variant_db_init( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	variant_info_t *ov;
+
+	if ( SLAP_ISGLOBALOVERLAY(be) ) {
+		Debug( LDAP_DEBUG_ANY, "variant overlay must be instantiated within "
+				"a database.\n" );
+		return 1;
+	}
+
+	ov = ch_calloc( 1, sizeof(variant_info_t) );
+	LDAP_STAILQ_INIT(&ov->variants);
+	LDAP_STAILQ_INIT(&ov->regex_variants);
+
+	on->on_bi.bi_private = ov;
+
+	return LDAP_SUCCESS;
+}
+
+static int
+variant_db_destroy( BackendDB *be, ConfigReply *cr )
+{
+	slap_overinst *on = (slap_overinst *)be->bd_info;
+	variant_info_t *ov = on->on_bi.bi_private;
+
+	if ( ov ) {
+		while ( !LDAP_STAILQ_EMPTY( &ov->variants ) ) {
+			variantEntry_info *vei = LDAP_STAILQ_FIRST( &ov->variants );
+			LDAP_STAILQ_REMOVE_HEAD( &ov->variants, next );
+
+			while ( !LDAP_SLIST_EMPTY( &vei->attributes ) ) {
+				variantAttr_info *vai = LDAP_SLIST_FIRST( &vei->attributes );
+				LDAP_SLIST_REMOVE_HEAD( &vei->attributes, next );
+
+				ber_memfree( vai->dn.bv_val );
+				ch_free( vai );
+			}
+			ber_memfree( vei->dn.bv_val );
+			ch_free( vei );
+		}
+		while ( !LDAP_STAILQ_EMPTY( &ov->regex_variants ) ) {
+			variantEntry_info *vei = LDAP_STAILQ_FIRST( &ov->regex_variants );
+			LDAP_STAILQ_REMOVE_HEAD( &ov->regex_variants, next );
+
+			while ( !LDAP_SLIST_EMPTY( &vei->attributes ) ) {
+				variantAttr_info *vai = LDAP_SLIST_FIRST( &vei->attributes );
+				LDAP_SLIST_REMOVE_HEAD( &vei->attributes, next );
+
+				ber_memfree( vai->dn.bv_val );
+				ch_free( vai );
+			}
+			ber_memfree( vei->dn.bv_val );
+			ch_free( vei );
+		}
+		ch_free( ov );
+	}
+
+	return LDAP_SUCCESS;
+}
+
+int
+variant_initialize()
+{
+	int rc;
+
+	variant.on_bi.bi_type = "variant";
+	variant.on_bi.bi_db_init = variant_db_init;
+	variant.on_bi.bi_db_destroy = variant_db_destroy;
+
+	variant.on_bi.bi_op_add = variant_op_add;
+	variant.on_bi.bi_op_compare = variant_op_compare;
+	variant.on_bi.bi_op_modify = variant_op_mod;
+	variant.on_bi.bi_op_search = variant_op_search;
+
+	variant.on_bi.bi_cf_ocs = variant_ocs;
+
+	rc = config_register_schema( variant_cfg, variant_ocs );
+	if ( rc ) return rc;
+
+	return overlay_register( &variant );
+}
+
+#if SLAPD_OVER_VARIANT == SLAPD_MOD_DYNAMIC
+int
+init_module( int argc, char *argv[] )
+{
+	return variant_initialize();
+}
+#endif
+
+#endif /* SLAPD_OVER_VARIANT */
diff --git a/contrib/slapd-modules/vc/Makefile b/contrib/slapd-modules/vc/Makefile
new file mode 100644
index 0000000..9fe67ab
--- /dev/null
+++ b/contrib/slapd-modules/vc/Makefile
@@ -0,0 +1,58 @@
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Copyright 2004 Howard Chu, Symas Corp. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+LDAP_SRC = ../../..
+LDAP_BUILD = $(LDAP_SRC)
+LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
+LDAP_LIB = $(LDAP_BUILD)/libraries/libldap/libldap.la \
+	$(LDAP_BUILD)/libraries/liblber/liblber.la
+
+LIBTOOL = $(LDAP_BUILD)/libtool
+CC = gcc
+OPT = -g -O2
+DEFS = 
+INCS = $(LDAP_INC)
+LIBS = $(LDAP_LIB)
+
+PROGRAMS = vc.la
+LTVER = 0:0:0
+
+prefix=/usr/local
+exec_prefix=$(prefix)
+ldap_subdir=/openldap
+
+libdir=$(exec_prefix)/lib
+libexecdir=$(exec_prefix)/libexec
+moduledir = $(libexecdir)$(ldap_subdir)
+
+.SUFFIXES: .c .o .lo
+
+.c.lo:
+	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(OPT) $(CPPFLAGS) $(DEFS) $(INCS) -c $<
+
+all: $(PROGRAMS)
+
+vc.la:	vc.lo
+	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -version-info $(LTVER) \
+	-rpath $(moduledir) -module -o $@ $? $(LIBS)
+
+clean:
+	rm -rf *.o *.lo *.la .libs
+
+install: $(PROGRAMS)
+	mkdir -p $(DESTDIR)$(moduledir)
+	for p in $(PROGRAMS) ; do \
+		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
+	done
+
diff --git a/contrib/slapd-modules/vc/vc.c b/contrib/slapd-modules/vc/vc.c
new file mode 100644
index 0000000..0760af2
--- /dev/null
+++ b/contrib/slapd-modules/vc/vc.c
@@ -0,0 +1,439 @@
+/* vc.c - LDAP Verify Credentials extop (no spec yet) */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2010-2022 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Pierangelo Masarati for inclusion
+ * in OpenLDAP Software.
+ */
+
+/*
+ * LDAP Verify Credentials: suggested by Kurt Zeilenga
+ * no spec yet
+ */
+
+#include "portable.h"
+
+#include "slap.h"
+#include "ac/string.h"
+
+typedef struct vc_conn_t {
+	struct vc_conn_t *conn;
+	Connection connbuf;
+	OperationBuffer opbuf;
+	Operation *op;
+	int refcnt;
+} vc_conn_t;
+
+static const struct berval vc_exop_oid_bv = BER_BVC(LDAP_EXOP_VERIFY_CREDENTIALS);
+static ldap_pvt_thread_mutex_t vc_mutex;
+static Avlnode *vc_tree;
+
+static int
+vc_conn_cmp( const void *c1, const void *c2 )
+{
+	const vc_conn_t *vc1 = (const vc_conn_t *)c1;
+	const vc_conn_t *vc2 = (const vc_conn_t *)c2;
+
+	return SLAP_PTRCMP( vc1->conn, vc2->conn );
+}
+
+static int
+vc_conn_dup( void *c1, void *c2 )
+{
+	vc_conn_t *vc1 = (vc_conn_t *)c1;
+	vc_conn_t *vc2 = (vc_conn_t *)c2;
+
+	if ( vc1->conn == vc2->conn ) {
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+vc_create_response(
+	void *conn,
+	int resultCode,
+	const char *diagnosticMessage,
+	struct berval *servercred,
+	struct berval *authzid,
+	LDAPControl **ctrls,
+	struct berval **val )
+{
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	struct berval bv;
+	int rc;
+
+	assert( val != NULL );
+
+	*val = NULL;
+
+	ber_init2( ber, NULL, LBER_USE_DER );
+
+	(void)ber_printf( ber, "{is" /*}*/ , resultCode, diagnosticMessage ? diagnosticMessage : "" );
+
+	if ( conn ) {
+		struct berval cookie;
+
+		cookie.bv_len = sizeof( conn );
+		cookie.bv_val = (char *)&conn;
+		(void)ber_printf( ber, "tO", 0, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE, &cookie ); 
+	}
+
+	if ( servercred ) {
+		ber_printf( ber, "tO", LDAP_TAG_EXOP_VERIFY_CREDENTIALS_SCREDS, servercred ); 
+	}
+
+#if 0
+	if ( authzid ) {
+		ber_printf( ber, "tO", LDAP_TAG_EXOP_VERIFY_CREDENTIALS_AUTHZID, authzid ); 
+	}
+#endif
+
+	if ( ctrls ) {
+		int c;
+
+		rc = ber_printf( ber, "t{"/*}*/, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS );
+		if ( rc == -1 ) goto done;
+
+		for ( c = 0; ctrls[c] != NULL; c++ ) {
+			rc = ber_printf( ber, "{s" /*}*/, ctrls[c]->ldctl_oid );
+
+			if ( ctrls[c]->ldctl_iscritical ) {
+				rc = ber_printf( ber, "b", (ber_int_t)ctrls[c]->ldctl_iscritical ) ;
+				if ( rc == -1 ) goto done;
+			}
+
+			if ( ctrls[c]->ldctl_value.bv_val != NULL ) {
+				rc = ber_printf( ber, "O", &ctrls[c]->ldctl_value ); 
+				if( rc == -1 ) goto done;
+			}
+
+			rc = ber_printf( ber, /*{*/"N}" );
+			if ( rc == -1 ) goto done;
+		}
+
+		rc = ber_printf( ber, /*{*/"N}" );
+		if ( rc == -1 ) goto done;
+	}
+
+	rc = ber_printf( ber, /*{*/ "}" );
+	if ( rc == -1 ) goto done;
+
+	rc = ber_flatten2( ber, &bv, 0 );
+	if ( rc == 0 ) {
+		*val = ber_bvdup( &bv );
+	}
+
+done:;
+	ber_free_buf( ber );
+
+	return rc;
+}
+
+typedef struct vc_cb_t {
+	struct berval sasldata;
+	LDAPControl **ctrls;
+} vc_cb_t;
+
+static int
+vc_cb(
+	Operation	*op,
+	SlapReply	*rs )
+{
+	vc_cb_t *vc = (vc_cb_t *)op->o_callback->sc_private;
+
+	if ( rs->sr_tag == LDAP_RES_BIND ) {
+		if ( rs->sr_sasldata != NULL ) {
+			ber_dupbv( &vc->sasldata, rs->sr_sasldata );
+		}
+
+		if ( rs->sr_ctrls != NULL ) {
+			vc->ctrls = ldap_controls_dup( rs->sr_ctrls );
+		}
+	}
+
+	return 0;
+}
+
+static int
+vc_exop(
+	Operation	*op,
+	SlapReply	*rs )
+{
+	int rc = LDAP_SUCCESS;
+	ber_tag_t tag;
+	ber_len_t len = -1;
+	BerElementBuffer berbuf;
+	BerElement *ber = (BerElement *)&berbuf;
+	struct berval reqdata = BER_BVNULL;
+
+	struct berval cookie = BER_BVNULL;
+	struct berval bdn = BER_BVNULL;
+	ber_tag_t authtag;
+	struct berval cred = BER_BVNULL;
+	struct berval ndn = BER_BVNULL;
+	struct berval mechanism = BER_BVNULL;
+
+	vc_conn_t *conn = NULL;
+	vc_cb_t vc = { 0 };
+	slap_callback sc = { 0 };
+	SlapReply rs2 = { 0 };
+
+	if ( op->ore_reqdata == NULL || op->ore_reqdata->bv_len == 0 ) {
+		rs->sr_text = "empty request data field in VerifyCredentials exop";
+		return LDAP_PROTOCOL_ERROR;
+	}
+
+	/* optimistic */
+	rs->sr_err = LDAP_SUCCESS;
+
+	ber_dupbv_x( &reqdata, op->ore_reqdata, op->o_tmpmemctx );
+
+	/* ber_init2 uses reqdata directly, doesn't allocate new buffers */
+	ber_init2( ber, &reqdata, 0 );
+
+	tag = ber_scanf( ber, "{" /*}*/ );
+	if ( tag != LBER_SEQUENCE ) {
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_COOKIE ) {
+		/*
+		 * cookie: the pointer to the connection
+		 * of this operation
+		 */
+
+		ber_scanf( ber, "m", &cookie );
+		if ( cookie.bv_len != sizeof(Connection *) ) {
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+	}
+
+	/* DN, authtag */
+	tag = ber_scanf( ber, "mt", &bdn, &authtag );
+	if ( tag == LBER_ERROR ) {
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	rc = dnNormalize( 0, NULL, NULL, &bdn, &ndn, op->o_tmpmemctx );
+	if ( rc != LDAP_SUCCESS ) {
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	switch ( authtag ) {
+	case LDAP_AUTH_SIMPLE:
+		/* cookie only makes sense for SASL bind (so far) */
+		if ( !BER_BVISNULL( &cookie ) ) {
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+
+		tag = ber_scanf( ber, "m", &cred );
+		if ( tag == LBER_ERROR ) {
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+		break;
+
+	case LDAP_AUTH_SASL:
+		tag = ber_scanf( ber, "{m" /*}*/ , &mechanism );
+		if ( tag == LBER_ERROR || 
+			BER_BVISNULL( &mechanism ) || BER_BVISEMPTY( &mechanism ) )
+		{
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+
+		tag = ber_peek_tag( ber, &len );
+		if ( tag == LBER_OCTETSTRING ) {
+			ber_scanf( ber, "m", &cred );
+		}
+
+		tag = ber_scanf( ber, /*{*/ "}" );
+		break;
+
+	default:
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	if ( !BER_BVISNULL( &cookie ) ) {
+		vc_conn_t tmp = { 0 };
+
+		AC_MEMCPY( (char *)&tmp.conn, (const char *)cookie.bv_val, cookie.bv_len );
+		ldap_pvt_thread_mutex_lock( &vc_mutex );
+		conn = (vc_conn_t *)ldap_avl_find( vc_tree, (caddr_t)&tmp, vc_conn_cmp );
+		if ( conn == NULL || ( conn != NULL && conn->refcnt != 0 ) ) {
+			conn = NULL;
+			ldap_pvt_thread_mutex_unlock( &vc_mutex );
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+		conn->refcnt++;
+		operation_counter_init( conn->op, op->o_threadctx );
+		ldap_pvt_thread_mutex_unlock( &vc_mutex );
+
+	} else {
+		conn = (vc_conn_t *)SLAP_CALLOC( 1, sizeof( vc_conn_t ) );
+		conn->refcnt = 1;
+
+		connection_fake_init2( &conn->connbuf, &conn->opbuf, op->o_threadctx, 0 );
+		conn->op = &conn->opbuf.ob_op;
+		snprintf( conn->op->o_log_prefix, sizeof( conn->op->o_log_prefix ),
+			"%s VERIFYCREDENTIALS", op->o_log_prefix );
+	}
+
+	conn->op->o_tag = LDAP_REQ_BIND;
+	memset( &conn->op->oq_bind, 0, sizeof( conn->op->oq_bind ) );
+	conn->op->o_req_dn = ndn;
+	conn->op->o_req_ndn = ndn;
+	conn->op->o_protocol = LDAP_VERSION3;
+	conn->op->orb_method = authtag;
+	conn->op->o_callback = &sc;
+
+	/* TODO: controls */
+	tag = ber_peek_tag( ber, &len );
+	if ( tag == LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS ) {
+		conn->op->o_ber = ber;
+		rc = get_ctrls2( conn->op, &rs2, 0, LDAP_TAG_EXOP_VERIFY_CREDENTIALS_CONTROLS );
+		if ( rc != LDAP_SUCCESS ) {
+			rs->sr_err = LDAP_PROTOCOL_ERROR;
+			goto done;
+		}
+	}
+
+	tag = ber_skip_tag( ber, &len );
+	if ( len || tag != LBER_DEFAULT ) {
+		rs->sr_err = LDAP_PROTOCOL_ERROR;
+		goto done;
+	}
+
+	switch ( authtag ) {
+	case LDAP_AUTH_SIMPLE:
+		break;
+
+	case LDAP_AUTH_SASL:
+		conn->op->orb_mech = mechanism;
+		break;
+	}
+
+	conn->op->orb_cred = cred;
+	sc.sc_response = vc_cb;
+	sc.sc_private = &vc;
+
+	conn->op->o_bd = frontendDB;
+	rs->sr_err = frontendDB->be_bind( conn->op, &rs2 );
+
+	if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
+		rc = vc_create_response( conn, rs2.sr_err, rs2.sr_text,
+			!BER_BVISEMPTY( &vc.sasldata ) ? &vc.sasldata : NULL,
+			NULL,
+			vc.ctrls, &rs->sr_rspdata );
+
+	} else {
+		rc = vc_create_response( NULL, rs2.sr_err, rs2.sr_text,
+			NULL,
+			&conn->op->o_conn->c_dn,
+			vc.ctrls, &rs->sr_rspdata );
+	}
+
+	if ( rc != 0 ) {
+		rs->sr_err = LDAP_OTHER;
+		goto done;
+	}
+
+	if ( !BER_BVISNULL( &conn->op->o_conn->c_dn ) &&
+		conn->op->o_conn->c_dn.bv_val != conn->op->o_conn->c_ndn.bv_val )
+		ber_memfree( conn->op->o_conn->c_dn.bv_val );
+	if ( !BER_BVISNULL( &conn->op->o_conn->c_ndn ) )
+		ber_memfree( conn->op->o_conn->c_ndn.bv_val );
+
+done:;
+	if ( conn ) {
+		if ( conn->op->o_conn->c_sasl_bind_in_progress ) {
+			if ( conn->conn == NULL ) {
+				conn->conn = conn;
+				conn->refcnt--;
+				ldap_pvt_thread_mutex_lock( &vc_mutex );
+				rc = ldap_avl_insert( &vc_tree, (caddr_t)conn,
+					vc_conn_cmp, vc_conn_dup );
+				ldap_pvt_thread_mutex_unlock( &vc_mutex );
+				assert( rc == 0 );
+
+			} else {
+				ldap_pvt_thread_mutex_lock( &vc_mutex );
+				conn->refcnt--;
+				ldap_pvt_thread_mutex_unlock( &vc_mutex );
+			}
+
+		} else {
+			if ( conn->conn != NULL ) {
+				vc_conn_t *tmp;
+
+				ldap_pvt_thread_mutex_lock( &vc_mutex );
+				tmp = ldap_avl_delete( &vc_tree, (caddr_t)conn, vc_conn_cmp );
+				ldap_pvt_thread_mutex_unlock( &vc_mutex );
+			}
+			SLAP_FREE( conn );
+		}
+	}
+
+	if ( vc.ctrls ) {
+		ldap_controls_free( vc.ctrls );
+		vc.ctrls = NULL;
+	}
+
+	if ( !BER_BVISNULL( &ndn ) ) {
+		op->o_tmpfree( ndn.bv_val, op->o_tmpmemctx );
+		BER_BVZERO( &ndn );
+	}
+
+	op->o_tmpfree( reqdata.bv_val, op->o_tmpmemctx );
+	BER_BVZERO( &reqdata );
+
+        return rs->sr_err;
+}
+
+static int
+vc_initialize( void )
+{
+	int rc;
+
+	rc = load_extop2( (struct berval *)&vc_exop_oid_bv,
+		SLAP_EXOP_HIDE, vc_exop, 0 );
+	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_ANY,
+			"vc_initialize: unable to register VerifyCredentials exop: %d.\n",
+			rc );
+	}
+
+	ldap_pvt_thread_mutex_init( &vc_mutex );
+
+	return rc;
+}
+
+int
+init_module( int argc, char *argv[] )
+{
+	return vc_initialize();
+}
+
diff --git a/contrib/slapd-tools/README b/contrib/slapd-tools/README
new file mode 100644
index 0000000..9098a20
--- /dev/null
+++ b/contrib/slapd-tools/README
@@ -0,0 +1,23 @@
+Directory contents:
+
+statslog
+	Program to output selected parts of slapd's statslog output
+	(LDAP request/response log), grouping log lines by LDAP
+	connection.  Useful to search and inspect the server log.
+
+wrap_slap_ops
+	Update source code to use the wrapper macros SLAP_OP() & co
+	for LDAP-operation backend calls. They can help debug the
+	SlapReply.  They compile like the old code by default.
+
+---
+Copyright 2004-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapd-tools/statslog b/contrib/slapd-tools/statslog
new file mode 100755
index 0000000..840bd4e
--- /dev/null
+++ b/contrib/slapd-tools/statslog
@@ -0,0 +1,171 @@
+#!/usr/bin/perl -w
+# statslog - Rearrange and output selected parts of slapd's statslog output.
+# $OpenLDAP$
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2022 The OpenLDAP Foundation.
+# Portions Copyright 2004 Hallvard B. Furuseth.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+sub usage {
+    die join("", @_, <<'EOM');
+Usage: statslog [options] [logfiles; may be .gz or .bz2 files]
+
+  Output selected parts of slapd's statslog output (LDAP request/response
+  log to syslog or stderr; loglevel 256), grouping log lines by LDAP
+  connection.  Lines with no connection are excluded by default.
+
+Options:
+  --brief       -b      Brief output (omit time, host/process name/ID).
+  --exclude=RE  -e RE   Exclude connections whose output matches REgexp.
+  --include=RE  -i RE   Only include connections matching REgexp.
+  --EXCLUDE=RE  -E RE   Case-sensitive '--exclude'.
+  --INCLUDE=RE  -I RE   Case-sensitive '--include'.
+  --loose       -l      Include "loose" lines (lines with no connection).
+  --no-loose    -L RE   Only exclude the "loose" lines that match RE.
+  --join        -j      Join the inputs as if they were one big log file.
+                        Each file must start where the previous left off.
+  --no-join     -J      Do not --join.  (Can be useful with --sort.)
+  --sort        -s      Sort input files by age.     Implies --join.
+  --trace       -t      Print file names when read.  Implies --no-join.
+All --exclude/include options are applied.  Note: --exclude/include are
+unreliable without --join/sort for connections spanning several log files.
+EOM
+}
+
+########################################################################
+
+use bytes;
+use strict;
+use Getopt::Long;
+
+# Globals
+my %conns;			# Hash (connection number -> output)
+my @loose;			# Collected output with no connection number
+
+# Command line options
+my($brief, @filters, @conditions, $no_loose);
+my($join_files, $sort_files, $trace, $getopt_ok);
+
+# Handle --include/INCLUDE/exclude/EXCLUDE options
+sub filter_opt {
+    my($opt, $regexp) = @_;
+    push(@conditions, sprintf('$lines %s /$filters[%d]/om%s',
+			      (lc($opt) eq 'include' ? "=~" : "!~"),
+			      scalar(@filters),
+			      ($opt eq lc($opt) ? "i" : "")));
+    push(@filters, $regexp);
+}
+
+# Parse options at compile time so some can become constants to optimize away
+BEGIN {
+    &Getopt::Long::Configure(qw(bundling no_ignore_case));
+    $getopt_ok = GetOptions("brief|b"		=> \$brief,
+			    "include|i=s"	=> \&filter_opt,
+			    "exclude|e=s"	=> \&filter_opt,
+			    "INCLUDE|I=s"	=> \&filter_opt,
+			    "EXCLUDE|E=s"	=> \&filter_opt,
+			    "join|j"		=> \$join_files,
+			    "no-join|J"		=> sub { $join_files = 0; },
+			    "sort|s"		=> \$sort_files,
+			    "loose|l"		=> sub { $no_loose = ".^"; },
+			    "no-loose|L=s"	=> \$no_loose,
+			    "trace|t"		=> \$trace);
+}
+usage() unless $getopt_ok;
+usage("--trace is incompatible with --join.\n") if $trace && $join_files;
+
+$join_files = 1 if !defined($join_files) && $sort_files && !$trace;
+use constant BRIEF => !!$brief;
+use constant LOOSE => defined($no_loose) && ($no_loose eq ".^" ? 2 : 1);
+
+# Build sub out(header, connection number) to output one connection's data
+my $out_body = (LOOSE
+		? ' if (@loose) { print "\n", @loose; @loose = (); } '
+		: '');
+$out_body .= ' print "\n", $_[0], $lines; ';
+$out_body = " if (" . join("\n && ", @conditions) . ") {\n$out_body\n}"
+    if @conditions;
+eval <<EOM;
+sub out {
+    my \$lines = delete(\$conns{\$_[1]});
+    $out_body
+}
+1;
+EOM
+die $@ if $@;
+
+# Read and output log lines from one file
+sub do_file {
+    local(@ARGV) = @_;
+    my($conn, $line, $act);
+    while (<>) {
+	if (BRIEF
+	    ? (($conn, $line, $act) = /\bconn=(\d+) (\S+ (\S+).*\n)/)
+	    : (($conn,        $act) = /\bconn=(\d+) \S+ (\S+)/      )) {
+	    $conns{$conn} .= (BRIEF ? $line : $_);
+	    out("", $conn) if $act eq 'closed';
+	} elsif (LOOSE && (LOOSE > 1 || !/$no_loose/omi)) {
+	    s/^\w{3} [ \d]+:\d\d:\d\d [^:]*: // if BRIEF;
+	    push(@loose, $_);
+	}
+    }
+    final() unless $join_files;
+}
+
+# Output log lines for unfinished connections
+sub final {
+    if (%conns) {
+	for my $conn (sort keys %conns) {
+	    out("UNFINISHED:\n", $conn);
+	}
+	die if %conns;
+    }
+    if (LOOSE && @loose) { print "\n", @loose; @loose = (); }
+}
+
+# Main program
+if (!@ARGV) {
+    # Read from stdin
+    do_file();
+} else {
+    if ($sort_files && @ARGV > 1) {
+	# Sort files by last modified time; oldest first
+	my @fileinfo;
+	for my $file (@ARGV) {
+	    my $age = -M $file;
+	    if (defined($age)) {
+		push(@fileinfo, [$age, $file]);
+	    } else {
+		print STDERR "File not found: $file\n";
+	    }
+	}
+	exit(1) unless @fileinfo;
+	@ARGV = map { $_->[1] } sort { $b->[0] <=> $a->[0] } @fileinfo;
+    }
+
+    # Prepare to pipe .gz, .bz2 and .bz files through gunzip or bunzip2
+    my %type2prog = ("gz" => "gunzip", "bz2" => "bunzip2", "bz" => "bunzip2");
+    for (@ARGV) {
+	if (/\.(gz|bz2?)$/) {
+	    my $type = $1;
+	    die "Bad filename: $_\n" if /^[+-]|[^\w\/.,:%=+-]|^$/;
+	    $_ = "$type2prog{$type} -c $_ |";
+	}
+    }
+
+    # Process the files
+    for my $file (@ARGV) {
+	print "\n$file:\n" if $trace;
+	do_file($file);
+    }
+}
+final();
diff --git a/contrib/slapd-tools/wrap_slap_ops b/contrib/slapd-tools/wrap_slap_ops
new file mode 100755
index 0000000..16b0461
--- /dev/null
+++ b/contrib/slapd-tools/wrap_slap_ops
@@ -0,0 +1,162 @@
+#!/usr/bin/perl -wn0777
+# wrap_slap_ops - Help update code to use SLAP_OP() & co.
+#
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 2011-2022 The OpenLDAP Foundation.
+# Portions Copyright 2011-2013 Hallvard B. Furuseth.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+
+use strict;
+
+sub usage() {
+	warn "Usage: $0 {-l | -u | -U<num>} {file | dir}...
+
+Update slapd source code to wrap LDAP operation calls in the debug
+macros SLAP_OP() & co.  They compile like the old code by default.
+Define USE_RS_ASSERT to enable asserts which verify the SlapReply.
+See servers/slapd/result.c.
+
+Options:
+  -u, -U<n> Output unidiffs with n lines of context (-u = default for diff).
+  -l        List files which would change. Show remaining cases on stderr.\n";
+	exit(1);
+}
+
+#### File/option handling. Skips symlinks, handles filenames =~ /\.[ch]+p*$/i.
+
+sub ls_R {
+    map { -l $_ ? () : -d _ ? ls_R(<$_/*>) : /\.[ch]+p*$/i ? $_ : () } @_;
+}
+
+use constant Mode => shift(@ARGV) || "";
+use vars qw($ccnt $rcnt);
+INIT {
+	usage() unless Mode =~ /^-(l|[uU]\d*)$/ && ($ARGV[0]||"") =~ /^[^\-]/;
+	exit(0) unless @ARGV = ls_R(@ARGV); # Expand ARGV, exit if no files
+	$| = 1;
+	$ccnt = $rcnt = 0;
+}
+
+sub file_result( $$ ) {
+	my($contents, $changed) = @_;
+	$ccnt++ if $changed;
+	$rcnt += scalar( my @rest = remaining($contents) );
+	if (Mode eq "-l") {
+		print "$ARGV\n" if $changed;
+		print STDERR "$ARGV:\t$_\n" foreach @rest;
+	} elsif ($changed) {
+		(my $file = "$ARGV") =~ s%^-%./-%;
+		print "Index: $file\n";
+		(open(D, "|-", "diff", Mode, $file, "-")
+		 && (print D $contents)
+		 && (close(D) || $! == 0)) or die "$0: diff failed: $!\n";
+	}
+}
+
+END {
+	print STDERR <<EOMSG if defined $ccnt;
+$ccnt files to change. $rcnt suspicious lines remain. (Expect three in slapd).
+EOMSG
+}
+
+#### Edit the contents of a file
+
+use vars qw($obj_re %addr %func2op $func_re $todo_re);
+INIT {
+	$obj_re  = qr/(?:\w+ (?:\s* (?:->|\.) \s* \w+)*?)/x;
+	%addr    = ("." => "&", "->" => ""); # x.y => (&x)->y, x->y => x->y
+	%func2op = map { /(\w+) \s+ (?= .*?=>\s* (\w+))/gx } <DATA>;
+	$func_re = '\b(?=b[ei]_)(?:' . join("|", keys %func2op) . ')\b';
+	my %both = (%func2op, reverse %func2op);
+	$todo_re = '\b(?=[bo][eip]_)(?:' . join("|", keys %both) . ')\b';
+}
+next if !/$todo_re/;
+my $orig = "$_";
+
+# x->func(op, rs)  ==>  slap_bi_op( x, <enum op_func>, op, rs)
+# x. func(op, rs)  ==>  slap_bi_op(&x, <enum op_func>, op, rs)
+s%(	                            # 1: entire match: "<delim><function>("
+	((?: [\)!=\;{}\\] | \*/ | \b if\s*\( | \b return \b ) \s*) # 2: delim
+	(\(\s* (?:\* \s*)?)?        # 3: optional "(*" or "(" in (*f)()
+	($obj_re) \s* (->|\.)  \s*  # 4: object,          5: "->" or "."
+	(?=(b[ie]_))($func_re) \s*  # 6: "bi_" or "be_",  7: function
+	(\)\s*)?                    # 8: optional ")" in (*f),
+    (\(\s*)                     # 9: "(" + whitespace
+)% (!$3) == (!$8) ? "$2slap_$6op$9$addr{$5}$4, $func2op{$7}, " : $1 %egox;
+
+# (&x->bi_op_bind)[which](op, rs)  ==>  slap_bi_op(x, which, op, rs)
+#    (&x->be_bind)[which](op, rs)  ==>  slap_be_op(x, which, op, rs)
+s/\(&(\w+(?:(?:->|\.)\w+)*)->b(?=([ei]))(?:e|i_op)_bind\)\[\s* (\w+) \s*\] \((\s*) ([^()]*)\)
+ /slap_b$2_op($4$1, $3, $5)/gox;
+
+# slap_bi_op(x->bd_info, which, op, rs)  ==>  slap_be_op( x, which, op, rs)
+# slap_bi_op(x. bd_info, which, op, rs)  ==>  slap_be_op(&x, which, op, rs)
+s/\b slap_bi_op (\(\s*) ($obj_re) \s* (->|\.) \s* bd_info \s*,
+ /slap_be_op$1$addr{$3}$2,/gox;
+
+# slap_be_op(op->o_bd, which, &op, rs)   ==>  SLAP_OP(which,  op, rs)
+# slap_be_op(op. o_bd, which, &op, rs)   ==>  SLAP_OP(which, &op, rs)
+s/\b(slap_be_op (\(\s*) ($obj_re) \s*(->|\.)\s* o_bd, \s (\w+, \s (&?)\3,))
+ / $addr{$4} eq $6 ? "SLAP_OP$2$5" : die "$ARGV: Bad syntax: $1\n" /egox;
+
+my $changed = $_ ne $orig;
+
+# When changing a file, do some whitespace cleanup too
+if ($changed) {
+	s/\b ((SLAP_OP|slap_b[ei](func)?_op) \b .*?) [\ \t]+$ /$1/gmx;
+	s/\A\s*\n//;
+	s/\s*\z/\n/;
+}
+
+file_result($_, $changed);
+
+####
+
+# Return remaining lines that contain operation method names
+sub remaining {
+	my($contents) = @_;
+	return $contents !~ /$func_re/o ? () : grep {
+		!/^\# [ \t]* define \s+ ($func_re|slap_bi_op\b) /x &&
+		# Skip "if ( (&bi->bi_op_bind)[ which ] )" and variants
+		!/^(\} \s* else \s*)? if \s* \( \s*
+			\(& (\w+ | \(\s*\w+\s*=\s*$obj_re\s*\)) -> bi_op_bind\)
+			\s* \[ \s* \w+ \s* \]
+ 			\s* [&|\)]/ox;
+	} $contents =~ m% ^[\ \t]* (?=\S) (
+		# The line contains a member opfunction
+		.*? (?:->|\.) \s* $func_re
+
+		# Skip if the member function is assigned, compared,
+		# 'and/or'ed, followed by a word (this is a comment), or by
+		# ') {' or ') word' (function is the boolean in an if/while).
+		(?! \s* (?: [!=&|\w] | \)\s*[\{\w] ))
+
+		.*?
+	) \s*?$ %gmox;
+}
+
+# %func2op: Member functions => slap_operation_t
+__DATA__
+be_bind             bi_op_bind          => op_bind
+be_unbind           bi_op_unbind        => op_unbind
+be_search           bi_op_search        => op_search
+be_compare          bi_op_compare       => op_compare
+be_modify           bi_op_modify        => op_modify
+be_modrdn           bi_op_modrdn        => op_modrdn
+be_add              bi_op_add           => op_add
+be_delete           bi_op_delete        => op_delete
+be_abandon          bi_op_abandon       => op_abandon
+be_extended         bi_extended         => op_extended
+be_cancel           bi_op_cancel        => op_cancel
+be_operational      bi_operational      => op_aux_operational
+be_chk_referrals    bi_chk_referrals    => op_aux_chk_referrals
+be_chk_controls     bi_chk_controls     => op_aux_chk_controls
diff --git a/contrib/slapi-plugins/addrdnvalues/README b/contrib/slapi-plugins/addrdnvalues/README
new file mode 100644
index 0000000..da699c8
--- /dev/null
+++ b/contrib/slapi-plugins/addrdnvalues/README
@@ -0,0 +1,29 @@
+This directory contains a SLAPI plugin, addrdnvalues, which will add to
+an entry any attribute values that appear in the entry's RDN but not in
+the entry. This is necessary for compliance with some "broken" clients.
+
+To use the plugin, add:
+
+plugin preoperation libaddrdnvalues-plugin.so addrdnvalues_preop_init
+
+to your slapd configuration file.
+
+No Makefile is provided. Use a command line similar to:
+
+gcc -shared -I../../../include -Wall -g -o libaddrdnvalues-plugin.so addrdnvalues.c
+
+to compile this plugin.
+
+---
+This work is part of OpenLDAP Software <http://www.openldap.org/>.
+
+Copyright 2003-2022 The OpenLDAP Foundation. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.
+
+A copy of this license is available in the file LICENSE in the
+top-level directory of the distribution or, alternatively, at
+<http://www.OpenLDAP.org/license.html>.
+
diff --git a/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c b/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c
new file mode 100644
index 0000000..8dd305e
--- /dev/null
+++ b/contrib/slapi-plugins/addrdnvalues/addrdnvalues.c
@@ -0,0 +1,75 @@
+/* addrdnvalues.c */
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 2003-2022 The OpenLDAP Foundation.
+ * Copyright 2003-2004 PADL Software Pty Ltd.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+/* ACKNOWLEDGEMENTS:
+ * This work was initially developed by Luke Howard of PADL Software
+ * for inclusion in OpenLDAP Software.
+ */
+
+#include <string.h>
+#include <unistd.h>
+
+#include <ldap.h>
+#include <lber.h>
+
+#include <slapi-plugin.h>
+
+int addrdnvalues_preop_init(Slapi_PBlock *pb);
+
+static Slapi_PluginDesc pluginDescription = {
+	"addrdnvalues-plugin",
+	"PADL",
+	"1.0",
+	"RDN values addition plugin"
+};
+
+static int addrdnvalues_preop_add(Slapi_PBlock *pb)
+{
+	int rc;
+	Slapi_Entry *e;
+
+	if (slapi_pblock_get(pb, SLAPI_ADD_ENTRY, &e) != 0) {
+		slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_add",
+				"Error retrieving target entry\n");
+		return -1;
+	}
+
+	rc = slapi_entry_add_rdn_values(e);
+	if (rc != LDAP_SUCCESS) {
+		slapi_send_ldap_result(pb, LDAP_OTHER, NULL,
+			"Failed to parse distinguished name", 0, NULL);
+		slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_add",
+			"Failed to parse distinguished name: %s\n",
+			ldap_err2string(rc));
+		return -1;
+	}
+
+	return 0;
+}
+
+int addrdnvalues_preop_init(Slapi_PBlock *pb)
+{
+	if (slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_03) != 0 ||
+	    slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, &pluginDescription) != 0 ||
+	    slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *)addrdnvalues_preop_add) != 0) {
+		slapi_log_error(SLAPI_LOG_PLUGIN, "addrdnvalues_preop_init",
+				"Error registering %s\n", pluginDescription.spd_description);
+		return -1;
+	}
+
+	return 0;
+}
+